Heur.Suspicious[at]38056959 - DNSExit IP Updater

Hi,

I’m using the excellent CIS v3.12.111745.560 with virus signature 2609. I’ve just started to use another excellent free dynamic dns service from DNSExit.

On installing the updater client I received event messages informing me that this was a virus (Heur.Suspicious[at]38056959) which was present in the SetupService.exe file (zipped file attached).

Could this be investigated please, I have scanned this with AVG on a separate machine and nothing is reported.

Regards,

Andy

[attachment deleted by admin]

Hi, Andy.

We will check if what you reported is malware or just false positive.

Thanks, Serhyo.

Hello AR156,

The reported FP has been fixed in DB 2611, please update and confirm.

Best regards,
FlorinG

Hi FlorinG,

Ran with 2612 and there were no alerts. After clearing the logs had to restart the application a couple of times to clear the virus value on the Summary page not sure if this would of cleared itself in time, but thank you for the super fast resolution.

Keep up the hard work it is highly appreciated :slight_smile:

Regards,

Andy

Update: strangely the threat value went back (-1 event) until a reboot.

Hi AR156,

The sample u uploaded is not detected by CIS 3.12.111745.560 DB 2614.If you can find the FP file,you can submit through this link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.If any questions,pls let us know.

Thanks and Regards,
hailong.■■■■

Hi Hailong.■■■■,

I might be confusing the issue here. The file is no longer detected as a possible virus as of 2612 which was the virus sig I tested with last night so that issue is now closed.

In regards to the threat value I simply mean that when I deleted the events (of the FP) from the logs the threat value on the summary page did not zero out until a reboot so it looked as though there was still 4 virus alerts (although there was five to start with) but going into the cleared event logs obviously doesn’t show anything.

Merely an observation not a complaint, please close the original issue and ignore the observation and confusion caused :smiley:

Regards,

Andy