Report recurring Heuristic (Heur.Suspicious) detections here

Do you find you have to report some tools that get flagged over and over after every updated version that get’s released?
Then this is the topic to report them. Only report Heur.Suspicious[nobbc]@[/nobbc] detections here please.
If it’s detected but in your view falsely classified use a normal FP report asking to reclassify the tool.

Please provide the following details in your report;

  • Name of the tool
  • The Heur.Suspicious code
  • Official website/link where to download the tool
  • If possible contact information of it’s developer(s)

.EasyAntiCheat
.Heur.Suspicious@242601963
.Easy Anti-Cheat

Hi,disPPlay
Thanks for reporting.We will check that and get back to you shortly.

Regards,
Chunli.chen

Hi,disPPlay

The samples you submitted as false-positive is not detected by Comodo Internet Security version <5.5.195786.1383> with database version <9690>(We downloaded that software "EasyAntiCheat.exe"SHA1 and install it.
).
Please make sure the Antivirus database is updated and check again.

Regard.
Chunli.chen

It was fixed yestarday, probably it will be flagged again in the next update but we will see.

I believe the Heur.Corrupt.PE@1z141z3 C:\Windows\SysWOW64\mfc45.dll false detection is back. Virus Total came up clean accept for Comodo.

Hello devnulllore,

Please submit the detected file as False Positive using the following link: http://www.comodo.com/home/internet-security/submit.php
Thank you!

Best regards,
FlorinG

Has been detected before, and still with every new update.

Speccy
Suspicious[nobbc]@[/nobbc]#26f01wpqoutyq

http://www.piriform.com/contact

Hello Ronny,

Thank you for your submission. We’ll check it and get back to you soon.

Best regards,
FlorinG

Hello Ronny,

This False Positive has been fixed. You can update to Virus Signature Database version 9873 and confirm.

Best regards,
Chunli.chen

It’s fixed, but the question is will it be flagged again next update of this tool?
As that is where this thread is started for to prevent repetitive FP’s on tools like this, if in doubt please ask Umesh.

From the Log viewer Log of CIS 5.8.202876.2065 Beta on a fresh Windows 7 SP1 x64 fully updated install:

2011-09-02 17:00:55 C:\Windows\SysWOW64\mfc45.dll Heur.Corrupt.PE[at]1z141z3 Detect Success

If I clean this the next time I reboot Windows recreates the file and it is detetcted again. Is this safe? Virus Scanner is set to statefull with Heuristics set to default, low. Zipped File Attatched and submitted through CIS .

Please advise ASPA!

FYI, running this through Virus Total returned 8 positives all for Heuristics all with damaved or corrupt in the name.

That’s all the info I have.

dev

[attachment deleted by admin]

What are your settings for Heuristics? Low, Medium or High? Can you post the link to the Virus Total report?

Hi,

As mentioned in the post Heuristics are at default, low.

http://www.virustotal.com/file-scan/report.html?id=b41564fb58e0dacf52562064fd93461bf9d24842ab5c5815ba88a901870ed212-1315007709

Keep in mind. I have run this file through at least 11 different cloud scanners and the about 10% positives find something like corrupt, damaged or the like, not like typical virus results. Could the file be legit but damaged?

dev

This site is not working:

I click upload and it just sits there spinning and never gives a confirmation that the file is recieved or anything.

dev

http://valkyrie.comodo.com/Result.html?sha1=e1a0cdb488af570c1d419f959f7f6b8758e02076&&query=0&&filename=mfc45.dll

dev

Hi, devnulllore

Thank you for reporting this.
We’ll check it and get back to you soon.

Best regards
Chunli.chen

Hi devnulllore,

This FP has been fixed in DB 9977. Please update and confirm it.

Best regards,
Ponmalar.S

I’m using Comodo Internet Security Premium, and I just got this false positive today.
Heur.Suspicious@ 19765621.

Hi donut166,

Thank you for your submission. We’ll check it and get back to you soon.

Best regards,
Ponmalar.S