Please post here all unfixed FP’s . Please only post them when they’re not detected after 2 days.
Please include,
- your original FP post
- when you last tested CIS against it + what database
Two Unfixed Whitelisted Malware reports:
AV Database: 24509
- Reported on March 06, nothing happened.
The samples are from following vendors which should be REMOVED from Trusted Vendors List:
CleanMyPC Software
CleanMyPC Technology Limited
Software995 Inc.
Mail.com Media Corporation
- Reported this one on March 08, still nothing happened.
The sample is from the following vendor:
ZZZ-PC\zzz
This vendor sould be removed from Trusted Vendors List because ZZZ-PC\zzz is a computer name, not software vendor name.
COMODO is slow to deal with reported whitelisted malware samples. Maybe this would be quickly handled if it was reported by one of those popular members with 2000+ posts. If you are not from the “niche” you are not taken seriously it seems.
Please stop posting the same post in multiple forum threads and wait for a reply in the forum this post belongs to. This is the thread where unfixed FPs are reported.
Hi,qmarius
Detection has been fixed. Please update to AV database Version <25864> of Comodo Internet Security Version<8.4.0.5165> and confirm it.
reported on March 07, 2018
Last tested on 26 April 2018 still not detected by CIS v5.9, av database 28915
Spend some time to research and found this is Java.Cogyeka / Worm.Java.AutoRun / HEUR:Worm.Script.Generic / HEUR:Worm.Java.Generic according to following site:
Every time the worm create a copy (every each copy has different random name and SHA ) in windows RECYCLER BIN folder, when scanned CIS treat it as a safe file. Last year i submitted suspicious file in this folder and it was detected after 1 week i updated my av database, when it create another new copy again CIS doesn’t detect it as malware or worm.
Hi James,
Detection has been fixed, should reflect in the next few updates.
Best regards,
Andrei Savin
hi,
just tested on 6 May 2018 with CIS v5.9 av database 28960, the mentioned Java.Cogyeka malware files still not detected as positive
Hi,
Actual database version <28968>.
Please check again.
Kind Regards,
Erik M.
hi,
I had updated to database version <28968> but that java malware still appeared negative.
Yesterday i updated to latest database version <28994> still same.
Hi,
Actual database version <29005>.
Please check again.
Kind Regards,
Deepak PV
Hi,
just test with latest database <29013> , newer than mentioned version <29005> but still same, not detected. The malware detected in another online antivirus.
Hmm…I don’t mean to rude, but am I going to hear this infinity loop of “try version database” without any action taken?
Hi james77,
Can you please go to Settings->Advanced Protection->Scan Exclusions and remove Recycle Bin from the list? Also, check if the files are present in exclusions or trusted files list by any chance and try scanning again?
Thanks,
Ionel
Hi,
The malware files are not present in exclusion or trusted files, but after removed Recycle Bin from scan Exclusions it was successful detected the files as malware, thanks for your help.
However, every time I plugged the USB flash drive which infected with this malware and double click the drive, my computer is infected by this malware again and CIS didn’t detect it as malware. The malware file appeared in Recycle Bin again and treated as safe file by CIS when scanned, it will not detected as malware until I restart PC.
How can I make CIS detected this malware in real time protection before it infect my computer?
Enable embedded code detection for cmd.exe located at Do heuristic command-line analysis for certain applications
Hi Yigido,
I’ll check it and get back to you ASAP.
Best regards,
Andrei Savin
Hello,
Files below already have safe signatures attached and live in DB version <29109>:
SHA1:48604a3456d57097a799fd8a2ea46b3deaff6d06
SHA1:1484283a49bde199126bbe4ebeb5caf25fb3ae7c
For the following file safe signature has been created and will go live in the next few updates:
SHA1:a15435f0574f654a6535b19787db1d82b2d629d0
Best regards,
Andrei Savin
Hi Mr. Savin,
Thanks for whiteslisting them 
Regards,
yigido
Malware samples submitted on April 21, still undetected: