Win32:Dropper-LJP [Drp] during Comodo Firewall Setup - False Positive?

[cska133]

during the installation of Comodo firewall 5.10 (the same happens with version 5.12) Avast reported Win32:Dropper-LJP [Drp]. See screenshot
Comodo mods in the Comodo forum say this is false positive. The hashes of the installed setup are identical with these from Comodo official side.

does someone else have this alert or did one install CF 5.10 or 5.12 soonly?

how to proceed futher?

[Asyn]

how to proceed futher?

Report it as a FP.

[cska133]

where to report it?
and how can I (you) be sure that it is false positive?

[iroc9555]

Report it here as a F/P: http://www.avast.com/contact-form.php?loadStyles

Must be if you are installing Comodo and both file open in temps while installing Comodo. However, all of this is true if you downloaded Comodo installer from its web site.

To tell you the truth I reinstalled Cfw 5.10 back at the end of december after trying out CIS 6, and I did not get any alert from Avast!; However, this could be a new detection added in Avast! VPS and that is why Asyn asked you to report it as a F/P and let avast! decides.

[cska133]

   iroc9555

could you please upload somewhare your CF 5.10. PLEASE
I would like to compare the installers.
Send me the upload link in PM

[iroc9555]

I got it from Filehippo: http://www.filehippo.com/download_comodo/11856/

[cska133]

Report it here as a F/P: http://www.avast.com/contact-form.php?loadStyles

Well the tmp file is no longer avaiable so I can not send it to Avast by using the above link. Am I right? Or do I have to sent the Comodo installer?

[iroc9555]

Report it here as a F/P: http://www.avast.com/contact-form.php?loadStyles

Well the tmp file is no longer avaiable so I can not send it to Avast by using the above link. Am I right? Or do I have to sent the Comodo installer?

Leave it like that. Try the link from FileHippo or the MediaFire link I gave you. If you still get the alert, click the part of the alert that says "Report the file as a false/positive" at the bottom of it then go to File System Shield and exclude the file to continue the installation.

[securitest]

Avast :
program version : 7.0.1466
virus definition : 130126-1 (26 januray 2013, up-to-date)

I got the same virus alert
* virus found in CIS1.TMP
* virus type : WIN32:DROPPER-LJP [DRP]
* process : CMDINSTALL.EXE

when using the Comodo CIS installer : 5.10.228257.2253
MD5     : 8D25C043876A0FDBCED0443674D0E0E9
SHA-1   : 19A5936256E00F8470F6E173237C57F6818CFC9C
SHA-256 : 84FC4861DDBCB588601D993CFEF0338502FA6EA1DA6D0EFB74639B5678DADA5C
Size : 62 856 768 Bytes

In this post on the comodo forum :
http://forums.comodo.com/install-setup-configuration-help-cis/i-need-ciscf-510-or-512-t90635.0.html;msg653558#msg653558
you get a direct download link for this CIS 5.10 installer at :
http://www.cogneo.org/images/news/jan17/cispremium_installer_510.exe
(this is not a link on the comodo site since CIS 5.10 is not the latest CIS version)

I'll try to report it at
http://www.avast.com/contact-form.php?loadStyles

[securitest]

Unhappily when I try to report at http://www.avast.com/contact-form.php?loadStyles
each time I try, I get a 'The connection to the server was reset while the page was loading' from my browser.
So I can't report it for the moment.

[bob3160]

Unhappily when I try to report at http://www.avast.com/contact-form.php?loadStyles
each time I try, I get a 'The connection to the server was reset while the page was loading' from my browser.
So I can't report it for the moment.

You didn't mention which browser you're using.

[Asyn]

Unhappily when I try to report at http://www.avast.com/contact-form.php?loadStyles
each time I try, I get a 'The connection to the server was reset while the page was loading' from my browser.
So I can't report it for the moment.

You can also report it to: virus[at]avast.com

[iroc9555]

Unhappily when I try to report at http://www.avast.com/contact-form.php?loadStyles
each time I try, I get a 'The connection to the server was reset while the page was loading' from my browser.
So I can't report it for the moment.

You can also report it to: virus[at]avast.com

...Or as I said above in reply # 7

...If you still get the alert, click the part of the alert that says "Report the file as a false/positive" at the bottom of it...

[DrHaze]

Did anyone check to to see if this comodo installer was digitally signed? and have you or can you compared the file hashes?
I extracted the 5.12.2599 installer Digitally signed ‎Wednesday, ‎November ‎07, ‎2012 7:02:40 PM
and i found no alerts at all.

[bob3160]

Did anyone check to to see if this comodo installer was digitally signed? and have you or can you compared the file hashes?
I extracted the 5.12.2599 installer Digitally signed ‎Wednesday, ‎November ‎07, ‎2012 7:02:40 PM
and i found no alerts at all.

And how does that relate to "connection to server reset"