FP - Trusteer Rapport

Rootkit.HiddenFile@0 c:\Users\Admin\AppData\Local\Trusteer\Rapport\user\store\user\rapport_var_1.cfg.data

Hi Seany007,

Thanks for reporting.
Could you please submit the detected file at
Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year.


I tried. The upload goes well over 30min for few kilobytes! I think it’s trusteer rapport protection system it won’t allow.

So? ???

Hi Seany007,

You can go through the following way

1.Please submit the detected file at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year;
2.Sample in the form of forums accessories upload;
3.Give me about sample VT(https://www.virustotal.com) links.


Hello Seany007,

We would like to offer you our 24/7 free technical support to address any problems you are having with Trusteer Rapport- sending logs or files, etc.

You can contact the support team at IBM Security Trusteer solutions | IBM .

Trusteer Technical Support

As I stated above I can’t submit. Here is the VT results 100% FP:

Thank you for your help :slight_smile:


Thank you for reporting this.
We’ll check it and get back to you soon.

Best regards

It’s been few days now? So? ???

Hi Seany007,

Unfortunately the file with SHA1 ccdf0ee045928ba4b6301163eb98bd5127efc7a6 didn’t reach our servers, so we are unable to verify the issue. Have you tried adding respective file to Trusted Files list and/or Exclusions list in CIS? Can you please zip the file and send the archive to us via Comodo Antivirus Database | Submit Files for Malware Analysis ?

Thanks and regards,

Once again I can’t upload it because of the rapport protection system or even CIS itself. I can add this file to trusted files it’s not a problem. I do a favor for you so you can improve the AV and get rid of FP. I will try again but I don’t think it will work. Is VT evidence not enough? Or you just follow Comodo policy?

@Seany007, is it possible that through the offered help from TrusteerSupport you could have them give you a sample of the file in question?

That way you could submit it.

It’s at least worth a try, although I agree it really shouldn’t be necessary, but perhaps it is for some reason.