Report recurring Heuristic (Heur.Suspicious) detections here - 2022

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
1

Do you find you have to report some tools that get flagged over and over after every updated version that get’s released?
Then this is the topic to report them. Only report Heur.Suspicious[nobbc]@[/nobbc] detections here please.
If it’s detected but in your view falsely classified use a normal FP report asking to reclassify the tool.

Please provide the following details in your report;

  • Name of the tool
  • The Heur.Suspicious code
  • Official website/link where to download the tool
  • If possible contact information of it’s developer(s)

Previous thread

2

Hi i have reported some days ago in this topic that a virtualbox installer file was being flagged wrong

https://forums.comodo.com/av-false-positivenegative-detection-reporting/fp-heurpackedunknown4294967295-t117927.0.html

The file is again begining to be flagged as malware, please take a look at it

3

Hello,

Based on the info you have provided it appears that we do not detect this file. Are you sure you updated Comodo Internet Security to the latest version?

Best regards
Andrei Savin

4

Yes I’m sure updating was made before full scan.
Here goes a screenshot of CIS log

5

Hi,
AV Lab is currently investigating this issue and we’ll solve it as soon as possible.

Best regards
Andrei Savin

6

thanks andrei.savin

7

AIMP

Backup folder is detect as malware

Heur.Packed.Unknown@4294967295

8

Hi,
Thank you for submitting this. We’ll investigate it.

Best regards,
Andrei Savin

9

Thank you.

10

Hello blade120,
Could you please enlarge the window and see the exact file that is causing the detection and submit it to us? We’re unable to get a hold of the file. You can attach the file here directly.

Best regards,
Andrei Savin

11

Of course
SHA1: 624C68DA13974D52B44EE39828A7A6E22D6805B1
File is here
http://uploadfile.pl/pokaz/1062677---qwpl.html

12

Hi blade120,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <26868> of Comodo Internet Security Version<10.0.1.6209> and confirm it.

Best regards
Qiuhui.■■■■

13

Hi
All is ok. Thank you very much.

14

Name: Suspicious@#2w4bqiynoo42h
SHA1: 09022101aad2c53f4b141a3b92a6bcb01f6cbaff

link: https://drive.google.com/open?id=0B6th7MAiPk2EazVRYTdPVnBQbzQ
password: infected

15

Hi,
Thank you for submitting this. We’ll investigate it.

Best regards,
Pavithran G

16

Hi windstorm,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <27002> of Comodo Internet Security Version<10.0.1.6209> and confirm it.

Kind Regards,
Erik M.

17

Database version: 27619

File info:

Path: C:\Windows\system32\SearchIndexer.exe
Detection: Heur.Gen.Lama[at]117022151

File hashes:

SearchIndexer.exe
fd74badbcf30f3f6c9d6e3d6b3e42fa5 - MD5
bce4ebbf6aa5b2d0df8f4a152f8e76b2b4b567b0 - SHA1
0ac3130b - CRC32
9970bd6cff1cd0d60906bf171773ddf7bd317f13b1850149f97886f5cf0d94d6 - SHA256

This can happen with Heuristics set on Medium.

Please run a manual scan/ realtime scan with medium heuristics to see if FP occurs

18

Hi cocalaur,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <27653> of Comodo Internet Security Version <10.0.1.6223> and confirm it.

Kind Regards,
Aravindhraj J.

19

Defraggler Download Defraggler for free | Defrag SSD and HDD drives downloading it opens CIS with the option of cleaning the file via sending it to the sandbox or running it without. ApplicUnwnt[at]#290od3alopvy2 Database version 28059.

20

Hi patrice58,

This is to inform you that the reported file is not a false positive.
If you intent to use it further,you can add it to exclusion list.

SHA1:40cdd1188cfc0b474b66a22ce8ddb280a38eadfd *dfsetup221.exe

Best regards
Qiuhui.■■■■