I have been using the program DVD95Copy since 2006 with no problems from Mcafee this whole time until this weekend. I downloaded a routine periodic update to the program and for the first time McAfee keeps popping up saying that a file has been quarantined automatically. I have consulted online with experts on the program who have told me that the file is not a threat and their advice was to "whitelist" it (which McAfee will not allow me to do) or to add it to the trusted file list (which McAfee will also not let me do.) If I go to the quarantine list and select the quarantined file and attempt to restore the file, it will restore the file but then about 5-10 minutes later, I get another pop-up saying that McAfee has once again quarantined it whether I used the program or not. (I would imagine maybe real-time scanning is doing this?) This file is a vital part of the program and it will not work with this file absent from its proper location in the folder. This is very annoying. The file either needs to be re-classified as a non-threat, or I need to be able to add it as a trusted file so this wrongful quarantine stops, but McAfee will not allow me to. Please help.
P.S. - Just so we can save time, I have already also sent this as a false positive to the virus_research email address as recommended here:
I also posted this here as the other recommendation the page gives.
on 3/17/14 1:13:22 AM CDT
Ok did the submit work ie did you get an immediate reply back with an analysis id included if not you submitted it incorrectly.
If yes can you post the id number here and if you do not have a fix in 4 days post here and I will ping a lab tech to fix/investigate it.
I assume you replied to teh reply as Peter suggested with false +ve in the subject?Message was edited by: Peacekeeper on 17/03/14 4:47:24 PM
Thank you for the quick reply!
I received a delivery receipt but not a reply.
If I did it wrong, what should've been in the subject line and what (if anything) should've been in the body of the email??
You first submit the file zipped up with password infected.
That gets you a reply an automatic hey we found xyz and sending it off to be checked with this is an analysis id that I need.
You then reply to that email you got changing teh subject to False+ve and name of detection and say whay you feel it is a false detection. To this email you will not get any reply usually ill they sort it out.
I just sent another email with the file in question attached in a zip file. (I did not create a password for it, is this required for some reason?)
It has been about 15 minutes and I have once again received a delivery receipt but no reply.
I know that 15 minutes is not a long time but you are saying I should've received some kind of immediate reply, which I haven't.
What am I doing wrong??
For the initial first email, please tell me:
1. What EXACTLY should I put in the subject line?
2. What EXACTLY should be attached?
3. What EXACTLY should be in the body of the email? (If anything)
I am assuming that firstname.lastname@example.org is the correct email address since I'm getting an almost immediate delivery receipt.
Thanks again for all your help. My frustration is all with McAfee, not you. They make this harder than it has to be, it seems.
No you must do it as this faq says in the link in your original post
See....How to Submit a file to the Labs for analysis: http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx
Zip the file up after disabling Real time protection and password protect it with infected as teh password no other email will be opened by them.
I prefer waiting for the reply then sending the fasle detection in the subject email that works the other way will as well but I prefer suggesting adding false only to the reply email.
I used GetSusp to send the file to them, I got this reply back in my email just now:
Is this what you were asking for?
Thanks again for your guidance.
Subject: 8035144 - gsusp_04CA760097C7_031714_115841 False Artemis!AEAAD6418270
McAfee Labs - Beaverton
Current Scan Engine Version:5600.1067
Current DAT Version:7379.0000
Thank you for your submission.
Analysis ID: 8035144
File Name Findings Detection Type Extra
files.xml |inconclusive | | |no
files.xsl |inconclusive | | |no
getsusp.log |inconclusive | | |no
getsusp.xml |inconclusive | | |no
getsusp.xsl |inconclusive | | |no
mcafee-product.txt |inconclusive | | |no
network.xml |inconclusive | | |no
network.xsl |inconclusive | | |no
upddl.ex_ |inconclusive | | |no
inconclusive [files.xml files.xsl getsusp.log getsusp.xml getsusp.xsl mcafee-product.txt
network.xml network.xsl upddl.ex_]
Automated analysis was not able to determine that this file is malware. This file is
being sent for further processing and the DAT files will potentially be updated if
detection of this sample is warranted.
Due to the prevalence of network gateway AV products, it is important that all
submissions be zipped and the zip file password-protected (password - infected). Some
products will reject an email that contains a virus that is not sent in this way. In
addition, often we receive a file that appears not to have been infected, to find
later that the file was infected when it left the sender, and was cleaned somewhere
along the line.