False VCruntime detections

Hi all, anyone else getting a ton of security alerts?

I have been smashed with hundreds of alerts for Malware detected in the last 12-24 hours - almost all my protected endpoints reporting.
I have tried to mark as trusted, tried to add to global whitelist but so far no luck.

And there appears no quick way to pause or stop alerts, it is 7am and within 30 mins my phone will start ringing from clients with pop ups, it is going to be one of those days…

To me, this has to be addressed at the scanning/signature level, where is the monitoring or valkie report ?

Should I mention no easy way to trace or mark as safe from emails/tickets ?

Cheers

mcfproservices

New ticket #7927 created








From: Greg xxxxxxxxxxxxxxxxxxxxx
Department: Support

Type of ticket creator: monitoring
Event Created at: Mon Mar 21 20:12:57 2022 GMT+0
Device Name: cad4
Logged on User: ReXXXXXXly
Data: Malware Handled Monitor : Malware detected: C:\ProgramData\Package Cache{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditio nal_x86\cab1.cab, Malware@#nka6x1mu4xvu, Detect AND Malware Handled Monitor : Malware handled: C:\ProgramData\Package Cache{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditio nal_x86\cab1.cab|F_CENTRAL_mfc120_x86, Malware@#nka6x1mu4xvu, Quarantine

AND

Type of ticket creator: monitoring
Event Created at: Mon Mar 21 20:18:25 2022 GMT+0
Device Name: STXXXX7 LXXXX
Logged on User: N/A
Data: Malware Handled Monitor : Malware detected: C:\Windows\Installer\d296.msi, Malware@#3r5p0ww1mj4ph, Detect AND Malware Handled Monitor : Malware handled: C:\Windows\Installer\d296.msi|cab1.cab|HPSFReportE xeConfig, Malware@#3r5p0ww1mj4ph, Quarantine

Have you checked the file hash on virustotal.com to see how they are rating it?

@nct

Just Comodo listing as malware for example :

DETECTIONDETAILSRELATIONSCOMMUNITY2May differ from commercial off-the-shelf product. The company decides the particular settings with which the engine should run in VirusTotal.

Comodo

Malware@#nka6x1mu4xvu

Ad-Aware

Undetected

AhnLab-V3

Undetected

ALYac

Undetected

Antiy-AVL

Undetected

Arcabit

Undetected

Avast

Undetected

Avira (no cloud)

Undetected

Baidu

Undetected

BitDefender

Undetected

BitDefenderTheta

Undetected

Bkav Pro

Undetected

CAT-QuickHeal

Undetected

ClamAV

Undetected

CMC

Undetected

Cynet

Undetected

Suggest you upload the file here and also open a support ticket https://www.comodo.com/home/internet-security/submit.php

Update - ticket raised almost the same time as posting, waiting on outcome

Hi @mcfproservices,

Sorry for the inconvenience caused due to False positive. We checked with the backend team and want to inform you that Malware@#nka6x1mu4xvu has been confirmed as False Positive and removed in AV DB 34459 version.
Please update the AV DB version to the latest one and check for the problem. To know more on how to update Antivirus DB on endpoints, please refer to this help article:
https://help.comodo.com/topic-399-1-786-10184-Update-Virus-Signature-Database-on-Windows,-Mac-OS-and-Linux-Devices.html?af=14971

Kind Regards,
PremJK