Windows Defender detects Comodo as malware/PUA even with PUA turned off.

andrew_nz · October 21, 2021, 1:12am

As above. Windows Defender Antivirus detects Comodo CIS setup as malware/PUA even with the potentially unwanted program detection turned off.

C:\Users\username\AppData\Local\Temp\fusion.dll

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUABundler%3AWin32%2FFusionCore&threatid=311944

https://i.postimg.cc/JzPccHfJ/fusion.png

I understand several AVs detect this , I just thought it was good to let you know this setup also detects it, in my experience this setup has the least false positives and detects the least potentially unwanted programs, grayware , adware etc.

Yet it still detects and blocks fusion.dll from the CIS installer. I got the installer from Comodo.com.

comblaster · October 21, 2021, 2:13am

fusion.dll is a remnant of a real PUA that was once embedded and offered by Comodo. It still has not cleanly removed from the installer even though Comodo no longer offers that PUA during the installation process.
This has been reported multiple times in this forums but unfortunately no corrective measure has been taken. It is sadly what it is.

andrew_nz · October 21, 2021, 8:03pm

Thanks for the reply, just good to have it on record that the default windows AV detects it even with PUA detection off.

C.O.M.O.D.O_RT · October 24, 2021, 6:54am

Hi andrew_nz,

Thank you for reporting, May i know your win version & system type(32bit/64bit) ?

Thanks
C.O.M.O.D.O RT

andrew_nz · October 24, 2021, 9:35pm

Windows 10 Professional , 64bit

I assume it’s detected by everyone with the latest Defender definitions, but my Windows version is 10.0.19043 Build 19043.

C.O.M.O.D.O_RT · October 25, 2021, 11:23am

Hi andrew_nz,

Thanks for providing the information, we will reach you through private message to get required log for further investigation.

Thanks
C.O.M.O.D.O RT