Heuristic failure : Malware detected in VT scan but not in my computer [301]

The bug/issue

  1. What you did: I donwloaded a malware ( http://www.virustotal.com/file-scan/report.html?id=3df4b357fa5318705c96859800fd987dc11a50166696f09ce7902412bffd9b4f-1285437074) from MDL, It was not caught by cis AV with up to date defs. then i submitted it to VT, and I saw that cis was actually catching it (heuristic)
  2. What actually happened or you actually saw: My heuristic didn’t react, (real time + manual scan)
  3. What you expected to happen or see: detection of heuristic like on VT report
  4. How you tried to fix it & what happened: Tied to enable/ disable AV - Increase heuristic sensibility - Change proactive / intenet security setting - Uninstall / reinstall cis
  5. Details (exact version) of any software involved with download link:
  6. Any other information you think may help us: see thread here : https://forums.comodo.com/av-false-positivenegative-detection-reporting/malware-detected-by-comodo-in-vt-but-not-with-cis5-t62443.15.html

Files appended

  1. Screenshots illustrating the bug: no
  2. Screenshots of related event logs or the active processes list: no
  3. A CIS config report or file. : no
  4. Crash or freeze dump file: no crash

Your set-up

  1. CIS version & configuration used: cis 5.0.1626361135 / proactive security - on demand scan high heuristic
  2. Whether you imported a configuration, if so from what version: no
  3. Defense+ and Sandbox OR Firewall security level: enabled default
  4. OS version, service pack, no of bits, UAC setting, & account type: win xp sp3 32 bits, disabled, admin.
  5. Other security and utility software running: no
  6. CIS AV database version: the up to date at this time i don’t have it anymore but it was the one on Saturday september the 25th 2010 at 7 PM :stuck_out_tongue:

Thanks, CVSA, for submitting this in standard format. Intriguing…

For this issue we’ll need the AV database version please from more ~ about. (In general the red links on the format are live, and tell you how to get the relevant information). (If necessary if you don’t mind please re-test to ensure synchronised information).

I’m assuming your UAC and account details are the same as on your previous report, and have edited accordingly :slight_smile:

Will forward to moderator verified issues as soon as AV database version supplied - please just edit your first post.


OK well it is in the right format but I will forward it none-the-less.

If you can give the AV database version that will be most helpful

Best wishes