False Positive??? In "cmdagent.exe"

Ok heres the scoop----avast! screen saver for some reason now all of a sudden detects “cmdagent.exe” which is part of “COMODO Firewall” as a Trojan but when i do a manual scan of the file or a off line scan of the entire system avast! indicates all is clear. Can anyone help me with this matter?

Are you using avast Pro? Did you change screen saver settings?
Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

You don’t say which malware name I suspect win32:Trojan-gen, am I right ?

This is a bit of a surprise as the screen saver uses the same virus database as the regulat on-demand scan

The cmdagent.exe or cmdagent process info for Comodo Agent Service. Now I really don’t know what this agent does but it may be that what it does is getting the generic signature twitchy.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

I’m using “avast! Home” No screen saver changes. I sent a false positive message to avast. I used “VirusTotal” and “VirScan” and the results were all clear.

File Name–Process 1240 (cmdagent.exe according to TaskManager)
–Memory Block 0x07410000
–Block Size 843776
Malware Name–Win32:Delf-DNW [Trj]
Malware Type–Trojan Horse
VPS version–090622-0, 2009/06/22

And the suspected file is NOT moved to the Chest.