Heuristic detections not consistent

While running a manual antivirus scan, I got the following results at various heuristic settings:

File detected: C:\ERDNT\ERDNTWIN.OVL

Heuristics off: No detection
Heuristics low: Heur.Pck.PKLITE32
Heuristics medium: Heur.Packed.Unknown
Heuristics high: Heur.Packed.Unknown

The detection is a false positive (which I submitted to Comodo). But my question is: why does Comodo detect the file as a different threat depending on whether heuristics is set to low or medium/high. If a file is detected as a threat, shouldn’t it always be detected as the same threat? Is this a bug and should it be reported in the bug section?

No responses? :THNK

Any developers out there?

Regarding the file from the previous post (C:\ERDNT\ERDNTWIN.OVL): I dragged and dropped it onto the Boclean window and got the warning below (I know that the drag and drop feature in boclean was mainly intended for developer use).
Anyhow, CIS heuristic detects the file as 2 types of malware (see previous post), and Boclean detects it as a 3rd type (spy-banker.ahf).

So, do these discrepancies repesent a bug? ???

[attachment deleted by admin]

i cant help you but this does seem like something is amiss somewhere. if a file is detected as three different types of maleware, then there is definitely something wrong with the scanner.

Best to PM Egemen on this one.


No response in over 1 week…are the developers checking this thread?
Egemen has not responded to my PM’s (maybe he/she is on vacation?).
I just want to make sure that the right people are aware of this issue.
If anyone can think of another way to contact the AV developers, please let me know.


not a bug… 2 different methods hence u have 2 different results but same outcome…

all three says this is Packed… method one says its packed by pklite32… the other method doesn’t care about names so calls it uknown.