Virustotal is reporting TrendMicro-HouseCall TROJ_GEN.RCBH1ES13. TrendMicro does not report anything.
Analysis ID: 7575417
This file is our remote support file. It allows us to remotely support a remote computer. We cannot get into the remote computer unless the file is run.
This file is usually on our website but has been taken down due to what we believe is a false positive. I have scanned each individual file that gets installed and all come up clean in virustotal but as a whole the help.exe file is coming up with TROJ_GEN.RCBH1ES13.
Thank you for your attention to this matter.
The file installs the following files:
All the above individual files come up clean.
TROJ_GEN.RCBH1ES13 : That's what Trend Micro call it : McAfee will have a different name for it (An Artemis detection, presumably). Yes, I see it on a couple of VirusTotal reports but those aren't for your product. And this is the Artemis section but you haven't provided the Artemis detection number.
We need the Artemis code and preferably a link to the VirusTotal page that detects this.
How to report an Artemis false positive : see https://community.mcafee.com/docs/DOC-1265
Thank you for responding.
You are right. Sorry. I put down the wrong response for Mcafee. It is RDN/Pinkslipbot.as!a for both Mcafee and McAfee-GW-Edition.
Here is the totalvirus page:
Please let me know if there is anything else you need.
Submit the file as per
When you get a reply (it is automatic) change the subject to false+ve and name of detection and say why it is a fal;se +ve and send that back. Note the analysis id here.
As this is not an artemis detection will move this to the general malware area
Thank you so much.
I am also working with Mcafee to get this taken care of.
My only other question is there a way to whitelist a program? It really causes a lot of problems when a file on your website is detected as a false postive.
I have now gotten the file code signed so the signature would be different then the one above. Is there a way to present this file so it does not get flagged as a virus again?
You could whitelist a program its possible..
KB66642: How to submit your company software or images to McAfee Labs to be considered for validation against McAfee DAT files, to avoid false positives
KB67411: How to submit a possible false or incorrectly classified sample file to McAfee Labs
KB67356: How to submit a McAfee Detection Dispute
Subject line must say
Prefix the email subject line with the word FALSE. For example:
FALSE: In-house file being detected by McAfee
you could also add NOAUTO to prevent an automatic reply