I posted a question in this forum but it was was moved here: https://community.mcafee.com/thread/48570?tstart=0, I don't think it is relevant there and the funny thing is, they wrote: Moved provisionally from Home to Business > Web Gateway for better attention but I don't get any attention there and this matter becomes really urgent. I'm posting it again here and I hope this time it will be dealt correctly:
I'm developing an application and I use VirusTotal to make sure to avoid false positives. All are good except one which comes from McAfee-GW-Edition (even Mcafee itself is OK) and the virus is: Heuristic.BehavesLike.Win32.Suspicious-BAY.O .
I sent a sample file twice so you can check it and I got an email back saying it was inconclusive and you will let me know what's going on. I never got another email back (twice) and the problem persists. How can this be solved already?
It was for a reason and it wasn't the wrong location.
The original product was SecureWeb which was bought out by McAfee. It's a Corporate product and as such I moved the thread to the spot where all questions about GW Edition usually go and where I assumed you would get a better response.
When you get that inconclusive type response, respond to the email and add the word FALSE in front of their header.
The only other conceivable spot for this would be the Artemis Discussion if the detections we prefixed as such, were they?
Home and Home Office is most surely the wrong location.
Message was edited by: Ex_Brit on 16/09/12 8:33:06 EDT AM
Thank you for your response.
For both emails I put FALSE in the subject and zipped the file with a password and followed all the other instructions. In the response I saw this:
Automated analysis was not able to determine that this file is malware. This file is
being sent for further processing and the DAT files will potentially be updated if
detection of this sample is warranted.
"...being sent for further processing..." - in no way I was told to make any action. Bottom line: I already sent an email to firstname.lastname@example.org instead of Virus_Research@avertlabs.com so I hope this time it will be handled, though so far I didn't receive any reply but I'm waiting.
Well you seem to have done all the right things. I do know the labs are very busy and take a while to respond when manually checking something.
When the first detection was made did it label it as Artemis by any chance?
OK thanks. Well I guess it's a question of waiting now. Maybe on Monday someone experienced in that product will spot that thread and suggest something.Message was edited by: Ex_Brit on 16/09/12 10:25:04 EDT AM