A few of our members using McAfee have reported our software (Vagex.exe) being detected as a virus.
I had a look on Virustotal and it seems you are flagging our software as a "Generic.tfr!bb"
May I please request our software to be re-scanned?
I have attached the software, or you can download directly from here:
Also we have had reports that McAfee siteadvisor has put our website (vagex.com) in the red zone.
Can you please look into why this is happening?
Vagex AdminMessage was edited by: vagex on 12/17/11 3:27:08 AM CST
I moved this provisionally to Malware Discussions > Home User Assistance for better assistance although I'm not sure if it should be Corporate Assistance. If it's home users that are having the problems then this is the right spot.
False positives should be submitted to the labs for analysis, there is nothing we can do here.
For home users instructions are here: https://community.mcafee.com/thread/2016
Corporate users should follow the same procedures except temporarily disabling antivirus is different and you would have to ask Support if there are problems with that.
As far as your website http://vagex.com/ being marked red by SitAdvisor. Please start a new thread just for that problem here: https://community.mcafee.com/community/home/web_email/siteadvisor
Thanks for the fast reply.
I have submitted a thread in the siteadvisor discussions and also sent the software to the virus research email address.
They replied instantly with the following email:
McAfee Labs - Beaverton
Current Scan Engine Version:5400.1158
Current DAT Version:6563.0000
Thank you for your submission.
Analysis ID: 6827009
File Name Findings Detection Type Extra
vagex.exe |current detection |generic.tfr!bb |Trojan |no
current detection [vagex.exe]
The file submitted is malware that can be detected with curred DAT files. It is
recommended that you update your DAT and engine files and scan your computer again.
So I replied back with the word 'False' in the subject.
How long can I expect to receive a reply?
Right now they seem to be backlogged as I have a similar case almost a week old now. I'm bringing up the subject of these delays on our weekly conference call with McAfee on Monday.
The VirusTotal report shows that nine other AV vendors detect this exe file as suspect : it's not just McAfee. If the program incorporates the bot code contributed by one of the Blackhat SEO crowd (see the SiteAdvisor thread) then it may indeed be ever so slightly suspect. Blackhat SEO techniques do tend to err on the side of danger and excitement; if you have ever had dealings with these people before you will know what I mean. I would advise that you get hold of the code (if that is possible) and try to see what it is actually doing.
Thank you very much Ex_Brit.
Thank you for the response.
I'm not sure why there are so many AV vendors detecting the exe as suspect. There is no preconfigured bot code from any Blackhat website. It was coded from scratch.
I have also contacted other antivirus vendors about the false positives and they corrected it straight away.
I saw that BitDefender removed the false positive detection very promptly. McAfee may be slightly slower - unfortunately I can't give you a timeframe. There is (or was) a document explaining the whole process but all I got was a broken link when I tried to access it. I've asked to be notified of its current location, but for now all I got was the document summary (below).
Retesting downloads on a site takes up to five days after we ensure that McAfee can receive all downloads and can verify the status of the files with the McAfee Avert Labs Malware Research Team. If the dispute specifically concerns the actual detection status of a file, please submit the file to firstname.lastname@example.org
Edit - The thread that Ex_Brit pointed you towards (https://community.mcafee.com/thread/2016) has some extra detail about submitting files to Avert Labs.Message was edited by: Hayton on 19/12/11 04:46:23 GMT
It may be possible because they have developed such a source code that to eliminate any virus that have the same characteristics,but what happens here in the .exe code it detects as the same characteristics so this detects as virus.