Multiple FPs on various legitimate programs

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

Installers for several legitimate programs are blocked as malware with the same detection (“Cloud.Trojan.Gen@2@1”), even with AV disabled
Can you reproduce the problem & if so how reliably?:
Every time.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Run installer EXE for FP program
2: “Malware blocked” alert will come up, referencing a .tmp file created in C:\Users\username\AppData\Local\Temp.…
One or two sentences explaining what actually happened:
A false malware detection blocked installation of the program, even with AV disabled.
One or two sentences explaining what you expected to happen:
That it wouldn’t have a false positive and wouldn’t block installation of legitimate software.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
They don’t apply, as it is a Malware alert and not auto-sandbox. The installers open and are not sandboxed, but then crash soon after as their temp file was erased.
Any software except CIS/OS involved? If so - name, & exact version:
None relevant (I think).
Any other information, eg your guess at the cause, how you tried to fix it etc:
Possibly just the way these programs create temp files as part of their installation. I tried disabling AV, no lock, disabling auto-sandbox, no luck, disabling everything, still no luck. I had to temporarily uninstall CIS to install my program (which I paid good money for).

B. YOUR SETUP
Exact CIS version & configuration:
8.0.0.4344
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
D+ disabled, autosandbox enabled, firewall enabled (safe mode), AV heuristics scanning at low (doesn’t work with it off either).
Have you made any other changes to the default config? (egs here.):
None, fresh install.
Have you updated (without uninstall) from CIS 5 or CIS6?:
No.
if so, have you tried a a a clean reinstall - if not please do?:
N/A
Have you imported a config from a previous version of CIS:
No
if so, have you tried a standard config - if not please do:
N/A
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
MS Windows 8.1 x64, UAC enabled, admin account
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=Malwarebytes Anti-Malware Free (so no active scanning, on-demand only). I installed this after I noticed the first FP.
b=None, home-built machine

NOTE: The two program installers I have that I know exhibit this issue are both too big to submit as FPs. One is PacketSender (Google is your fried) and the other is Wolfram Mathematica 10.0.2. I paid good money for the latter, so I was willing to go to great lengths (uninstalling CIS) to get that working.

[attachment deleted by admin]

#2

Looks like this is a FP with the cloud scanner. The cloud scanner settings are under file rating in the advanced settings.

You can report the False positive here to get it fixed.

How to report False Positives

#3

This is a bug with Comodo’s cloud scanner. I have experienced it myself. It behaves aggresively and detects many safe installers as malicious when they attempt to load .tmp files into memory. This should be reviewed by Comodo as similar programs I have encountered reported the same FP, CloudScanner.Trojan.Gen[at]2[at]1. Here is a link to a previous post I made with more information on this subject:
https://forums.comodo.com/av-false-positivenegative-detection-reporting/false-positive-t108473.0.html

Hopefully someone at Comodo will look at this and investigate any similar file patterns that lead to the cloud scanner detection false positive and fix this program error.

#4

Thank you for pointing me to the cloud scanner settings. Un-checking “Do NOT show popup alerts” allowed me to select “Ignore and report as false alert”, which allowed the install to proceed. I agree with Netguy101 that the cloud scanner is a little over-aggressive. Especially since one of the programs it blocks is digitally signed by a trusted vendor in CIS’s settings-- namely, Wolfram Research Inc. It should have ignored that one, since it’s from a trusted vendor.

And wasgij6, both the installers I have are too large to upload. Is there a file-size limit for the email submission method?

#5

How big is the file?

#6

The only one that I can legally redistribute is a 15 MB file.

#7

you can upload the file to virustotal and post the link

#8

Here’s the link. 0/55 detections.

#9

i meant to use that link to report the false positive described above.

#10

Since this seems to be a problem with a false positive im going to move it to resolved. If you still think this is a bug in CIS please respond and we will continue to process this bug report.