NOD32 stops the installation process of Comodo Firewall Pro 3.0


I’m new here. My PC Operating System is Windows XP Professional with the Service Pack 3. I have NOD32 running on it, i have configured it so it offers the highest security (advanced heuristics, analysis and control of absolutely everything the program can manage, etcetera).

The problem happens when i try to install the firewall, then NOD32 stops the installation, showing an alert window related to the problem at the same time. NOD32 detects that the installation file of the firewall is trying to create a suspicious file at the Temp folder of Windows, the detected threat is identified as a modified variant of Win32/AdInstaller aplication. I wonder if anyone has had this same problem.

I am from Spain. I’ve told this to the authorized reseller of NOD32 in my country. Their explanation is -and this is a literal translation of it into English (maybe not perfect because my English might be better)- the next one: “It is very probable that being a free utility, Comodo Firewall Pro 3.0 installs some kind of publicity toolbar or any not desired program with it. For that reason ESET NOD32 detects those temporary files as a risk for your system”.

Could it be a false positive from NOD32?

Thanks in advance.


it is a false positive



The detected malware is the ask toolbar, which is bundled in Comodo’s setup.

My personal opinion on Comodo’s move to install ask toolbar is that they made a bad move.

Bsplayer did the same thing, installing Whenusave and many users stopped using it.

Many security applications (AV’s AS’s) detect this toolbar as adware so I think that many users will drop Comodo.


Ask toolbar is a search engine toolbar. Do you think the same about google, yahoo or ms live search toolbars?

Download.Com ask toolbar page
SophosLabs ask toolbar analysis

I certainly do, I am deeply suspicious of anything that wants to install a browser toolbar, I think it’s pretty unprofessional. Like the guy above me, this is my own personal opinion. And it is essentially adware, promoting in this case a search engine.

Huge numbers of the machines in my company now have the google toolbar installed thanks to sun bundling it with java. The average users either don’t care if it’s installed or don’t know enough to prevent it being installed.

99% of toolbars have the option not to install it. When you install Java most people just click next,next,next and never take the time to read. If you simply read before you install and have the option to uncheck the toolbar install. No toolbars are ever forced on you. Comodo is the best and most powerful firewall out there and its FREE. So what if Melih is trying to make some money by installing the toolbar. Either way you don’t have to install it.

When I installed Comodo I knew that the Ask Toolbar was in it, so I turned off my AV and installed Comodo WITHOUT the Ask Toolbar. My surprise was that even though I said NO to the Toolbar, a file was detected later. This file is s1.tmp, which is inside Comodo’s folder.

How come, if I decided NOT to install the Ask Toolbar, a file was found later???


Even though you didn’t install it the files are still in the folder which is normal. Its part of the whole package. I actually have NOD32 and never installed the toolbar and yet NOD32 didnt come up with anything.

Please submit a detailed bugreport about it in a separate topic in the bugreport board.
I can say in advance that you can safely delete those temporary files as they are not used since you did opt-out Comodo Search toolbar with safesurf Technology meaning those files are inert leftovers.

There is no way either to install them without CFP installer.

As far this topic is concerned Learner wanted to know if Win32/AdInstaller was a false positive, if he wish to abide by nod 32 classification then the only thing left is to scan all other search engine toolbars. If nod32 don’t mark them as Win32/AdInstaller it is a false positive. However not all AVs will consider that an adware.

To all members against the ask toolbar please setup a topic in CFP feedback board. You may wish to link that topic to your signature as well.

It would be also desirable to address the more general topic about search toolbars/adaware viewpoints in General Security Questions and Comments (not product related) board.