comodo cav has fps with heur. but with default low heur it was acceptible for me coz it only gave me 2 fps on the very first manual scan of my system and after that i never encountered a single fp. but lately it has started giving fps on a frequent basis and sometimes for popular products and microsofts stuffs. mostly all fps i encounter here are related to heur,suspicious. i read somewhere in the forum here that heur,suspicious due to some automatic scan or analysis things. but this can create a prob for average user who mostly quarantines anythings his antivirus detects. i too am not that expert user and there are other novice users who use this system. so do you expert guys suggests to keep the heur off for time being or it will reduce some protection. currently i am using full CIS suite with default settings.

AND i think CIS is a product for novice users so there should be very very few fps ( as no fps is not possible)


FPs are something every AV has, but better to be safe than sorry, to quote the philosophy of the Cloud Scanner maybe, so user’s interaction plays a great role in discovering and identifying malware.

If you believe a file can be trusted, trust it or use an online scanner such as CIMA or VirScan.org or Virus Total. I do it for all files I consider suspicious and if you encounter a high percentage probability for a file that it’s suspicious, then it is.

Seems that you have got some bad luck, my heuristics are on high and I normally never see a FP.
When you encounter a FP submit it to the comodo labs, and if it’s really a FP it will be fixed.

I think a good portion of the FP’s come from bundled software THAT COMES with computer (That’s just what I notice when I install it on someone elses computer.) I just put it on heuristic “high” and and whatever it finds when scanned it. I flag it as false postive for comodo to check out using the comodo screen

Of undner comodo virus quantain, submit

if you submit truth the website you will get and email from the analists, and in the virus quarantine no.

I hope a option come in the program to send me a email after analyze my files

Some like antivir-avira

In antivir need you to enter a email, and after analyze you got a email with the answer

You do get an email response for any FP’s which you report through the website. You don’t get this response if you report a suspicious file or report any files through CIS.

I no this:)

I hope is be standard

as i said in my post that i read somewhere in the forum here heur.suspicious (which mostly i get whenever there is a detection) is due to some automated scan or analysis something. is this some kind of experiment from comodo to get new malware/suspicious things, if so then i think it can create prob for the average users as fps has increased with this heur.suspicious detection and the comodo staff should really think and take care of their experiments.


I believe these are automatically created definitions (possibly from CIMA ???). As with any other companies heuristic definitions I’d advise people to not automatically accept files detected by them as dangerous and instead to always investigate them (as should probably be done with any detection). Please use the methodology described here:
How To Tell If A File Is Malicious

So not an experiment but just an attempt to catch more malware before it can get onto your system. By default the heuristic engine is set to low, but if you want you can disable it. You will merely be less protected against newly emerging malware. It’s up to you, but I would appreciate it if you could report any false positives you have to the Comodo Malware/False-Positive Submission.

Thanks and I hope I answered your questions.

heur.suspicious - automatically created definitions (CIMA) - does this mean these detections are there if you are connected to net and may not be there if not connected to net.

nope they are part of the signatures. What you are thinking about is cloud signatures.

thanxx to clear the point buddy