No alert for this file !

slayer76 · January 16, 2011, 1:05am

When i start this file Comodo do not give me any alert !
No sandbox and no alert from D+
The file was uploaded here Comodo Antivirus Database | Submit Files for Malware Analysis
And here is the results of VT http://www.virustotal.com/file-scan/report.html?id=ca7598f0eef3c545e7ad12581e0bba525b734ed01db3d419180a262e90d8c0a7-1295116897
Is there some bug ?

And here is the file _{mod edit: removed url to possible malware.}

Please don’t post links to live malware.

DiSP · January 16, 2011, 1:47am

Can you please upload the file to http://camas.comodo.com/ and post here the link with the report?

slayer76 · January 16, 2011, 1:56am

I think this may be a bug … The file is not signed and he should be a sanboxed !
But here is the report http://camas.comodo.com/cgi-bin/submit?file=ca7598f0eef3c545e7ad12581e0bba525b734ed01db3d419180a262e90d8c0a7

The file is some keygen i think …

Citizen_K · January 16, 2011, 2:05am

I tested the file in my Win 7 in a vm.

I first tested it with paranoid setting and no sandbox and the only alert I got was for Explorer starting up that key generator. No other alerts. Giving the program the Isolated Application policy has it run flawlessly.

It seems like a clean key generator to me with no malware attached. It only resides in memory and does nothing else than that. It is not a threat to your system’s integrity. Still it could be a threat to your own or company’s legal integrity…

With D+ in Safe Mode and sandbox on it didn’t give a sandbox alert. The cloud thinks it is a safe file hence why there is no sandbox alert.

languy99 · January 16, 2011, 2:23am

it is not malware, look at the age of the file on VT. It first saw that file on May 2010 and no one has added any signatures since then. I would say the signatures that are there are FP’s.

slayer76 · January 16, 2011, 3:01am

Comodo is a default deny system … Am i right ?
Then even this file is not malware he should be sanboxed ! Then why is no alert and why this file automatically placed in trusted files ? Now cloud verification say is safe but then file was unknown!
I do not think this is right way but you decide after all !
Best regards ,
slayer76 !

Citizen_K · January 16, 2011, 3:22am

As Languy points out the file was first seen May 2010. That means that Comodo did receive that file from Virus Total. It most likely was in the cloud as a safe file since somewhere in May 2010.

I do not think this is right way but you decide after all ! Best regards , slayer76 !

When you want more control disable the cloud look up functionality.

slayer76 · January 16, 2011, 3:57am

When i attached this file in CIMA i see the file is not recognised by Comodo …
Anyway i just want to be useful … About me VT make many mistakes!
And i have channel in You Tube but i test everything in real machine !
My best wishes to all of you and excuse me for inconvenience !