I'm trying to get the Stinger md5 blacklist to work but every attempt has failed. Here is what I have discovered so far as requirements for the feature:
MD5 must be of an executable binary (exe, dll, sys, etc)
File must not be whitelisted by McAfee to be detected
Files that are digitally signed using a valid certificate will not be detected
Obviously the file must be scanned with the current configuration settings
I've tried both upper and lowercase MD5 hash values (adds both to the list which is strange) but still no luck. I also tried inputting the hash via both the Hash button and the Load hash List button. I've tried with a custom executable I made but would not flag for detection. I've tried this with a new malware sample that was not signed and had no current McAfee detection but still wouldn't flag off md5. I also tried different versions of Stinger and still no luck. Based on the documentation this should be pretty straight forward but for some reason will not work for me. If someone could help look into this I'd appreciate it.
I am experiencing this same problem. I pointed the scanner at a specific folder with an exe in it. I used the Microsoft File Checksum Integrity Verifier to grab the MD5 hash, added it to the blacklist in stinger, and ran the scan. It does not identify the file.
Any help is appreciated.
Here is the log:
McAfee® Labs Stinger™ Version 22.214.171.1247 built on Jul 28 2015 at 13:22:32
Copyright© 2015, McAfee, Inc. All Rights Reserved.
AV Engine version v5800.7484 for Windows.
Virus data file v1000.0 created on Jul 28, 2015
Ready to scan for 6952 viruses, trojans and variants.
Custom scan initiated on Wednesday, July 29, 2015 09:56:49
C:\PSTools\Microsoft File Checksum Integrity Verifier\fciv.exe
C:\PSTools\Microsoft File Checksum Integrity Verifier\ReadMe.txt
Summary Report on C:\PSTools\Microsoft File Checksum Integrity Verifier
Not Scanned:........... 0
Possibly Infected:..... 0
Scan completed on Wednesday, July 29, 2015 09:56:49
Hmm.. looking at the log file, its scanned fciv.exe (which is a legit signed file) and the readme.txt file (which is a non exe file).
Both won't get detected. What is the actual file you're trying to get detected? Got a file hash or sample for me to test with?