Just installed the latest version of VLC Player and Comodo is flagging this as a Virus vlc-cache-gen.exe, is this a false positive, tried to submit to Comodo but failed. Never had any issues with VLC Player before and ran MalwareBytes and Superantispyware and neither of them reported this as risk, so what’s going on?

Hello Gedstar,

Please try submitting the detected sample using the following link:

If that is not possible you can use any file-sharing website to upload the file then give us the link.

Thank you!

Best regards,

Thanks for the quick response, file has been uploaded :slight_smile:

I have the same problem today. I quarantine the file. Also try to submit it thru CIS but failed. Why failed? I have been having this problem every time I try to submit a quarantine file. The item name is “Malcrypt.Indus@105441913” and the location is “vlc-cache-gen.exe”

So what happens now that the file has been submitted, I have not quarantined the file just added it to my exclusion list, as I think it’s a false positive, have checked with VLC player on another system and the same file is there. Have ran various other Malware and Antivirus utilities and none of them have flagged this as a risk.
So when do we find out whether it’s a false positive or not? :THNK

They will reply after analysis is over…probably today.

Cheers :-TU

Did you upgraded VLC or it was a fresh install?

When 2.1 was released, the same file was detected here on upgrading but not detected on fresh install, so try fresh install.

Try restoring the file & check if detected again.

Read here…


Had already read the link before posting here, firstly I did an upgrade and then after reading the above link I tried a fresh install, wasn’t detected during the fresh install but after about 5 mins Comodo flagged it as malware again.
Did not have any issues with the previous version on either my PC or Laptop
Have put the file into my excludes list as I’m sure it’s a false positive, will wait to see what Comodo comes back with

Just done an upgrade on my work PC and scanned with MSE, MalwareBytes and SuperAntispyware and no malware detected

Cheers for the response

Just wait until Comodo release a fix, if not done tomorrow, you should post it in the unfixed FP’s after 2 days…

Hello Gedstar,

Can you confirm that the SHA1 of the detected file is: 71fb8e0be60e8d17268508b28a0a35b9d92e8524 ? If the answer is yes, a fix for this False Positive will be available soon.

Thank you,

Best regards,

Like recurring FPs for some programs, it has also started with VLC. Previous version of VLC, the same file was detected & again with this version of VLC.

Instead of fixing everytime, why dont Comodo do something about these recurring FPs? This is really annoying & irritating, not to mention waste of time to post the same file with every new version of the software.

Plzz do something better…

Actually it seems like they are already dealing with such issues.
For example Siketa noticed that RogueKiller which was detected with every updates isn’t anymore now…Some others programs too.
So now they’ll have to do something with VLC for not getting detected with every new updates because of automated analysis systems…

This recurring FPs issue is quite from a long time. They have solved some programs but whats the difference if recurring FPs for other programs starts.

Sometimes I feel like switching to other AV as there are other probs too like sometimes double databases file in the scanners folder, sometimes GUI doesn’t start for quite a long time when net is not available, etc… & a strange prob that I have mentioned before too & it happened today too.

I clicked on Run Unlimited on the popup. After installation completed & VLC opened it was autosandboxed & I clicked on dont isolate again, it asked for password? Can anyone try this with VLC & also check if it is a bug? Make sure CIS is password protected.

Same thing happened with Adobe Flash. During update some gtb file was autosandboxed, I clicked on dont isolate again & it asked for password.

I found a bug last week that seems to affect CIS on the 64 bit platform. When installing a program using a trusted installer and “Trust files by trusted files” enabled CIS (x64 only) will not automatically add executables to the Trusted Files list.

I noticed that when installing GIMP on a 64 bit computer of a customer GIMP would not function properly because the plugin files all got sandboxed. I reproduced it at home to be specific for 64 bit installations of CIS.

I have the same exact issue and it was triggered when installing not the desktop version but rather the portable version (which contains the same main files) on the file (vlc-cache-gen.exe). I can’t give you a hash because despite telling Comodo to quarantine it, it deleted it. Although I was installing on a x64 machine, it was the portable version done through a platform installer, so the host OS shouldn’t be an issue.

[tr][td]Date[/td] [td]Location[/td] [td]Malware Name[/td] [td]Action[/td] [td]Status[/td] [/tr] [tr] [td]2013-12-11 14:38:48 [/td] [td]X:\PortableApps\VLCPortable\App\vlc\vlc-cache-gen.exe [/td] [td]MalCrypt.Indus![at]105441913 [/td] [td]Quarantine [/td] [td]Success [/td] [/tr] [tr] [td]2013-12-11 14:38:05 [/td] [td]X:\PortableApps\VLCPortable\App\vlc\vlc-cache-gen.exe [/td] [td]MalCrypt.Indus![at]105441913 [/td] [td]Ask [/td] [td]Success [/td] [/tr] [tr] [td]2013-12-11 14:38:03 [/td] [td]X:\PortableApps\VLCPortable\App\vlc\vlc-cache-gen.exe [/td] [td]MalCrypt.Indus![at]105441913 [/td] [td]Detect [/td] [td]Success [/td][/tr]

This seems to be the exact issue in this post, maybe someone can combine them? Apparently this also came up in the past (3 years ago) in this post also for a legit installer.

So what happens now?

Hi GµårÐïåñ,

Please update your AV database Version <17426> of Comodo Internet Security Version <6.3.302093.2976> and check again.
If detection is still present, please submit the file or installer on Comodo forums at https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detecte-b154.0/

Priyadharsini G

Did you check with the latest database?

I just checked and it does not get detected anymore. It seems fixed.

Hi all

Just checked today and I can confirm that all is good again, cheers for the update, have removed from the excluded list and ran a scan on the folder and it’s not getting detected anymore

Thanks to Comodo and all for the help