FP

Hi please correct FP if file is not malware.
Password: infected

Heur.Suspicious@102763973 C:\System Volume Information_restore{9CD63AFC-8CC9-45EE-9B36-42E05D30FFF4}\RP812\A0147929.exe

Heur.Dual.Extensions@-1 C:\Documents and Settings\User\Local Settings\Temp\utt65C.tmp.bat

Heur.Dual.Extensions@-1 C:\Documents and Settings\User\Local Settings\Temp\uttD7.tmp.bat

[attachment deleted by admin]

Hello smage,

Thank you for your submission. We’ll check the files and get back to you soon.

Best regards,
FlorinG

Hi smage,

This FP has been fixed.Please check in virus signature database 4693.

Thanks and Regards,
Thomas.Tian

Hi the FP for the Heur.Dual Extension has not beem fixed, are these files malicious?

technically it’s not a FP, all it means is that the file has dual extensions ( .tmp.bat) and that is usually something that malware does. It is best to have them checked out at virustotal to make sure they are ok.

http://www.virustotal.com/analisis/ba08487c465780d9507129c73665cd9a5c68d97a64afa165fbc82c7d5ae14529-1272432891

http://www.virustotal.com/analisis/74e3add10e54bd67ea30dcdd08419ad7a776f9ec505e5d303664199c19a129fc-1272432990

Very strange this, the files are not detected even by Comodo on VT while on my machine CAV does detect it.

Anyway the purpose of the AV is to help in improving the usability of CIS by average users, therefore it should not flag files which are not malicious. A good AV should detect malicious files with dual extension, but here Comodo flags all files with dual extension and leaves the choice to the users. IMO this is not a good practice.

Thanks

Hi smage,

Please check again with DB 4698 of CIS 4.0.141842.828. Please let us know, if you still experience any problem.

Regards,
Haja

No problem, FP fixed.
Thanks
Keep up with the good work.