False-Positive on Comodo

Reply
L1 Bithead

False-Positive on Comodo

Hi There,
Not sure what's the right place to report this false-positive.

I would like to draw urgent attention of Paloalto Networks staff to resolve following false-positive on one of Comodo Internet Security files:
Virus Total (1/64)
https://www.virustotal.com/en/file/f80c084dc4747b8fee70ac4028e9b734cbc8aa3aea230b24fa9740da44ffcec1/...

We will appreciate if you could please resolve it asap.

Thanks
-umesh
comodo.com Staff

L6 Presenter
L3 Networker

Screen Shot 2017-08-13 at 00.35.46.png

 

Hi Mate, 

 

Downloaded same, which triggerred a wildfire upload and its been marked as benign by the threat analysis cloud. So its not been classed as malicious now anyway. 

 

Best regards, 

 

Rob 

L1 Bithead

Hi,

I have verified afresh on virus-total and still see it detected as of 20th Aug, 2017, 7:30 PM EST:

 

https://www.virustotal.com/en/file/f80c084dc4747b8fee70ac4028e9b734cbc8aa3aea230b24fa9740da44ffcec1/...

 

Please re-check.

 

Thanks

-umesh

Cyber Elite

@umesh.comodo,

Have you actually tried this from wildfire itself to verify directly. I wouldn't exactly trust virustotal to give you the proper verdict that WildFire actually generates. 

If you can get it to show up as malicious or grayware in WildFire it's pretty easy to request a verdict change, seeing as people who have already tested it report that it's beneign in an actual enviroment I really wouldn't worry about it. 

L1 Bithead

We also have our own Comodo Antivirus product and understand how Virus Total works.

We are also present on Virustotal.

 

At times people upload files to Virustotal and go by that.

 

So i will request PaloAlto team to scan the file and resolve the false-positive.

 

 

Thanks

-umesh

Cyber Elite

I do not work for paloalto, so this is ot an official statement, but I don't know if this community forum (even if there are people from palo here) is the right place to request something like that ...

L1 Bithead

Possible to point to me download location of their product for consumer?

 

Thanks

-umesh

Cyber Elite

@umesh.comodo,

I just noticed that you have not posted this under the VirusTotal discussion. That forum is the proper place for this type of submission, although I can not actually verify the forum is activly watch any longer. 

https://live.paloaltonetworks.com/t5/VirusTotal/bd-p/VirusTotal_Discussions

File Hash: <hash>

Link to Virustotal report for the file: <link>

Current VirustTotal Verdict: <verdict>

Description: <description>

 

That being said what was suggested by @TranceforLife would have worked perfectly fine in this instance, as WildFire recognizes the file as benign already as verified for you by @DonohoeRobert. It appears however from your last reply that you have not taken action on the info Trance has given you, which would continue to be the recommended course of action. 

 

 

L1 Bithead

Thanks BPry,

I have posted in there:

https://live.paloaltonetworks.com/t5/VirusTotal/False-positive-on-comodo/m-p/172480#M185

 

Reharding:

"That being said what was suggested by @TranceforLife would have worked perfectly fine in this instance, as WildFire recognizes the file as benign already as verified for you by @DonohoeRobert. It appears however from your last reply that you have not taken action on the info Trance has given you, which would continue to be the recommended course of action. "

 

We want detection to be removed from VirusTotal, as that creates wrong perception.

I hope someone from paloaltonetworks.com will look into it.

 

Thanks

-umesh

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!