Report False Positives for Valkyrie Service Here - 2020

wasgij6 · September 19, 2015, 4:56pm

If you believe that you have encountered a false positive with the online verdict service you can report them here. This is NOT the place to report false positives for comodo antivirus.

When reporting Valkyrie false positives please post the Valkyrie analysis link and a Virustotal link.

sd_ahmad · September 20, 2015, 7:40am

https://valkyrie.comodo.com/get_info?sha1=d33dcd5b90a161e7f298820b20e054b43ee48033

lugo_58 · September 29, 2015, 9:32am

Final verdict is “clean” but static analysis or dynamic analysis say “malware”

https://valkyrie.comodo.com/get_info?sha1=e6095f5a6ba701c583b2d8605c269bc68d16840d
https://valkyrie.comodo.com/get_info?sha1=c327764d6ea29acc2a00fe3d9cdf1838cf21b5d3

sd_ahmad · October 5, 2015, 6:54am

c44efc812036f969e9843fbfae3b4a1e958c0bb0

lugo_58 · October 5, 2015, 10:45am

a clean installer EagleGet Download Manager
https://valkyrie.comodo.com/get_info?sha1=12eb3d4c64f5f76d689a98360b6ed36046f3cd33

sd_ahmad · October 6, 2015, 9:05am

9871bf12506e366aa20aa7abf3a7456d500c9d11

sd_ahmad · October 6, 2015, 9:54am

cf9de9d85fa15a9eecf53eb93bd80ed208526a1d

lugo_58 · November 21, 2015, 9:33pm

Trusted Duquu Sample !!
[b]Advanced File Analysis System | Valkyrie
VT: VirusTotal

lugo_58 · January 12, 2016, 11:10am

Trusted AutoIt Sample

lugo_58 · January 13, 2016, 11:28pm

wasgij6 · January 14, 2016, 3:29am

lugo_58 · January 15, 2016, 4:18pm

Trusted “Adware Digital Signature” Problem over Valkyrie

Valkyrie Results
#1

Virustotal

#2

Virustotal

Files final verdicts are “Clean” because the digital signature of the samples are in Trusted Vendors List.
Please check “Optimal Software s.r.o.” in your CIS or CCAV.
It is a PUP/PUA provider.
Homepage - HerdProtect Knowledgebase

I will report it as trusted malware. Inform to you.

Thanks

fatih.orhan · January 15, 2016, 8:59pm

I’ll check this vendor.

update: the original page and product for this vendor were located at http://www.wifiprotector.com. New findings revealed http://www.pcspeedup.co.uk/ (with your comment) and sha1 ab84b151b723dd7bff31f5eb3f6bf3c7254adcc2 was found to be an installer of scareware product. The list of vendors is updated.
Thank you very much for informing this. It’s highly appreciated.

siketa · January 30, 2016, 11:48am

fatih.orhan · January 30, 2016, 1:53pm

Siketa, how do you conclude that these are FPs?

siketa · January 30, 2016, 1:58pm

They have very low VT detection ratio by few engines known for FPs (F-Prot, Zillya…).

lugo_58 · February 5, 2016, 1:58pm

Trusted Trojan Sample

miloszcz · February 5, 2016, 2:59pm

It looks like it has correct and verified digital signature.
Or a bug → https://forums.comodo.com/comodo-valkyrie-fls/report-problems-with-valkyrie-file-verdict-service-t79618.0.html;msg828840#msg828840

lugo_58 · February 5, 2016, 3:07pm

I sent it to manual analysis, they fixed the “Safe” verdict.

fatih.orhan · February 5, 2016, 3:18pm

This is a file which has stolen certificate. It should be validated by Valkyrie. The case was known to us, and it is already fixed, it will be available with next update.

The vendor is trusted.