rpcnetp.exe and rpcnetp.exe are legitimate components of Computrace’s LoJack for Laptops as long as they have a certificate for Absolute Software.
Comodo CIS reports these as being infected by a Trojan.
Since Lojack’s brain center is in the BIOS then any attempts to quarantine/delete/move etc simply resuilt in them being replaced again by the Lojack software.
I have left a report with Absolute Software regarding this false-reporting but have, as of yet, not received a reply.
Scott,
At one time this problem was resolved BUT seems to have reappeared. I had the same thing occur again and had to classify them as “safe” (which they are).
Thank goodness that the lojack software is excellent at detecting any efforts to remove them and they simply get reinstalled with the next bootup.
The LoJack application is not available for download and for this reason we are not able to verify the mentioned samples. If you have rpcnetp.dll and rpcnetp.exe on your computer please have these files submitted as false positives at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year and paste in the comment box the address of this topic. Do not zip or modify the files, just submit them as they are. Further on, we will check them and if they confirm to be false positives, a fix will be added.
Just reinstalled XP on my laptop and added Comodo virus scan to the firewall. First scan and the AV identified the Lojack components as malware. I notice that this was first reported as a false positive nearly a year ago. Why does it take so long to get this put to bed?
Is there a way to selectively turn of specific antimalware signatures? Because in addition to the two files already specified in previous posts, the sig also finds entries in the system restore. Seems like wasted effort to come in after Comodo and find where it has found things, and then have to selectively ignore each specific thing. This particular signature is not something I’m interested in keeping active, since it’s wrong.
Additionally, a different sig nailed one file out of a Dell driver installation and flagged it as “unclassified malware” which is also wrong. You can download that driver from Dell’s site, it is number R120775.
I have seen the FP file u submit through the webinterface,and replied a mail to u.
It is not an FP.The reported file is termed as a potentially unsafe application. If you really want to continue use this file, You can add the file to the exclusion list.
Just 2 days ago I’ve had the same issue with the legit rpcnetp.dll file being reporter as a trojan by Comodo Internet Security Premium. I’ve reported the file as a false positive, but but it already sc***ed my OS, so I had to reinstall it. The problem was that even if I’ve selected to add rpcnetp.dll to my own safe files, it would stil pop up every time I’ve entered System32. And more than that, if think that somehow my user permissions were modified, so I couldn’t install anything else (CCleaner, Bitdefender IS). When at last I’ve been able to submit the file on some online file scanner sites, it turned out that the file was clean and already scanned by many other users, and only Comodo and a few other antivirus programs would report it as a trojan. After the fresh install of my OS, and a very good scan by another Internet Security suite, it resulted that my system is clean.
P.S.: sorry about my any mistakes, but English is my second language.
Update Comodo Internet Security to the latest version - 4.1.150349.920 - and verify if the issue replicates also after update. In case it does, please let us know and also give us more details about your system: