Please post your screenshots of KillSwitch

Comodo Cleaning Essentials + KillSwitch & Auto News / Announcements / Feedback - CCE
41

no uknown processes :slight_smile:

good work comodo

[attachment deleted by admin]

42

Niceā€¦No alerts for you sir :slight_smile:

Melih

43

This is a tool to unlock the office 2010.

[attachment deleted by admin]

44

So, illegal?:wink:
Keygens, cracks etc. are also detected as malwares.

45

Some Keygens will exploit your machine tricking software into thinking its a activated copyā€¦ So yeah it would be a unsafe app. :wink:

46

I donā€™t think itā€™s running under srvany for the fun of it :wink:

47

HaHaā€¦ agreed! :-TU

48

hope that there will be chinese simplified versionā€¦ā€¦

[attachment deleted by admin]

49

Clean as a whistle

Jake

[attachment deleted by admin]

50

There are still false positivesā€¦
Whatā€™s the reason of submitting them to Comodo if theyā€™re not solvedā€¦
Another frustrating answer from the virus analystsā€¦

[attachment deleted by admin]

51

Hi Tech, you are talking about ā€œtheseā€ false-positives?

I only see FLS unknown, I donā€™t think thatā€™s an FP.
A DACS result from an other vendor, donā€™t think Comodo can fix that.

And a UnclassifiedMalware that does look like a FP, can you post a shot from the verdict tab to see which part flagged it malware (probably CIMA). and preferably also the SHA1 hash of the file.

52

What is FLS then?

I see. Itā€™s a ClamAV detectionā€¦

Verdict screenshot. Iā€™m absolutely sure that it is a false positive. Itā€™s a local application (paid).
http://www.virustotal.com/file-scan/report.html?id=fbf44719bed4537a7e5601913d04703df1cb59014427bf441fbef4bbce95fa56-1296076344

MD5: 7de40a52b993b21a7c2dfba1371a8057
SHA1: dbb78096d48288846a251498a59d808c130bec2b
SHA256: fbf44719bed4537a7e5601913d04703df1cb59014427bf441fbef4bbce95fa56

[attachment deleted by admin]

53

Hi Tech,

FLS = File Lookup Service.
CIS/CCE/KS send out the HASH of the file to the FLS, if the HASH is found malicious itā€™s marked.
If the HASH is not in the database it returns ā€œFLS.Unknownā€.

Did you report the FP here? Normally they respond within a day with a ā€œfixā€ so it shouldnā€™t take to long to fix.
I think forum FPā€™s are faster processed then the oneā€™s submitted trough the web submission form, but thatā€™s just a feeling.

54

No, I didnā€™t know I should do it there. Iā€™ve done there.
https://forums.comodo.com/av-false-positivenegative-detection-reporting/false-positive-of-killswitch-t68658.0.html;new#new

55

Hello everyone, hereā€™s my screenshot.
Btw. I reported mcshield last year for trusted application :slight_smile:
http://forums.Comodo.com/news-announcements-feedback-cis/submit-applications-you-want-to-be-made-trusted-here-t46391.0.html;msg451583#msg451583

[attachment deleted by admin]

56

Resubmitted

If you like you can follow the thread until it is whitelisted (if appropriate).

57

Ok, thanks.

58

Would be interesting to see Properties > Verdict for MCShieldRTM.exe. :slight_smile:

59

Here is it!
Itā€™s not rogue/fake program, itā€™s really excellent program for protecting from infected usb storages!

[attachment deleted by admin]

60

Thanks. :slight_smile: Detected by ClamAV. :wink: