Unsure if FP

roboe · April 25, 2011, 1:29am

Hi there

I’m using CIS and I think I may have a false positive. The problem is that it’s an addon for a commercial piece of software, so I’m not sure if I should be submitting it to 3rd party in the first place (it requires a registration code to work though).

I’ve been in touch with the retailer (www.simmarket.com), who claim that they scan all of their downloadable products and that I can rest assured that it’s a false positive.

The COMODO alert states that it’s TrojWare.Win32.TrojanDropper.Agent.~TL798872

I have other products from the same developer, downloaded from the same retailer which does not present a warning. The only difference between the two types of installers, is that the ones I suspect of having false positives have a feature where they will read the clipboard to see if I have copied the (rather long) registration key there. Could this set off a false positive?

I’ve submitted the files to COMODO in the past, but never got around to see if there was any follow-ups.

captainsticks · April 25, 2011, 1:45am

Sounds to be FP, but you could check the file in question here.

mengze.lin · April 25, 2011, 2:57am

roboe post:1:

Hi there

I’m using CIS and I think I may have a false positive. The problem is that it’s an addon for a commercial piece of software, so I’m not sure if I should be submitting it to 3rd party in the first place (it requires a registration code to work though).

I’ve been in touch with the retailer (www.simmarket.com), who claim that they scan all of their downloadable products and that I can rest assured that it’s a false positive.

The COMODO alert states that it’s TrojWare.Win32.TrojanDropper.Agent.~TL798872

I have other products from the same developer, downloaded from the same retailer which does not present a warning. The only difference between the two types of installers, is that the ones I suspect of having false positives have a feature where they will read the clipboard to see if I have copied the (rather long) registration key there. Could this set off a false positive?

I’ve submitted the files to COMODO in the past, but never got around to see if there was any follow-ups.

Hi roboe,
If you can find the FP file,you can submit through this
link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.
Thanks and Regards,
Lin mengze

roboe · April 26, 2011, 5:27pm

Hi, since the .exe file is 41 mb in size, it’d breach the 10 mb limit. Is there any other way I could upload and get some feedback?

Thanks in advance.

FlorinG · April 26, 2011, 7:37pm

Hello roboe,

You can upload the file on any filesharing website and PM me the link.

Best regards,
FlorinG