Showing results for 
Search instead for 
Did you mean: 
Level 7

Stinger md5 blacklist

I'm trying to get the Stinger md5 blacklist to work but every attempt has failed.  Here is what I have discovered so far as requirements for the feature:

MD5 must be of an executable binary (exe, dll, sys, etc)

File must not be whitelisted by McAfee to be detected

Files that are digitally signed using a valid certificate will not be detected

Obviously the file must be scanned with the current configuration settings

I've tried both upper and lowercase MD5 hash values (adds both to the list which is strange) but still no luck.  I also tried inputting the hash via both the Hash button and the Load hash List button. I've tried with a custom executable I made but would not flag for detection. I've tried this with a new malware sample that was not signed and had no current McAfee detection but still wouldn't flag off md5.  I also tried different versions of Stinger and still no luck.  Based on the documentation this should be pretty straight forward but for some reason will not work for me. If someone could help look into this I'd appreciate it.

0 Kudos
4 Replies
Level 21

Re: Stinger md5 blacklist

Moved to Other McAfee Corporate Products as hopefully a good spot for it.


Volunteer Moderator

0 Kudos
Level 13

Re: Stinger md5 blacklist

Sorry about the late response - saw this post only now.

Can you post the Stinger scan.log to this thread so that I can review it.



0 Kudos
Level 7

Re: Stinger md5 blacklist

I am experiencing this same problem.  I pointed the scanner at a specific folder with an exe in it.  I used the Microsoft File Checksum Integrity Verifier to grab the MD5 hash, added it to the blacklist in stinger, and ran the scan.  It does not identify the file.

Any help is appreciated.


Here is the log:

McAfee® Labs Stinger™ Version built on Jul 28 2015 at 13:22:32
Copyright© 2015, McAfee, Inc. All Rights Reserved.

AV Engine version v5800.7484 for Windows.
Virus data file v1000.0 created on Jul 28, 2015
Ready to scan for 6952 viruses, trojans and variants.

Custom scan initiated on Wednesday, July 29, 2015 09:56:49

C:\PSTools\Microsoft File Checksum Integrity Verifier\fciv.exe
C:\PSTools\Microsoft File Checksum Integrity Verifier\ReadMe.txt

Summary Report on C:\PSTools\Microsoft File Checksum Integrity Verifier
TotalFiles:............ 2
Clean:................. 2
Not Scanned:........... 0
Possibly Infected:..... 0

Time: 00:00:00

Scan completed on Wednesday, July 29, 2015 09:56:49

0 Kudos
Level 13

Re: Stinger md5 blacklist

Hmm.. looking at the log file, its scanned fciv.exe (which is a legit signed file) and the readme.txt file (which is a non exe file).

Both won't get detected. What is the actual file you're trying to get detected? Got a file hash or sample for me to test with?

0 Kudos