New CIS engine with reduced FP's. Serious?

I mean that i use CIS for so long, that i easy can notice if there is a reduced number of FP’s that CIS generates.That’s not happening.

Whats New in CIS 3.12.111745.560 ? FIXED! Removed some of the reasons that make AV to report false positives

Yes, but no.Sorry, no offense, I love CIS. :wink:

You may not notice the False positive’s being reduced much as a single user - Across the board the affects would be noticeable.

I haven’t had one yet with 3.12 but then I’ve only had 3 since v3.8.


Not a single fp since upgrading to 3.12!

I’ve had three, but they’ve been submitted and fixed.

I did not see any difference with the 3.12 (the same FP after update) .
But at the moment I have no FP ;D

I am using cis and a-squared ,they both had FP´s which were corrected after I submited them.

;D if you have FP submit them.

Comodo detect fp most from the engine’s Heuristics .
I see a little FP from signature detection.
However Comodo detect a most FP compared with other popular free anti virus.

Keep up Comodo :-TU

Indeed… the vast majority of FPs will come from Heuristic engine and not from the signatures we have created! So you can simply switch off heuristic.


I switch Heuristic to low in realtime.
And I’ve to report some FP to Low.

Sorry if my post makes mistake, I meant Comodo should keep up for reduce FP detection in the future.

Btw, Also Notice reduced alerts with D+ (Increasing whitelist?) Nice work.

I can’t recall ever getting a FP :slight_smile: <—I have Heuristics set to “high” and running statefull

It must be the new computer with a bunch of programs that come with the computer, other then that, I just can’t see how certian people get FP’s ???
Even keygens and patches generally don’t get flagged. (although infected and/or backdoored keygens will get flagged regularly )

As I have said, I have only had 3 confirmed FP’s since starting with V3.8. I leave Heuristics on low. Every FP has been for a file that was not flagged by a previous CAV database and they all were fixed speedily. No FP’s so far with 3.12.

I don’t think this is a good thing to tell people. It’s a well known fact that a strict signature based solution isn’t useful against zero day threats. Heuristics are necessary for this.

Now granted, in theory, D+ should be catching any baddies before the AV needs to deal with them, but we know that nothing can detect 100% of the threats out there. Therefore heuristics is a necessity for a useful AV.

If the answer to the problem is to tell people to turn off heuristics instead of fixing the root of the problem (heuristics algorithms) then this is concerning to me. :frowning:

Hehe the Heuritics in CIS (Client Side) dont use heuristics algorithms.

But yes the heuristics on the servers need tweeking. (And are probably going to get some)

None of the heuristics out there can ever provide 100% protection or even close to it I am afraid and thats the reality.

Static analysis based heuristic is much less effective than dynamic based heuristic (now called Behaviour blockers etc). Which will be in v4.


Heuristics is an algorithm! 88) They can be nothing but an algorithm! You feed it several parameters, and if any (maybe a percentage?) of them are met, it flags a detection. This is an algorithm! If it isn’t an algorithm, it is a signature…

Agreed. I’m not disputing that. I’m simply saying that by turning of heuristics, your zero day protection has decreased markedly as far as the AV is concerned.

Looking forward to it! :slight_smile: So you said it comes out tomorrow, right? :smiley:

Oh had no idea that is a algorithm. :-[

Any way the CIS client side Heuristics cant be changed… it detects a packed file, or it doesnt. (depending on Heuritics level)

You’re saying the developers can’t change their own code? ??? (Assuming of course, it is their own code. I’m not so sure after the debut of SecureDNS and Time Machine)

You’re sure all the heuristics are determining is whether or not a file is packed? If so, then that is very disappointing. There is much more to determining infected/suspicious files than merely being packed…

There are definitely a lot of infected packed files out there, but I’m willing to bet the majority are still legitimate.

This would be a bit like a policeman pulling over every driver of a Camaro because drug runners have been caught in this make of car. 88)

They can add packers for detection… v4 will probably change the Heuristics Engine from Packer Detection to BA.

No not all heuritics work like that… the Current CIS (client side) heuritics detects packed files only (and maybe files with Dual extentions (not sure)). The Server side works diffrently… how i dont know…

Thats very much how Heuritics that arent Behavior Analysis (CIMA like) work.

To a point…

Only validating a single input is what I was going for with my analogy. I would hope the heuristics in CIS are more sophisticated than that.