FP - Trusteer Rapport

Seany007 · May 18, 2012, 9:12pm

Rootkit.HiddenFile@0 c:\Users\Admin\AppData\Local\Trusteer\Rapport\user\store\user\rapport_var_1.cfg.data

qiuhui · May 18, 2012, 9:20pm

Hi Seany007,

Thanks for reporting.
Could you please submit the detected file at
Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year.

Regards
Qiuhui.■■■■

Seany007 · May 18, 2012, 10:18pm

I tried. The upload goes well over 30min for few kilobytes! I think it’s trusteer rapport protection system it won’t allow.

Seany007 · May 20, 2012, 2:13am

So? ???

qiuhui · May 20, 2012, 3:09am

Hi Seany007,

You can go through the following way

1.Please submit the detected file at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year;
2.Sample in the form of forums accessories upload;
3.Give me about sample VT(https://www.virustotal.com) links.

Regards
Qiuhui.■■■■

TrusteerSupport · May 20, 2012, 10:31am

Hello Seany007,

We would like to offer you our 24/7 free technical support to address any problems you are having with Trusteer Rapport- sending logs or files, etc.

You can contact the support team at IBM Security Trusteer solutions | IBM .

Regards,
Trusteer Technical Support

Seany007 · May 20, 2012, 4:19pm

As I stated above I can’t submit. Here is the VT results 100% FP:

Seany007 · May 20, 2012, 4:20pm

Thank you for your help

qiuhui · May 21, 2012, 12:49am

Hi,

Thank you for reporting this.
We’ll check it and get back to you soon.

Best regards
Qiuhui.■■■■

Seany007 · May 24, 2012, 12:58am

It’s been few days now? So? ???

e_xistense · May 24, 2012, 10:26am

Hi Seany007,

Unfortunately the file with SHA1 ccdf0ee045928ba4b6301163eb98bd5127efc7a6 didn’t reach our servers, so we are unable to verify the issue. Have you tried adding respective file to Trusted Files list and/or Exclusions list in CIS? Can you please zip the file and send the archive to us via Comodo Antivirus Database | Submit Files for Malware Analysis ?

Thanks and regards,
Ionel

Seany007 · May 24, 2012, 5:06pm

Once again I can’t upload it because of the rapport protection system or even CIS itself. I can add this file to trusted files it’s not a problem. I do a favor for you so you can improve the AV and get rid of FP. I will try again but I don’t think it will work. Is VT evidence not enough? Or you just follow Comodo policy?

Chiron494 · May 24, 2012, 5:22pm

@Seany007, is it possible that through the offered help from TrusteerSupport you could have them give you a sample of the file in question?

That way you could submit it.

It’s at least worth a try, although I agree it really shouldn’t be necessary, but perhaps it is for some reason.

Thanks.