An installer .msi file for one of our products is being flagged as infected with ZeroAccess!cfg. I suspect this is a false positive, based on VirusTotal results:
I have tried to email a sample of this file to **personal information omitted**, however, all of my attempts have been returned as undeliverable due to Local Policy Violation, though I believe I have followed the correct steps. I am looking for assistance in getting this reviewed.
Hi @ni_sec ,
Please open a ticket with McAfee Support with the following details.
1) Submit the sample by following the instructions in the link below.
2) Upload "OnAccessScan_Activity.log" from the following location.
3) Mention if the file is part of in-house application or 3rd Party (If 3rd Party Name the vendor)
@Pravas I have followed the steps in KB68030, but have encountered several issues:
1) I don't have a grant number, which is required to open a service ticket. The customer who is reporting this to me also does not have a grant number as they are using this McAfee tool:
2) I have tried to submit the sample via email to virus_research_at_avertlabs_com, however, when I attach the sample in a zip file, per the instructions, I get a response that my email is undeliverable due to Local Policy Violation.
Hi @ni_sec ,
Unfortunately we cannot analyze without a sample. We only receive submission through channels mentioned in KB68030.
If customer doesn't have grant no. then please reach customer care on the support no. mentioned in the link below.
Meanwhile if you trust the file, please add a File/Folder exclusion instead. The following guide should help.