Customers are complaining about your antivirus engine detecting our software as a virus.
I have sent in the sample several times following your false positive reporting procedure but only seem to get a "current detection" finding and no further review. How is anyone supposed to submit a false positive? we have e-mailed Virus_Research@avertlabs.com and Virus_Research@mcafee.com with False at the beginning of the subject line. We have also submitted our sample via your webimmune.net interface. But to no avail you seem to treat the sample as a non detection issue? Am I doing somthing wrong or is the sample actually being reviewed further?
The sample was emailed from our support AT s8onpc DOT com address and I have attached the false positive here just in case.
Your email munged for your own protection & attachment removed per forum rules - Moderator.
Whether or not it was an Artemis detection I moved this to Malware Discussion >> Artemis on purpose to catch the attention of that particular department, hopefully.
The second email address is not correct - Virus_Research@avertlabs.com is. False findings or any other samples must be zipped (using the basic zipping level - some compression clients offer varying degrees) and password protected using the password 'infected' minus the ''.
I put up a post to help with that here: https://community.mcafee.com/thread/2016
What you could also do if you followed all that and still haven't heard is use the 'GetSusp' tool here as it has a quick submission tab and you don't even have to worry about passwording it: https://community.mcafee.com/docs/DOC-2168 or here (join that group) https://community.mcafee.com/groups/getsusp30-beta-feedback
Message was edited by: Ex_Brit on 13/09/11 9:09:40 EDT AM
Thanks for the help and e-mail munging! That e-mail address is listed on our homepage though so our spamassassin is gainfully employed. I feel better about waiting now that im sure my paper stack will make it to the right box.
oops and now I see this announcement...
By the way, it's not a good idea to display a clickable email address anywhere in public as spambots will invariably pick them up. Of course the Labs don't care about that I guess.
Did you get an analysis ID from us when you sent the file in? If so please can you let us know what it is?
SamMessage was edited by: SamSwift - edited my horrendous spelling on 13/09/11 14:13:09 IST
Thanks for letting us know the Analysis ID. The file submitted has been escalated to the research team for further review and we will let you know of any updates.
We confirmed a false detection in the file you submitted and I'm going to send you a negative extra.dat via e-mail for detection suppression.