FP(s) from CIMA .....

I’ve already explained it :

.The FP(s) from CIMA (i.e Heur.Suspicious or UnclassifiedMalware or TrojWare.Win32.Trojan.Agent.Gen… which are generated automatically by it) once fixed, are redetected once program is updated … Let’s explain it better :

  1. I download a.exe which is a safe file.
  2. It’s detected by Comodo (FP) as Heur.Suspicious
  3. So it’s a malware in Comodo cloud (not unknown or safe).
  4. You submit it to forums (or e mail or website submission but never from program).
  5. It gets fixed
  6. A new version of that a.exe, has been released
  7. You update it
  8. New version >> New file >> Hash changed >> becomes unknown
  9. What happens ?
    10)File is submitted to CIMA (after being autosandboxed)
    11)Heur.Suspicious ;D
  10. You submit it to forums (or e mail or website submission but never from program).
  11. It gets fixed
  12. A new version of that a.exe, has been released
  13. You update it
  14. New version >> New file >> Hash changed >> becomes unknown
  15. What happens ?
    10)File is submitted to CIMA (after being autosandboxed)
    11)Heur.Suspicious ;D
    etc… (without ending … or … maybe … v…alky…rie…?

Only a small fraction of FP(s) are submitted here or from website … When the users see “Submit files” from the program, then select “False Positive” but the issue with that is they are never fixed … And many of the 50M users don’t even know there is a forum here or website submission …
It would be good if one day they will take care about these submissions …

I agree something definitely needs to be done with either how signatures are generated or how FPs are handled. At the very least comodo needs to make a system that checks its new signatures first to see if anything is safe and detected then have someone verify them.

[at] spywar

You are 100 % correct. I’ve been whining on Comodo forum about FP’s since I’ve started using CIS 4 years ago. There are sooooooo many these little fu***s and a solution from Comodo doesn’t seem to be on the horizon.

And you are also right about submission through CIS, because I actually never saw anything being fixed. At first I also went through a phase of submitting FP’s on forum but it was time consuming so I simply stopped and hopped for the best.
Downside of FP’s for me is that I lost trust in comodo’s antivirus. Every time CIS brings a virus alert I choose to ignore it and go and check file on virus total to see is it a real threat or not, and I’m totally aware that one of these times I will ignore some nasty peace of malware and will be fu****ed, but you know what, I’ve been lucky so for so ;)…(also I’m using drive backups, just to be safe ;))

Only solution for me at the moment is virus total and just scrolling toward Kaspersky section and checking their result. For me, at the moment, there is no better way to check a suspicions file. There are some times when even I think they’re maybe nuts, I mean, no virus detected on their line and a sea of red all around ???, but for now I think there are doing a great job and not following a sea of red have earned them my respect…

So far in my case, 90 % of all detections by CIS where FP’s and usually files detected are cracks (don’t judge ;D) or that type of stuff and few normal programs (Dvbdream, uTorrent for a while during installation etc…). I’ve read on some other forums that some antivirus software companies (I think Avira or AVG, really can’t remember) are aware of the problem but don’t want to address it because they think ■■■■■ files are bad, piracy and sht, or maybe because it’s easier that way, just block everything and do as little research as you could, I don’t know, I’m no expert, but from antivirus I expect to find and eliminate dangerous files, not to be my f*** moral compass.

Sorry for the rambling, it’s 3 AM where I am. I love CIS and I hope it will continue to be a top class software as it is at the moment. There are a few things I wish to be fixed

  1. FP’s
  2. Better detection and reaction to a malware from USB drives (I wrote about it in another post, maybe it’s fixed, I don’t know because I started using USB disk security just to be safe)
  3. Better and faster GUI. Version 6 is so much slower than version 5. And please split the block internet button on two parts. I use often block only option and it is frustrating to have to go a click two times just to do that and be careful not to click block and terminate.

Enough rambling…

Moved to False Positive/Negative Detection Reporting. Please notice Report recurring Heuristic (Heur.Suspicious) detections here to report recurring f/p’s.

At mj.nfl. CIS could do with the option to detect Potentially Unwanted Programs. It has been requested many times before. Please check Wishlist - CIS board for reference.

Thanks for your quick reply.

I just have to ask, why it is every time something not so great about CIS is posted, topic’s get moved around the forum.
This is something I’ve noticed lately. I mean, I didn’t report anything new, nor did I reported a new bug of something for a topic to be moved here. !ot!

When has this happened?

I do know that there is a trend that people often post their topics in the News / Announcements / Feedback - CIS section, which then must be moved to the correct part of the forum, but I am aware of nothing else. Is this what you are referring to?

Well, it is the most visited page on the forum.

BTW, this is not a FP reporting … ??? ??? ???

So why this post was removed to the “FP’s submissions” ?

It was moved because it is about recurring false positives from CIMA. That means it is not about CIS. In this board there already is a topic to report these.

I can understand the choice for the CIS Feedback Announcements and News board as it will provide a big exposure. However, the problem is not new and known to Comodo as the special topic denotes. Add all of that up together and I see no need for the topic to be in that board.

Thanks for explanation :-TU

During the release of CIS 6, Melih had mentioned CIS 6 has some technology implemented to take care of FPs, I wonder if its working or not & what is it & how does it works?

Dont know when Valkyrie will be implemented but hope Valkyrie implementation will reduce FPs prob a lot.

Any other new technology to take care of FPs in the pipeline?

Current issue is that once the file is fixed and new updates is released it gets reuplauded to CIMA (as it becomes unknown after update) and it becomed redetected.
They need to “whitelist them permanently”.