Reporting registry possible false rootkit positives?

What’s the best way to check if a rootkit ‘found’ in the registry is a false positive, since there isn’t a file to upload?

CIS has just identified a rootkit on an overnight scan and I have no idea what it is:


Thanks :slight_smile:

Hi katykaty,

We will check this and provide a fix as soon as possible.

Kind Regards,
Erik M.

Thank you :slight_smile:

I’ve just discovered this thread:

And I do use Adobe apps, so this looks like a false positive.

Hi katykaty,

Please export respective registry key and submit it to us.

Thanks and regards,

I tried to export it from Regedit and got an error:

The selected branch does not exist . Make sure that the correct path is given.

Presumably if it didn’t give that error, it wouldn’t be a rootkit :slight_smile:

Is there an alternative way to export?

Bump :slight_smile:

Comodo is still picking this up as a threat, and I still don’t know how I can export it in a way that allows me to submit it as a false positive.