Hi, Comodo employees!
I have what appears to be a false positive on this file:
File: C:\WINDOWS\SoftwareDistribution\Download\642ace45800ffefd77231150a07a2bdfe170732c
Size: 13.5 MB (14,194,624 bytes)
Created: Tuesday, April 20, 2010
Modified: Tuesday, April 20, 2010
Comodo Antivirus alerts on the file with this:
Heur.Suspicious[at]107627526
Malwarebytes’ Anti-Malware says it’s clean.
Virscan.org results: all 36 scanners say it’s clean.
Virscan has among those scanners CAV, with DB 5127, and it didn’t alert on it! So why does my CAV? I’m on 5128 now, but the detection event was 6 hours ago, so I don’t know what my DB number was back then. However, 5128 still detects it, right now, on my PC.
Results of searching my Windows Update logfile on the filename: this file was apparently downloaded on 6/9/2010, and is apparently related to KB979906, and the log also says the file was Microsoft-signed. It is indeed Microsoft-signed (signed April 2), as shown on the file’s “Properties” tab.
Given all the evidence, I figure this has got to be an FP. Can you guys fix this, so I can remove this file from my CAV exclusions list? Thanks.