Report recurring Heuristic (Heur.Suspicious) detections here

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
41

Hi,

Here one FP…

ALZip : www.altools.com

Well The scenario is that when I perform manual scan on the installer, only in the packed state it shows the files in the image as Heur.Packed.Unknown@* …
I extracted the installer using 7Zip scanned all the files no detection… CLean…
So kindly fix this in packed state.

Garena Classic was too detected as a Virus in the same packed state but since it does not come in this category I’ll create a post for it…

There are A few more that got detected in the same state when I performed full scan yesterday but I didnt take a screen and moreover cleared my Logs too as I faced an issue with Comodo D+ coz of some apps and I had to track it. Well Those apps and D+ caused my system to hang up, waited but had to hard boot. The D+ went busy into writting so many logs that my system lagged and ■■■■■■■ up. At first when I encountered this I thought It was coz pc was infected scanned and formatted back XP and then I found this.

Well Back to the topic, ALZip… kindly fix this…

[attachment deleted by admin]

42

Hi Ishaan,

Thanks for reporting.We will check this and get back to you.

Regards,
Ponmalar.S

43

Hi Ishaan,

Please submit the detected files at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year. So we can check it.

Regards,
Ponmalar.S

44

I have posted the false positive on this file twice,see here.

https://forums.comodo.com/empty-t80177.0.html
https://forums.comodo.com/av-false-positivenegative-detection-reporting/false-positive-on-bassdll-t82116.0.html

But everytime after I updated the software,false positive on this file again.

bass.dll,a file of AIMP3;
Heur.Packed.Unknown@4294967295

45

Hi,Redstraw

Thank you for reporting this.
That False positive fixed.
Please waitting for DB update.

Best regards
Chunli.chen

46

TDSSKiller

47

Hi,wasgij6

Thank you for your submission.
We’ll check this.

Best regards
Chunli.chen

48

Hi there,

After recent virus scans I get this come up :

Heur.Gen.Lama@117023117

C:\WINDOWS\system\wuauclt.exe

I dont know where it came from but every time I try and clean it with both CIS and CCE it comes back again.

Any help would be greatfully recieved.

49

Hello EddyM,

Please submit the detected file as False Positive using the following link:

Thank you!

Best regards,
FlorinG

50

Yesterday I submitted a false positive (an Acer BIOS updater) using this page: http://www.comodo.com/home/internet-security/submit.php

It was a 1.10 BIOS updater for my laptop.

Hi,

This is to inform you that false-positive with <P4LJ0110.exe> (SHA1: )
has been fixed.
You can update to AV database Version <12365> of Comodo Internet Security
Version<5.10.228257.2253> and confirm it.

Thanks.


The false positive has been fixed.

However, I had the same issue with previous BIOS updater versions (the last one was version 1.07). That false positive was fixed too.

So today I’ve tried to download the 1.08 version of the BIOS updater (that I never downloaded before) and… false positive.

Would it be possible to fix this issue permanently instead of having to whitelist every single new executable everytime?

This is the false positive of the 1.08 version of the Acer BIOS updater for my laptop model: https://valkyrie.comodo.com/Result.html?sha1=38634e6d172c450d355dc041a48156a7fa09d0cf&&query=0&&filename=P4LJ0108.exe

It is detected as Suspicious[at]#3rskatay839t9

You can whitelist another Acer BIOS updater (so many other updaters will be erroneously detected) or try to understand why Acer BIOS updaters are always detected as malware. Acer download page: http://us.acer.com/ac/en/US/content/drivers

:slight_smile:

51

Hi ekerazha,

Thanks for reporting. We’ll Check this.

Regards,
Ravikant

52

Hi ekerazha,

This is to inform you that reported false-positive has been fixed.
You can update to AV database Version <12367> of Comodo Internet Security
Version<5.10.228257.2253> and confirm it.
Thanks.

Kind Regards,
Erik M.

53

The last false positive that I reported has been fixed too, BUT I’ve tried to randomly download another Acer BIOS updater and… false positive.

Please stop whitelisting every single BIOS updater executable and fix the problem at the root.

54

RogueKiller
Suspicious@#2gl17rirpx45

55

Hi Siketa,

Thanks for reporting. We’ll Check this.

Regards,
Srinivasan.G

56

Hello Siketa,

This False Positive has been fixed. You can update to AV database Version 13977 of Comodo Internet Security Version 5.10.228257.2253 and confirm it.

Best regards,
FlorinG

57

I keep on getting Heur.Packed.Unknown@4294967295 on CounterStrike:Global Offensive game when it receives an update through Steam (during the Completing setup phase). The “trick” is that i only get it when i have heuristics set on Medium or High. I don’t get any warnings with Low setting. However since heuristics seem to be much more refined now and i haven’t got any false positives on any other files i’d like to keep on using High setting, but i still want to get it fixed for this specific game.

Can’t submit the file since you can’t extract a file from Quarantine to any location, but i have submitted it through quarantine to Comodo labs (filename and path C:\Windows\Temp~757D.tmp). Hope this helps.

I’m using CIS 6.0.252829.2560, one of mods recommended i submit the report even though i’m using CIS 6 BETA…

58

vistart
2lwhfzphbv8hm

59

Hi,yosi501r

Thank you for reporting this.
We’ll check it and get back to you soon.

Best regards
Chunli.chen

60

Hi yosi501r ,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <14252> of Comodo Internet Security Version<5.12.256249.2599> and confirm it.

Regards,
Srinivasan.G