Several false positives (I think) and questions

Yesterday I ran a scan on my computer (dropped avast!, started using CIS)
Found several issues, some of which I don’t include here, since I think CIS is correct in ID’ing them
However there are 4 which I believe are false positives. I uploaded all to one of the online virus scanners (viruscan.jotti.org) and at least a few reported malware for them, but most did not.

  1. RockXP4.exe (Soft Famous - Free Download Software and Games)
  2. testports.exe (an asus utility)
  3. restart.exe (from my windows directory)
  4. Evid4226Patch.exe (http://www.lvllord.de/)

I sent email yesterday to malwaresubmit@avlab.comodo.com as suggested after zipping/pw protecting etc. I have not heard back from comodo yet.

From this section of the forum, obviously people create threads based on their (suspected) false positives. Is comodo not responsive to the email? Or do people just post here if comodo is unable to rectify?
I guess what I am asking is: When and why should I post about a (suspected) false positive to this forum?

Thanks

Hi scott1256ca,

We will check the submitted files and if they confirm to be false positive, a fix will be provided. Please also attach the 2. and 3. files to your post or provide us with their entire detection name so we can be able to verify.

A file which is part of a known safe application and is misdetected by CIS can be reported by submitting the samples here: Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year or on this topic if additional details need to be provided.

Thanks and regards,
Ionel

Thank you for your reply

As you will note in my original post, I have emailed comodo already. I trust that is sufficient and you do not need me to attach the files here?

Hi scott1256ca,

Sorry for the inconvenience, but for some reason the attachment from your email arrived to us in a corrupted state. Kindly upload the testports.exe and restart.exe files at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year (unzipped, just as they are) in order to check them.

Thanks and regards,
Ionel

ok, I have uploaded them as requested.

Also, I retrieved them from my email and it appears the zip files were NOT password protected, although I know I supplied one at the time. I should have tested that, I guess.

Thanks

Hello scott1256ca.
we have analyzed all four files from the list. All of them are not malware. But RockXP4.exe and Evid4226Patch.exe were already detected by CIS as Applications, so we just updated that signatures.
Others are fixed. You can update to db version 1943 of latest CIS.
thanks for your submission.

regards,
Alexey

So are you saying that the submit via “Submit suspicious files” is not the best way to submit them? I submitted a whole bunch of Fps that are from ClamWin virus pattern files and am still getting hits from Comodo on them. It’s driving me a bit nuts.

As an aside, I have a machine on my network that has no firewall, no AV, and no other real time scanner running. It has been like this for a year or more now, and it has not gotten any viruses, malware, or other bad boys, but then I do not check mail from it and only rarely use it to browse the net with Firefox. My conclusion is that the bulk of viri come in through e-mail, with a few malicious web sites that can be stopped with addons to Firefox, like NoScript, etc.

Thanks.

Thanks

I read somewhere that Comodo was going to submit CIS (or just the AV part??) to AV-comparatives. I hope to see Comodo high on their next list.

Scott