strange detection

khanyash · August 26, 2009, 11:08am

i have a folder in windows which when opened comodo comes up with a heur suspicious detection. this is a false positive. what i want to say is that when folder is opened comodo says heur suspicious but when i scan that folder with right click scan comodo doesn’t finds anything. and yes the folder has only one file microsoft user mode driver framework install v1.0 winxp. the folder is in windows temp. cis installed with default settings. nothing changed. cis version latest 3.11. winxp sp3. no other security software installed. isn’t it strange. and all these strange things sometimes makes me think that people who criticize comodo av for poor detection may be right. plzz shed some light and clear this point if i m wrong in any way understanding the detection technique used by comodo av. but i found this strange and so posted here to get you all expert frds view.

thanxx
naren

Citizen_K · August 26, 2009, 12:49pm

What is the name of the file? Since it is >NET related it will be on my system as well so I can test it.

khanyash · August 27, 2009, 12:50pm

naren post:1:

i have a folder in windows which when opened comodo comes up with a heur suspicious detection. this is a false positive. what i want to say is that when folder is opened comodo says heur suspicious but when i scan that folder with right click scan comodo doesn’t finds anything. and yes the folder has only one file microsoft user mode driver framework install v1.0 winxp. the folder is in windows temp. cis installed with default settings. nothing changed. cis version latest 3.11. winxp sp3. no other security software installed. isn’t it strange. and all these strange things sometimes makes me think that people who criticize comodo av for poor detection may be right. plzz shed some light and clear this point if i m wrong in any way understanding the detection technique used by comodo av. but i found this strange and so posted here to get you all expert frds view.

thanxx
naren

file name i have highlighted above. there are 2 folders with the same file of same size. folder names are wdf8.tmp and wdff.tmp. size is 739kb.

thanxx
naren

_{Edit by EricJH: separated the quote from the reply; the latter was part of the quote structure}

Citizen_K · August 27, 2009, 4:04pm

I can’t find those files under windows\temp\ on my system.

To be sure there are no driver left overs from previously uninstalled security programs try the following.

Go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> do this for all drivers → reboot your computer.

When the problem persists make sure there are noauto starts from your previous security programs download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting go to Options and choose to hide Windows and Microsoft entries and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.