setupiccs.exe Okay or no?

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
#1

I just installed CIS Pro on a fairly new machine. I had a recent quarantine by MCSE and a clean scan with it shortly after.

Upon running my first CIS Pro full scan I received a scan result with a single threat notification of setupiccs.exe. I have an ASUS P8Z77-V PRO motherboard and the files path is located in the TurboV app folder within the motherboard app folder. TurboV is used for automating PC hardware overclocking.

I wasn’t sure if this file is supposed to be here or what, so I came here to ask. Is it a false positive or should I get rid of it? I’ve uploaded the scan results below.

Thanks in advance, I appreciate the help.

EDIT

It is located in the install folder of the application on one of my storage drives, not on the OS drive. So I’m assuming this isn’t flagging an active process or app. This was also the drive that had the .rar which contained a rootkit.

[attachment deleted by admin]

#2

Can you uplaud the file to (https://www.virustotal.com/)
even better, (http://valkyrie.comodo.com/)

#3

Oops, accidentally uploaded the scan result. I’m uploading the actual file now.

#4

ok thanks, then post the result here.

#5

It says I do not have permission to open it when i try to upload it…

#6

In the same folder as this is the ASUS setup exe with the asus icon for the app. I think it is a virus.

#7

Install HashMyFiles (Free large file hosting. Send big files the easy way!)
no pass for the archive.
Then take and put the file inside it.
Copy the SHA-1 value and post it here.

#8

It wont let me open it with that program. Do not have permission, contact admin etc etc…

#9

Try with VT uplauder (https://www.virustotal.com/documentation/desktop-applications/)
after installation, right click and “send to/virustotal”.

#10

Nope, denied again…

#11

Try copying it do your desktop and then uploading the copy.

#12

Hello UnInfallible,

Thank you for reporting this. The file was confirmed as a False Positive and it will be fixed soon.

Best regards,
FlorinG

#13

If the file is safe, why can’t I modify or open it? It is asking for admin privileges just to copy it, is that normal?

#14

I did not due the copy, I canceled it due to it asking for admin privs. Should I copy it anyway? I really can’t afford to have any security issues on this machine…

#15

FlorinG should be able to solve the problem. There is no need to upload it.

#16

Well, he said it was a false positive. If it is a normal file, why is it not allowing me to modify it in any way?

#17

its a bug in CIS when restoring files from quarantine. add it to the trusted files list under defense + and try again if you still get the error reboot

#18

Hi,UnInfallible

This is to inform you that false-positive has been fixed.
You can update to AV database Version <14547> of Comodo Internet Security Version<5.12.256249.2599> and confirm it.

Best regards
Chunli.chen

#19

I’m afraid it’s back.

I’ve just had the exact same sequence of events as the previous chap. Only this time it came from a chipset driver downloaded from the Intel website.

Obviously my Comodo database is fully updated.

Any guidence would be appreciated., i.e is it really ok ? and why, if it was fixed back then is it being flagged up now ?

#20

Hi agraeme355,

Thanks for reporting. We’ll check this.

Regards,
Priyadharsini.G