Comodo / Xcitium False Positive & Blacklist Removal
By DrGlenn — USA-based WordPress security specialist· 290+ cleanups across 34 countries· Updated June 22, 2026
Is Comodo / Xcitium flagging your website?
If Comodo / Xcitium is warning visitors about your site — with something like Phishing, Malware/Malicious Website; blocked by Comodo Online Security / Secure DNS; Valkyrie “Malicious” verdict — it means one of two things: your WordPress site really is infected, or it is a false positive left over from a problem that was already fixed. Either way, here is exactly how to get the warning removed.
Step 1 — Confirm it is really a false positive
Before you ask Comodo / Xcitium for a review, make sure the site is actually clean. If you request removal while malware is still present, the flag comes straight back (and some vendors rate-limit repeat requests). Check it two ways:
- Run it through my free Is My Site Hacked? checker for a fast look at injected code, spam and cloaking.
- Cross-check on VirusTotal to see every engine that is flagging you.
If anything turns up, get it fully cleaned first — deleting the visible malware is not enough if a hidden backdoor remains.
Step 2 — Report the false positive to Comodo / Xcitium
Report a website false positive on the Comodo submit form. Submit here: comodo.com/home/internet-security/submit.php
- Go to the Comodo submit.php false-positive form.
- Choose the website/URL option and enter your URL, email and comments.
- Submit; Comodo re-checks and updates its database if clean.
- For category (not malware) issues, admins use Domain Classification Requests.
- Post in the Xcitium forum if there is no response.
Good to know: Comodo rebranded enterprise security to Xcitium, but the consumer false-positive form still lives on comodo.com. Category requests are usually actioned within ~48 hours.
Step 3 — If the warning keeps coming back
A warning that returns after you have been delisted almost always means the infection was never fully removed — usually a backdoor in a theme file, a rogue admin user, or malware stored in the database. That is exactly what I fix. I am a USA-based WordPress security specialist: I remove the infection completely, submit the delisting on your behalf, and harden the site so it stays clean.
Get my site cleaned · See how it works · read my client reviews.
Frequently asked questions
How long does Comodo / Xcitium take to remove the warning? Once your site is genuinely clean and you have submitted the request, most reviews clear within a few days — see the timing note above. Submitting while still infected only restarts the clock.
It keeps coming back — why? Because the real infection (a backdoor, rogue admin, or database payload) is still there. A full cleanup stops the loop.
More removal guides: Dr.Web, Google Safe Browsing, Norton Safe Web · all vendor guides · full report-link directory.