Yesterday I happen to do a manual scan of my C:\Program Files(x86)\ directory on my Windowsy 7 x64 Sony Vaio laptop after I installed nmap 5.20 after someone posted on the nmap-dev mailing list that they scanned nmap with AVIRA and received an alert for ADSPY/AdSpy.Gen (Adware / Spyware), so I wanted to see if COMODO would do the same(btw it is a false positive you can follow the thread here Nmap Development: Latest dist v5.2 to read the replys you scroll down a little and click each reply).
Comodo did find a threat but it wasnt with nmap, a setup exe found in C:\Program Files (x86)\InstallShield Installation Information{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\ is flagged as ApplicUnsaf.Win32.FraudTool.SpeedScan.~GGA[at]92491761.
I then uploaded the file to virustotal and virscan (re-uploaded today while making this post) VT result: http://www.virustotal.com/analisis/ce548a7aa1cca4a6c2eb1be077058a511c8a1e7cfac82ba103e4375d30ce22ca-1264169112 only 1 other vendor flagges it and it is Mcafee-GW-Edition which flag it as Heuristic.LooksLike.Win32.NewMalware.I
and virscan results: http://virscan.org/report/cacc429ccd9d8d93f00d8a6f5ccc72b0.html Notice virscan comodo DB version 3409 while virustotal uses 3670
The file in question is an installer/uninstaller for Sonys Vaio Data Restore Tool which I concluded when I opened the setup.ini file and I read the first few lines that said
[Startup]
AppName=VAIO Data Restore Tool
ProductGUID=57B955CE-B5D3-495D-AF1B-FAEE0540BFEF
CompanyName=Sony Corporation
I submited the file to comodos false positve submission website, I get an email today telling me that it is NOT a false positive. How can that be when the software that the setup exe installs or uninstalls is not flagged? When I scanned the vaio data restore tool folder I get no alert and the restore tool is digitaly signed by Sony.
Has anyone else have issues with there OEM software getting flagged? Why will Comodo not fix this obvious false positive?