I’m seeing what I assume are many False Positive this evening on a couple of virus scans for different clients. Anyone else encountering the same?
Hi @nct
Have you tried updating CCS on one of the endpoints and re-scan to check if the false positives would still come up?
When CCS runs a scan, it should update as it starts to run, I am in contact with the Comodo Lab now and have provided some examples.
Hi,
Yes, get some in weird files, well, I don’t really know if it’s false positives, but it feels like it.
Here are some examples,
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc{60C30621-0391-46F5-913E-0F8C6952AE03}\Protectors\1\11.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc{60C30621-0391-46F5-913E-0F8C6952AE03}\Protectors\1\6.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc{60C30621-0391-46F5-913E-0F8C6952AE03}\Protectors\1\16.dat
C:\ProgramData\Package Cache{54e320b1-1c6e-42e7-9ad0-261c878a7306}\OldMHUUninstaller.exe
One thing that had been great when you should send the files to the Comodo lab, would be to be able to download the file from the ITSM or directly send it from there to the lab. Now it’s a pain, you have to whitelist the file, and find the file on the affected computer and then send ti to Comodo lab.
Thanks.
Everytime there are Windows updates on the .NET framework, seem to be flagged as Malware, as well as some Windows Store Apps deployed from Intune!
Hello @Noiden
Support team will get in touch with you shortly via email for further investigation.
On the other hand, we have a similar feature request already shows in the roadmap wherein you will have
an option to submit false positive to av labs detected both by local Av and by the Valkyrie. The feature is expected to be delivered by
the end of 2018Q3.
KRegards,
I have raised the submit from ITSM dashboard a few times, hopefully as there are multiple people asking we can get this implemented
Hello @StrobeTech ,
Thank you for your cooperation. We also hope that the feature will be implemented as soon as possible.
How is it going?
I made an update of the signatures and then a full scan on one computer… I think CCC found malware and viruses in almost all files… lol
We appreciate bringing this to our attention. Our Product Developers had been alerted on this issue and is now working to resolve the fals flagging. We’ll provide an update as soon as possible.
Ok… will the files be restored automatically? Or do I have to do this from ITSM when the false flagging is fixed?
Hi @nct, @Noiden, @curatrix_pl, and @StrobeTech,
We have been informed that the issue with the false positives has been fixed in the latest AV DB.
Files need to be restored manually. You can also select multiple files and restore them as trusted, see: https://wiki.comodo.com/frontend/web…rusted-quickly
Hi all,
let me inform you that the issue with false positives has been fixed starting with signature db v28950. it has already been released at 1pm today.
The problem was caused by an automated process failing to perform false positive check, due to a bug introduced recently. This resulted with some signatures to be released without a check against safe files. The team worked continuously on fixing the issue after we’re being notified by users, and the fix is applied in a short.
We’re aware that it caused many problems on your systems as well as some of our users. We’re very sorry to have caused this inconvenience. We’re now increasing the precautions to take before each signature db release.