Q&A Strange Threat found by Comodo

Joined
Apr 21, 2018
Messages
79
OS
Windows 10
Antivirus
Comodo
#1
I did a manual scan with Comodo Cleaning Essential and found a threat in a hidden key which is:
HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs
Is that mean that CIS is infected?Should i delete this key?
Thanks!
 
Joined
May 31, 2015
Messages
303
OS
Windows 10
Antivirus
Kaspersky
#2
I did a manual scan with Comodo Cleaning Essential and found a threat in a hidden key which is:
HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs
Is that mean that CIS is infected?Should i delete this key?
Thanks!
On the surface, it seems a benign reg key. btw I'm using cfw in a virtual machine & there the reg is HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres not HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.

It would be better if you specify which comodo product you were/are using besides Comodo Cleaning Essential?
 
Likes: BryanB
Joined
Apr 21, 2018
Messages
79
OS
Windows 10
Antivirus
Comodo
#3
On the surface, it seems a benign reg key. btw I'm using cfw in a virtual machine & there the reg is HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres not HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.

It would be better if you specify which comodo product you were/are using besides Comodo Cleaning Essential?
I am using Comodo Internet Security and it's the first time i found this threat (marked as red in danger), after scanning many times before with Comodo Cleaning Essentials without find anything.
 
Last edited:
Likes: BryanB
Joined
May 31, 2015
Messages
303
OS
Windows 10
Antivirus
Kaspersky
#4
I am using Comodo Internet Security and it's the first time i found this threat after scanning many times before with Comodo Cleaning Essentials.
tbh it seems a fp but even if it's a fp, it's quite awkward fp. Provide me some time I'm gonna set up CIS in a VM then I'll run a Comodo Cleaning Essential to check whether same happens to me or not.
 
Joined
Apr 21, 2018
Messages
79
OS
Windows 10
Antivirus
Comodo
#5
tbh it seems a fp but even if it's a fp, it's quite awkward fp. Provide me some time I'm gonna set up CIS in a VM then I'll run a Comodo Cleaning Essential to check whether same happens to me or not.
Thanks,i used custom scan and checked everything.
I also scanned with Zemana and NPE and found nothing.
 
Last edited:
Joined
May 31, 2015
Messages
303
OS
Windows 10
Antivirus
Kaspersky
#6
CIS created HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres reg key not HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs. There is something annoying about this. I'm assuming that you were using fully updated latest version of CIS. The mismatch is uncanny. Can ya run a hitman pro or any other 2nd opinion av?
 
Joined
May 31, 2015
Messages
303
OS
Windows 10
Antivirus
Kaspersky
#7
ok then. You may uninstall CIS & if you've already done it then delete the reg key. & if possible then make a clean install of CIS just to check what reg key it makes. obviously if you have time & interest to do so.
 
Joined
Apr 21, 2018
Messages
79
OS
Windows 10
Antivirus
Comodo
#8
ok then. You may uninstall CIS & if you've already done it then delete the reg key. & if possible then make a clean install of CIS just to check what reg key it makes. obviously if you have time & interest to do so.
I also checked with Zemana and NPE and found nothing.Now, i made a full scan with CIS (fully updated), also found nothing.I will delete the key us suggested, hope not to damage CIS and again i wll rescan with Cleaning Essentials.
 
Likes: oldschool

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,103
#11
I did a manual scan with Comodo Cleaning Essential and found a threat in a hidden key which is:
HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs
Is that mean that CIS is infected?Should i delete this key?
Thanks!
CCE is detecting CIS' own language (langs; localizations) key as something.
 

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,103
#14
CIS created HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres reg key not HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs. There is something annoying about this. I'm assuming that you were using fully updated latest version of CIS. The mismatch is uncanny. Can ya run a hitman pro or any other 2nd opinion av?
He could have just copied it from the CCE GUI or report that cuts off the .cmdres and reports it only as "Langs". There is nothing fishy about this. The reporting could be limited by buffer size and therefore not report all characters in the string. Welcome to the world of IT and security softs.
 
Joined
May 31, 2015
Messages
303
OS
Windows 10
Antivirus
Kaspersky
#15
He could have just copied it from the CCE GUI or report that cuts off the .cmdres and reports it only as "Langs". There is nothing fishy about this. The reporting could be limited by buffer size and therefore not report all characters in the string. Welcome to the world of IT and security softs.
cce detected the reg as threat so I considered that it should display the name of it as it is. About your limitting buffer size is somehow related to compound files as far as I understand. reporting of regkey detection is not same as files detection.
 
Likes: Nestor

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,103
#16
cce detected the reg as threat so I considered that it should display the name of it as it is. About your limitting buffer size is somehow related to compound files as far as I understand. reporting of regkey detection is not same as files detection.
Buffer size as it pertains to the GUI has nothing to do with either file or registry key. It has everything to do with COMODO development limiting the number of characters that will display in the GUI.
 
Likes: Nestor
Joined
May 31, 2015
Messages
303
OS
Windows 10
Antivirus
Kaspersky
#17
Buffer size as it pertains to the GUI has nothing to do with either file or registry key. It has everything to do with COMODO development limiting the number of characters that will display in the GUI.
ok it seems I've to elaborate it a bit. In case of compound files, there can be multiple strings of data which are intertwined in various fashion & if somehow one data string got detected as threat then the display of that may be limited to specific name. for example if data01 gets detected as threat which is part of file x then the detection can be displayed as with data01 or /resxxx/ddee/gjy/data01 after the actual file on the basis of buffer limit.

in case of langs.cmdres, it is reg key name & under which there are several other reg key subsist.
 
Likes: Nestor

Similar Threads

Similar Threads