cancel
Showing results for 
Search instead for 
Did you mean: 

BehavesLike.Win32.XXX, False positives

Hello,

All our software (~400-500 binaries) seem to still being flagged by McAfee-GW-Edition, I believe this is Web Gateway product? This has been the case since few months now, but now there are more new detection names. and we're not getting any feedback after submitting files for review as instructed.

Some samples:

BehavesLike.Win32.Expiro.rc

https://www.virustotal.com/en/file/37de93816c38a065027c817833bc9f92d1e42df58ebac5f53f1caa667a1811d0/...

BehavesLike.Win32.Suspicious.rc

https://www.virustotal.com/en/file/646a2b2ea0748f11ad3fbf6f42b73246af6283ba36216009dabbb456ea7afbe2/...

BehavesLike.Win32.BadFile.rc

https://www.virustotal.com/en/file/31f0a9813bc279ccde2284b1192f281d77e354b83433766e74519bbba5437f3b/...

Can someone shed some light on how to resolve this false positive, and possibly apply for the whitelisting program to avoid getting software blocked?

21 Replies
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 2 of 22

Re: BehavesLike.Win32.XXX, False positives

,

                     There are different methods of submitting False Positives/Suspected Malware. Utilizing your 'Support Portal' being the best. I see nothing that indicates you are subscribed to a Corporate/Enterprise Product? Did you attempt submitting by this Method? McAfee KnowledgeBase - How to submit samples to McAfee Labs for suspected malware detection failure ...

Or....Detection Dispute Submission | McAfee Labs

Regards,

CD

Cliff
McAfee Volunteer

Re: BehavesLike.Win32.XXX, False positives

Hello catdaddy!

No we are not subscribers to corporate/enterprise product, I apologize if this post is in the wrong category. Yes we submitted past few months to virus_research@avertlabs.com/virus_research_gateway@avertlabs.com by different people

Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 4 of 22

Re: BehavesLike.Win32.XXX, False positives

,

                I am a Volunteer Moderator from the Consumer Side of the equation. Perhaps try submitting by the second link I inserted.And see if you receive better results. During the interim, I will contact someone on your behalf to better assist you.

                Also there is a chance someone from the 'Corporate' side will add to the discussion.

Regards,

CD

Cliff
McAfee Volunteer
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 5 of 22

Re: BehavesLike.Win32.XXX, False positives

Are they being detected by a REAL MWG, or only by virustotal?

It's quite possible that the Virustotal MWG is set to ultra-conservative settings which are not seen in the wild.

Re: BehavesLike.Win32.XXX, False positives

No, could not reproduce on MWG. Can someone with GW help and test/confirm if its being blocked?

Thank you

Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 7 of 22

Re: BehavesLike.Win32.XXX, False positives

,

                     David is from McAfee Labs, please follow his suggestions.

Regards,

CD

Cliff
McAfee Volunteer
McAfee Employee dmeier
McAfee Employee
Report Inappropriate Content
Message 8 of 22

Re: BehavesLike.Win32.XXX, False positives

This will be out of process, but I want to help.  Can you arrange to upload all the binaries to an FTP site of my choosing?  If so, l'll PM you the link.  From there, I'll see what can be done to white list them for MGW.  This will be a one time deal, and all other future requests will need to follow process.

- David

Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 9 of 22

Re: BehavesLike.Win32.XXX, False positives

Thank you again David

All the Best,

CD

Cliff
McAfee Volunteer
Highlighted

Re: BehavesLike.Win32.XXX, False positives

Hi David,

Any chance you can help me in a similiar way:

I'm having real trouble contacting your team through the regular channels.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community