What’s the best way to check if a rootkit ‘found’ in the registry is a false positive, since there isn’t a file to upload?
CIS has just identified a rootkit on an overnight scan and I have no idea what it is:
Rootkit.HiddenValue@0
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version\Version
Thanks 
Hi katykaty,
We will check this and provide a fix as soon as possible.
Kind Regards,
Erik M.
Thank you
I’ve just discovered this thread:
https://forums.comodo.com/av-false-positivenegative-detection-reporting/rootkithiddenvalueat0-beb3c0c7b648425796d9b5d024816e27-t67177.0.html
And I do use Adobe apps, so this looks like a false positive.
Hi katykaty,
Please export respective registry key and submit it to us.
Thanks and regards,
Ionel
I tried to export it from Regedit and got an error:
The selected branch does not exist . Make sure that the correct path is given.
Presumably if it didn’t give that error, it wouldn’t be a rootkit
Is there an alternative way to export?
Bump
Comodo is still picking this up as a threat, and I still don’t know how I can export it in a way that allows me to submit it as a false positive.