UPDATE: 2/26/09 – Comodo released an update today that has fixed the issue that I was experiencing. Details here!
————————————————————
UPDATE: I have heard back from Comodo tech support and they are aware of the issue and are investigating it:
Hi,
Thanks for sending us the report. Our developers are investigating this issue.soon it will get resolved. Please bear with us until the time..
We regret for the inconvenience caused.
I have resolved the issue by turning OFF the new heuristics scanning engine. For instructions on ow to do this, please scroll to the bottom of this post.
—————————————————————————————–
This morning I woke up to alarming number of Trojan alerts coming from the Comodo AV app installed on my desktop PC running Vista. The infections were mostly all coming from some Glary Utilities files, which struck me as odd.
After a panic filled morning, I am pretty sure the false positive is coming from an updated version of Comodo Internet Security (CIS). I scanned a second Vista machine and it came up clean. Then I noticed that CIS was alerting me of a program update that is now available.
Thinking back, I recall allowing CIS to update itself on my Vista desktop yesterday, so I allowed the second Vista machine to update. After updating CIS and allowing the installer to reboot the machine, I performed a scan – WHAMMO, Glary files are now flagged as infected.
The new CIS includes heuristic scanning, which is more like looking for bad behavior than comparing against actual known bad code. Think of it as alerting you that someone is using a shim to open your car door – normally this is a bad thing, but if you lock your keys in your car, using a shim is perfectly acceptable behavior.
Because I have been using Glary for as long as I have, and because the only report of malware is after I updated CIS to the new version which is 3.8.64739.471, I feel pretty confident that this is a false positive.
After figuring this out, I went to the updater within the CIS interface and it found another update. I installed that, rebooted, and the problem still exists.
I have submitted the Glary installer to Comodo for review (I can consistently get the alert to appear when I try to install the Glary update) so I will post the results when I hear back.
In conclusion, It *appears* as though this is a false positive – meaning, the antivirus software incorrectly identifies clean files as infected with malware (a virus or spyware).
Of the many posts I’ve read, here is one of the shortest threads that will help comfort you –
http://forums.comodo.com/empty-t34475.0.html
UPDATE: Still no word or any information on Comodo’s website, but the number of affected applications seems to be growing. It still seems as though the new heuristics scanning engine is the culprit. I have not installed anything new and applications that I have been using only seem to have a problem with Comodo running. It is starting to be a problem because critical application files are being quarantined, preventing the application from running and in some cases requiring a reinstall.
My solution is this:
- In the Comodo user interface, go to the Antivirus tab
- Click on the Scanner Settings menu item
- Turn OFF the Heuristics Scanning/Level
Again, since the heuristics engine is a new feature to Comodo, I don’t think you are causing yourself any problems at this stage, I just think there is a major problem with this new functionality and we probably don’t want to use it until it is fixed.
.