cancel
Showing results for 
Search instead for 
Did you mean: 

addthis_widget[1].js FALSE POSITIVE?

Jump to solution
I believe McAfee's DAT may contain some new signatures that are false positives. The name of the affected file is addthis_widget[1].js, and it's commonly located in the IE temp directory at a file path like this: C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U7B3RTK\addthis_widget[1].js It most commonly has an MD5 hash of 11b5e855383d6755246a11eab8883423, though I have seen this same file name with another hash. I've attached several sample alerts for your review. (More details on each threat alert can be viewed under the respective machine in the system tree > "Threat Events" tab). When I search for this hash on Internet reputation tools, it comes back with a clean verdict. I was also able to find a sandbox report for addthis_widget[1].js with a different hash, and that sandbox report came back clean. Please see these resources: VirusTotal: https://www.virustotal.com/#/file/701dc658f63a8a57becb0f72fdb19df1b74b26111df83ec9dbc298d4a74efc15/d... Sandbox Analysis: https://www.joesandbox.com/analysis/82874/0/pdf Since we are seeing so many users infected in our environment, I'm wondering if this may be a false positive. All the information I've been able to find on this indicates that if it's not clean, it may be adware. However, I also reached out to an affected user to inquire about pop-ups, browser redirects, etc., and she indicated IE was functioning normally. In addition, I've reviewed all outbound traffic on several affected systems and did not find them to be communicating with malicious IP addresses, as you'd commonly expect when observing malware. If I can provide any additional context or information on my analysis, please let me know! Thank you
1 Solution

Accepted Solutions
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: addthis_widget[1].js FALSE POSITIVE?

Jump to solution

@jkoleske Over the weekend, a false positive detection for "JS/Faceliker.ag" was discovered. This has now been resolved with DAT 9039/3490. Since you did not provide the detection information for the file you're referencing, I'm unable to confirm whether what you're describing is related.

Ensure that your systems have updated their DAT to version 9039/3490 or higher. If detentions are still occurring, see KB85567 for steps on submitting a sample for analysis.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

1 Reply
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: addthis_widget[1].js FALSE POSITIVE?

Jump to solution

@jkoleske Over the weekend, a false positive detection for "JS/Faceliker.ag" was discovered. This has now been resolved with DAT 9039/3490. Since you did not provide the detection information for the file you're referencing, I'm unable to confirm whether what you're describing is related.

Ensure that your systems have updated their DAT to version 9039/3490 or higher. If detentions are still occurring, see KB85567 for steps on submitting a sample for analysis.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community