What to do when I get JTISuspect!xxxxxx detection within McAfee?

Version 3

    Have you noticed a message that McAfee detected a threat and has classified it as JTISuspect!xxxxxx? Read on to know more

     

    Step 1 - Do you recognize the file or its associated App?

     

    You want to hit that "Delete" button if you don't recognize the file and its associated Application. Check out the location of the file by clicking on "More details" button from the McAfee Pop-up window. This should provide you with the details on where the file resides. Generally legitimate applications are placed on Program Files or Program Files (x86) directory thought it is possible for a PUP to reside in the same location

     

    If you missed the pop-up from McAfee and you would like to know the location details Open McAfee UI > Click Navigation at the top right > Scroll down until you see "Quarantined Items" > You will find the detection and its location details

    For the new Blue Interface - Open McAfee UI > Click on Settings Cog wheel at the top right > Select "Quarantined Items"

     

    If you feel that the file/App is safe and ready to accept the risk you can choose to restore by clicking the Restore button

     

    Step 2 - Check if the file has a bad reputation

     

    The best way to check if a file is malicious is to upload in VirusTotal and see the detection rates from each AV vendor. Go to http://www.virustotal.com and click "Choose file" to start scanning the file in question. Once the file is uploaded to VirusTotal it will be scanned by various AV solutions including McAfee and the result will be displayed. If multiple applications detect the file as malicious then you should strongly consider deleting the file from Quarantine.

     

    Open McAfee UI > Click Navigation at the top right > Scroll down until you see "Quarantined Items" > Select the detected file > Click Delete button

    For the new Blue Interface - Open McAfee UI > Click on Settings Cog wheel at the top right > Select "Quarantined Items"  > Select the detection > Click Delete button

     

    Step 3 - What if you feel that the detection is a False Positive?

     

    There are chances that the file might have an invalid digital signatures or it has been altered by a Hacker to inject Malware on to a PC. Try to install the latest version of the application and run a McAfee scan to see if it detects again. If everything is clean you will see "No Issues detected" message from McAfee.

     

    If the file/App still gets detected as a Malware and you know that it is by mistake then consider submitting a sample here

    Special Instructions are available if you are a developer and you own the file/App detected by McAfee.

     

    Step 4 - Making sure that Malware is gone

     

    The final step is to confirm that the detected file/App is removed from your PC completely. McAfee does this for you as soon as you click the "Delete" button however there are chances that the file may be difficult to be removed. Try restarting the PC and attempt deleting the detection using McAfee UI

     

    Open McAfee UI > Click Navigation at the top right > Scroll down until you see "Quarantined Items" > Select the detected file > Click Delete button

    For the new Blue Interface - Open McAfee UI > Click on Settings Cog wheel at the top right > Select "Quarantined Items"  > Select the detection > Click Delete button

     

    If you're still having trouble deleting the Detection, immediately contact Support following the link https://service.mcafee.com and a Tech Support representative will assist you.