Post your unfixed FP's here (only after 2 days) - 2022

Previous thread

Please post here all unfixed FP’s . Please only post them when they’re not detected after 2 days.

Please include,

  • your original FP post
  • when you last tested CIS against it + what database

Two Unfixed Whitelisted Malware reports:

AV Database: 24509

  1. Reported on March 06, nothing happened.

The samples are from following vendors which should be REMOVED from Trusted Vendors List:

CleanMyPC Software

CleanMyPC Technology Limited

Software995 Inc. Media Corporation
  1. Reported this one on March 08, still nothing happened.

The sample is from the following vendor:


This vendor sould be removed from Trusted Vendors List because ZZZ-PC\zzz is a computer name, not software vendor name.

COMODO is slow to deal with reported whitelisted malware samples. Maybe this would be quickly handled if it was reported by one of those popular members with 2000+ posts. If you are not from the “niche” you are not taken seriously it seems.

Please stop posting the same post in multiple forum threads and wait for a reply in the forum this post belongs to. This is the thread where unfixed FPs are reported.;msg842320#msg842320


Detection has been fixed. Please update to AV database Version <25864> of Comodo Internet Security Version<> and confirm it.

reported on March 07, 2018;msg874048#msg874048

Last tested on 26 April 2018 still not detected by CIS v5.9, av database 28915

Spend some time to research and found this is Java.Cogyeka / Worm.Java.AutoRun / HEUR:Worm.Script.Generic / HEUR:Worm.Java.Generic according to following site:

Every time the worm create a copy (every each copy has different random name and SHA ) in windows RECYCLER BIN folder, when scanned CIS treat it as a safe file. Last year i submitted suspicious file in this folder and it was detected after 1 week i updated my av database, when it create another new copy again CIS doesn’t detect it as malware or worm.

Hi James,
Detection has been fixed, should reflect in the next few updates.

Best regards,
Andrei Savin


just tested on 6 May 2018 with CIS v5.9 av database 28960, the mentioned Java.Cogyeka malware files still not detected as positive


Actual database version <28968>.
Please check again.

Kind Regards,
Erik M.


I had updated to database version <28968> but that java malware still appeared negative.

Yesterday i updated to latest database version <28994> still same.


Actual database version <29005>.
Please check again.

Kind Regards,
Deepak PV


just test with latest database <29013> , newer than mentioned version <29005> but still same, not detected. The malware detected in another online antivirus.

Hmm…I don’t mean to rude, but am I going to hear this infinity loop of “try version database” without any action taken?

Hi james77,

Can you please go to Settings->Advanced Protection->Scan Exclusions and remove Recycle Bin from the list? Also, check if the files are present in exclusions or trusted files list by any chance and try scanning again?



The malware files are not present in exclusion or trusted files, but after removed Recycle Bin from scan Exclusions it was successful detected the files as malware, thanks for your help.

However, every time I plugged the USB flash drive which infected with this malware and double click the drive, my computer is infected by this malware again and CIS didn’t detect it as malware. The malware file appeared in Recycle Bin again and treated as safe file by CIS when scanned, it will not detected as malware until I restart PC.

How can I make CIS detected this malware in real time protection before it infect my computer?

Enable embedded code detection for cmd.exe located at Do heuristic command-line analysis for certain applications

No reply?

Hi Yigido,
I’ll check it and get back to you ASAP.

Best regards,
Andrei Savin

Files below already have safe signatures attached and live in DB version <29109>:

For the following file safe signature has been created and will go live in the next few updates:

Best regards,
Andrei Savin

Hi Mr. Savin,

Thanks for whiteslisting them :slight_smile:


Malware samples submitted on April 21, still undetected: