Due to the (Fact) I have taken every step possible to assist and get a resolution to your issue. And McAfee Labs has indeed found your software to be clean of any malicious content. I am marking this as *Correctly Answered* and locking.
If you have any further issues moving forward, Please start a new thread.
If you are unable to give us any technical details, just say so.
I just did...Please read. There is no sense in *Shooting the Messenger * if you will.
I also would assume that you are asking other Security Vendors these same questions?
Ok, you have done what is in your powers. I respect that.
What I hoped for was an answer like:
- Last week malware X was detected in the world and your application matched some of its behaviours
or
- Your application behaves such and such, that is suspicious even though It was signed.
or
- Make sure you do this and this and then it will probably be fine with all major AV solutions
Contacting every AV company out there individually and/or implement AV company specific steps in our production process is going to be a big hassle for every release of our software.
EDIT:
I also ask this to some other companies.
McAfee did score points with actually responding
Kaspersky was a bot, Avast no reaction
I am most knowledgeable in regards to McAfee Labs, as I work very closely with them on a daily basis. I am not privy to devulge their particular methodology/or policies in regards to their decisions. I am certain you can understand.
Please take a look at this (FAQ) and hopefully this will assist you in your future endeavors.
As I stated earlier, I have done all I can do. I have assisted in getting your detection suppressed, and escalated it earlier than following protocol which I should have. I now digress and will appropiately close this thread as it has been addressed.
Thank you
And all the BEST
CD
Thanks for the *Kudos*
We sincerely try.
I have unlocked this discussion as the Incident Response Coordinator wants to address your concerns. I hope you find his correspondence most *Helpful*..
"I'm sorry it's been such a bumpy path to resolution. The reason signing the files didn't solve the problem, is because we didn't trust your signature. (Because we didn't know about it, and it's a new signature, so it has no history to draw from) Signing something doesn't make it "good", as malware authors try to sign some of their files too. What it does, is allow us to review an application, and white-list it more broadly, more easily, once we have decided to trust it. It's an extra step for us to trust based upon the digital signature, but one that pays off in the end, for both sides.
This usually would be the responsibility of our white-listing team, so I'll pass the information over to them for review.
Signing the binaries is the first step, but in addition, when you are ready to release new software, you should submit it to us as well, so we can review/white-list before it's posted. This can further avoid some of the back and forth you've seen this time around. "
The white-listing program is outlined here:
McAfee Corporate KB - How to submit your company's software to be considered for validation against ...
And, if it's classified as a PUP, this process here:
Hope this helps, and I'll post back here when I get word back on trusting your digital signature. (it's not a given that we will trust it, it must be reviewed thoroughly, and takes some time)
- David
I've heard back from the white-listing team, and they indicate that there is a minimum threshold of 10 files to white-list based upon digsig. We have 7. Might you have other files that are signed with the same signature that we can add to the list to get this one for you?
- David
I can send you some signed files from my local development build.
Where can I upload?
We can give it a try, sure. I will PM you the link to upload.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA