Setup for Google Chrome 58.0.3029.96 - FP

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
1

Google Chrome 58.0.3029.96 setup installation is detected as a malware in VirusScope events.

Product site: Google Chrome - Download the Fast, Secure Browser from Google
Name of detection: Generic.Infector.5
Downloaded file: ChromeSetup.exe
CIS Database number: 27057

2

Hi NeM`,

Thank you for reporting this.
We’ll check it and get back to you soon.

Best regards
Qiuhui.■■■■

3

Hi NeM`,

This is to inform you that the false-positive you have submitted is not detected by Comodo Internet Security Version <10.0.1.6209> with database version <27059>.
If detection is still present, please submit the file here again along with details about the environment and CIS product version in which this event occurred.

4

A VirusScope detection works on files rated as unknown that perform a recognizable activity. Looks like chromesetup.exe was not rated as trusted due to either cloud lookup failure or it being disabled, or you don’t have trust files from trusted vendors enabled. Remove chromesetup.exe from the file list and check your file rating settings and re-run the application to see if it gets rated as trusted.

5

I guess we can call this one a non-issue.

I am unable to reproduce the malware event shown earlier in Viruscope because:

  1. During installation, Viruscope prompted me to exclude ChromeSetup.exe and put it in the list of Trusted files. I agreed to do so. Removing it from Trusted files after installation and re-scanning did not produce any malware events.
  2. The application (Chrome browser) was updated successfully after executing ChromeSetup.exe. A re-scan did not produce any malware events and the setup file was deleted after completion of installation.
  3. Re-downloading ChromeSetup.exe and re-scanning did not produce any malware events.
  4. Re-executing ChromeSetup.exe would cause the installation to stop as it found the latest Chrome browser version installed already.

As you have pointed out, any combination or all these CIS settings below could have caused the event to show:

  1. Enable Cloud Lookup is disabled.
  2. Trust applications signed by trusted vendors is unchecked.
  3. Trust files installed by trusted installers is unchecked.
  4. The only one checked is Detect potentially unwanted applications.
  5. Trusted vendor list is empty, except for Comodo Security Solutions, Inc. (cannot be removed).

Thanks for looking into it anyway :-TU