cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
quicksnooker
Level 7
Report Inappropriate Content
Message 1 of 5
‎06-26-2019 03:45 AM

False Positive - and how damaging it is to a small developer

I am a software Author, based in the UK

WHERE .. definitively..  do I submit a false positive - and get a timely response.

I have spent 8 days going via consumer support and  Trustedsources.com to get my URL whitelisted (they stuffed it up the first time) - and now have waited another 4 for a reply from virus_research@avertlabs.com

Today I submitted to datasubmission@mcafee.com  and virus_research@mcafee.com - neither or which yielded any sort of reply or confirmation.

I cannot submit a false positive from within TotalProtection .. which is a glaring and stupid oversight - putting the process well beyond the reach of most consumers.

The McAfee experience has been - *by far* the very worst of all the vendors - and with their huge market share, and backending many 3rd party products and services - they can cause enormous damage to a legitimate small business - In fact ... as a direct result of McAfee's ineptitude I could well go under. I have lost customers, damaged my reputation, wasted hundreds of pounds on Adwords and lost all momentum there, my main target market is the UK - where Mcaffee bundle their antivirus product with BT Internet - thereby excluding millions of my potential customers.

I have hundreds of existing customers who can't accept my updates - some of whom have uninstalled their McAfee products in frustration - even when they restore items for quarantine - they are immediately re-quarantined. Most of my customers are not technical enough to start creating exclusions or firewall rules - amongst those that have tried - only frustration and failure has been reported. McAfe doesn't automatically prompt for firewall access life it should - it just outright blocks my connection with no prompt or warning.

EVERY other major vendor Microsoft, Avast, AVG, Kaspersky, Malwarebytes and even Norton had this  cleared within 24 hours - yet here I am 10 days later still fighting to find even where to submit my program to McAfee - The McAfee site and KB's are full of contradictions and out of date (10 year old) links URLs and addresses.

 

 

The URL in question is http://cloud.quicksnooker.com/qsLaunch3.exe

It is already whitelsited - and, given that it is an executable I naively thought that might involve actually checking the file - but apparently not !

The FALSE detections - on VirusTotal are :-

MCAfee - Artemis!D5A408E12CF2

and

McAfee-GW-Edition BehavesLike.Win32.VBObfus.cc

I understand that to an AI my *installer* might look like a Trojan - but these automated decisions need to be checked by actual people quickly after the 'death sentence' has been pronounced.

 

Saturdays Email - In case anyone here actually cares:-

KNOWN CLEAN FILE
 
Product: McAfee Total protection 16.0 R18
 
VirusScan Version 22.3 build 22.3.140
last update 22/02/19
 
I am the developer of the above - which has been submitted at it's distribution URL 
 
 
to trustedSources Ticket ID 1974173 , and reclassified  as a game  - on Friday 14th June yet STILL (22nd June)  is being quarantined by your consumer product(s) including that bundled with BT Internet - accounting for a significant fraction of the UK market.
 
Trusted sources have failed to remove the "malicious download" tag or the "high risk" .. it is neither of these things
 
I can provide source code if that is helpful - or there is a good summary of what the launcher does on virusTotal
 
QuickSnooker is a legitimate game - running for 19 years with 100,000+ installs and an impeccable track record 
 
This is extremely damaging to my business at a critical time - many of my existing customers are negatively impacted and cannot receive updates - several have uninstalled their McAfee products as a result - My installs are down over 50%
 
Virus total reports less than 9/70 - and you are at least two of the remaining false positives - please whitelist this file as soon as possible
 
 
Nick Axworthy
 
PS I am having to send via my ancient hotmail account - as (probably due to misclassification at trusted sources !) Gmail detects the contents as a virus - WHICH IT ISN'T

 

 

0 Kudos
Reply
4 Replies
Highlighted
quicksnooker
Level 7
Report Inappropriate Content
Message 2 of 5
‎06-27-2019 05:00 AM

Re: False Positive - and how damaging it is to a small developer

I have now been sent full circle by consumer support who have referred me back to sites@mcafee.com

from where I get an autoreply (at least that's SOMETHING) stating :-

Please note, there is no set turn-around time for requests submitted to this email address. For quicker turn-around, please submit URLs through Trusted Source Ticketing System with your comment at the following link. Requests submitted through your registered account will be processed within 3-5 business days while some requests may take longer.

I ALREADY SUBMITTED AT TRUSTED SOURCE  10 DAYS AGO - AND AGAIN (WHEN THEY SCREWED IT UP0 5 DAYS AFTER THAT

THIS IS NOT THE RIGHT DEPARTMENT - THE RIGHT DEPARTMENT DOES NOT RESPOND

I AM LOSING REVENUE AND LONGSTANDING CUSTOMERS EVERY DAY - SO ARE YOU, NOT THAT YOU CARE - SEE TRUSTPILOT

PLEASE ESCALATE THIS TICKET 2653387759  

 

 

0 Kudos
Reply
Highlighted
quicksnooker
Level 7
Report Inappropriate Content
Message 3 of 5
‎06-27-2019 05:36 AM

Re: False Positive - and how damaging it is to a small developer

Right .. progress .. and some actual customer service .. Charlie .. has got back to me and my URL is now marked 'safe to visit' and my .exe's MD5 is marked as clean in their DB

Still comes up bad on VirusTotal but I am advised to wait 2 hours .. which I will do.

 

 

0 Kudos
Reply
Highlighted
ninov_n
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 5
‎07-10-2019 04:15 AM

Re: False Positive - and how damaging it is to a small developer

Hello,

I understand your frustration and I see you came across lots of roadblocks.

I see from VirusTotal that most of the detections come from vendors which base their software only on behavioral analysis as Cyren for example. They do not care if your software shows a pony picture or encrypts your data - they just see "malicious" actions and block it.

Regarding mentioned links, I see both are with Minimal risk reputation and the executable is not detected by McAfee:

QuickSnooker.comQuickSnooker.com

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
0 Kudos
Reply
iStar
Level 9
Report Inappropriate Content
Message 5 of 5
‎07-19-2019 07:12 AM

Re: False Positive - and how damaging it is to a small developer

In McAfee's defence ive always found them to have quite a quick response to tickets raised in their https://www.trustedsource.org/en/home/

Best of luck going forward, ill check out the site

0 Kudos
Reply

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC