cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

False positives during virus scan

Jump to solution

We are currently using the following product:

Product Name
                                        McAfee GroupShield for Exchange

Product Version
                                        7.0.716.103

                                   
                                   
                                        Service Pack
                                        SP1

Hotfixes
                                        None

Buffer Overflow Protection
                                        Not Enabled


We are a company developing applications using hta files. Everytime we need to send an hta file to one of our customers it is marked as a virus. Also when we pack it into a zip file the .hta file is remove from the zip fileand replaced with the following text file: 0_Warning.txt:

ANTI-VIRUS DETECTION ALERT

The anti-virus scanner was triggered by this file.  The file was not cleaned and has been removed.
Context: '_test.zip\_test\check-xml.hta'
Detection(s): 'New Malware!hta (trojan)'
See your system administrator for further information. Copyright 1999-2008 McAfee, Inc.All Rights Reserved.http://www.mcafee.com

Is there any way we can tell groupshield to ONLY detect known viruses and not false positives because of the file extension. I also would like to remain scanning all hta files for known viruses

I already modified the policy not to find "Find unknown file viruses" and "Frind unknown macro viruses"

1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: False positives during virus scan

Jump to solution

here are a couple of options to get the file through without detecting the file.

Option 1:

open gse gui and go to policy manager\on-access

Select anti-virus scanner

in the options section select edit

Select the advanced tab

Select the checkbox that says "Specific detection names:"

In the text box put in New Malware!hta  and click add

     ---- if that doesn't work you may have to put in the name we have in the virus library

     'New Malware.ae'

     also if you need to you can use wildcards (*) and (?) are the two wildcards that we allow.

click save

In "Action to take:" section select edit

select "Custom Malware" tab

for the action set it to allow through

if you want to log it select that as well.

what this will do is anytime that virus name is seen by the engine it will allow that hta file through.  groupshield will still scan all hta files for other viruses.

Option 2

password protect the zip file that you are sending the hta file in.

I just have to put in that option 2 would be the preferred method to use.

Message was edited by: tlange on 5/6/10 11:52:41 AM CDT

Message was edited by: tlange on 5/6/10 11:55:23 AM CDT

View solution in original post

2 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: False positives during virus scan

Jump to solution

here are a couple of options to get the file through without detecting the file.

Option 1:

open gse gui and go to policy manager\on-access

Select anti-virus scanner

in the options section select edit

Select the advanced tab

Select the checkbox that says "Specific detection names:"

In the text box put in New Malware!hta  and click add

     ---- if that doesn't work you may have to put in the name we have in the virus library

     'New Malware.ae'

     also if you need to you can use wildcards (*) and (?) are the two wildcards that we allow.

click save

In "Action to take:" section select edit

select "Custom Malware" tab

for the action set it to allow through

if you want to log it select that as well.

what this will do is anytime that virus name is seen by the engine it will allow that hta file through.  groupshield will still scan all hta files for other viruses.

Option 2

password protect the zip file that you are sending the hta file in.

I just have to put in that option 2 would be the preferred method to use.

Message was edited by: tlange on 5/6/10 11:52:41 AM CDT

Message was edited by: tlange on 5/6/10 11:55:23 AM CDT

View solution in original post

Re: False positives during virus scan

Jump to solution

Option 1 worked perfectly for me using the exact name in the detection.

Thank you very much.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community