comodo cav has fps with heur. but with default low heur it was acceptible for me coz it only gave me 2 fps on the very first manual scan of my system and after that i never encountered a single fp. but lately it has started giving fps on a frequent basis and sometimes for popular products and microsofts stuffs. mostly all fps i encounter here are related to heur,suspicious. i read somewhere in the forum here that heur,suspicious due to some automatic scan or analysis things. but this can create a prob for average user who mostly quarantines anythings his antivirus detects. i too am not that expert user and there are other novice users who use this system. so do you expert guys suggests to keep the heur off for time being or it will reduce some protection. currently i am using full CIS suite with default settings.
AND i think CIS is a product for novice users so there should be very very few fps ( as no fps is not possible)
FPs are something every AV has, but better to be safe than sorry, to quote the philosophy of the Cloud Scanner maybe, so user’s interaction plays a great role in discovering and identifying malware.
If you believe a file can be trusted, trust it or use an online scanner such as CIMA or VirScan.org or Virus Total. I do it for all files I consider suspicious and if you encounter a high percentage probability for a file that it’s suspicious, then it is.
I think a good portion of the FP’s come from bundled software THAT COMES with computer (That’s just what I notice when I install it on someone elses computer.) I just put it on heuristic “high” and and whatever it finds when scanned it. I flag it as false postive for comodo to check out using the comodo screen
as i said in my post that i read somewhere in the forum here heur.suspicious (which mostly i get whenever there is a detection) is due to some automated scan or analysis something. is this some kind of experiment from comodo to get new malware/suspicious things, if so then i think it can create prob for the average users as fps has increased with this heur.suspicious detection and the comodo staff should really think and take care of their experiments.
I believe these are automatically created definitions (possibly from CIMA ???). As with any other companies heuristic definitions I’d advise people to not automatically accept files detected by them as dangerous and instead to always investigate them (as should probably be done with any detection). Please use the methodology described here: How To Tell If A File Is Malicious
So not an experiment but just an attempt to catch more malware before it can get onto your system. By default the heuristic engine is set to low, but if you want you can disable it. You will merely be less protected against newly emerging malware. It’s up to you, but I would appreciate it if you could report any false positives you have to the Comodo Malware/False-Positive Submission.