Some False Positives

These just came up in todays scan. DB version 1005.

Unclassified Malware@8331742 C:\Downloads\Comodo\LeakTests\CLT.zip:BITS.dll
Unclassified Malware@8386990 C:\Downloads\GRC\leaktest.exe

Yes, technically these are malware like, but do we really need to put tests such as these on our trusted files list?

And another FP that is a part of the GSAK application suite. (A GPS geocaching waypoint management application)
Unclassified Malware@8415974 C:\Program Files\GSAK\MacroEditor.exe
http://www.virustotal.com/analisis/f79cdc5f67ee12635da0d0ad876d825f
I’m emailing this one to Comodo.

Hi,

Could you please verify the FP’s with latest base updates?

Thanks,
Ramanan

Hi Ramanan, the Comodo Leaktest BITS.dll and the GSAK MacroEditor.exe are now good with DB 1025, but the GRC LeakTest.exe still triggers an alert.

It’s labeled as Application.Win32.LeakTest.~A@8386990

Screenshot is attached.

[attachment deleted by admin]

Hi HeffeD,

Hi Ramanan, the Comodo Leaktest BITS.dll and the GSAK MacroEditor.exe are now good with DB 1025, but the GRC LeakTest.exe still triggers an alert.

It’s labeled as Application.Win32.LeakTest.~A[at]8386990

Yes, we do detect leak tests in CIS. This is intentional.
But at the same time we make sure that Comodo leak tests are not detected, just to be fair to people testing against CIS itself.

Thanks
-umesh