cancel
Showing results for 
Search instead for 
Did you mean: 
g.brown
Level 7

False Positive issues

Customers are complaining about your antivirus engine detecting our software as a virus.

I have sent in the sample several times following your false positive reporting procedure but only seem to get a "current detection" finding and no further review.  How is anyone supposed to submit a false positive?  we have e-mailed Virus_Research@avertlabs.com and Virus_Research@mcafee.com with False at the beginning of the subject line.  We have also submitted our sample via your webimmune.net interface.  But to no avail you seem to treat the sample as a non detection issue?  Am I doing somthing wrong or is the sample actually being reviewed further?

The sample was emailed from our support AT s8onpc DOT com address and I have attached the false positive here just in case.

Your email munged for your own protection & attachment removed per forum rules - Moderator.

Message was edited by: Ex_Brit on 13/09/11 9:09:02 EDT AM
0 Kudos
11 Replies
exbrit
Level 21

Re: False Positive issues

Whether or not it was an Artemis detection I moved this to Malware Discussion >> Artemis on purpose to catch the attention of that particular department, hopefully.

The second email address is not correct - Virus_Research@avertlabs.com is.  False findings or any other samples must be zipped (using the basic zipping level - some compression clients offer varying degrees) and password protected using the password 'infected' minus the ''.

I put up a post to help with that here:  https://community.mcafee.com/thread/2016

What you could also do if you followed all that and still haven't heard is use the 'GetSusp' tool here as it has a quick submission tab and you don't even have to worry about passwording it:  https://community.mcafee.com/docs/DOC-2168 or here (join that group) https://community.mcafee.com/groups/getsusp30-beta-feedback

Capture.JPG





Message was edited by: Ex_Brit on 13/09/11 9:09:40 EDT AM
0 Kudos
g.brown
Level 7

Re: False Positive issues

Thanks for the help and e-mail munging!  That e-mail address is listed on our homepage though so our spamassassin is gainfully employed.  I feel better about waiting now that im sure my paper stack will make it to the right box.

oops and now I see this announcement...

Announcement: ****Please do not attach samples to your posts****

Message was edited by: g.brown on 9/13/11 7:51:58 AM CDT
0 Kudos
exbrit
Level 21

Re: False Positive issues

I missed it too, ooops.  Attachment removed.

Someone may ask you for it but they'll use another method.   Asuming they'll answer here...I hope.

0 Kudos
exbrit
Level 21

Re: False Positive issues

By the way, it's not a good idea to display a clickable email address anywhere in public as spambots will invariably pick them up.  Of course the Labs don't care about that I guess.

On your website you should use javascript to conceal it under an 'Email Us' button for example.

Message was edited by: Ex_Brit on 13/09/11 9:55:38 EDT AM
0 Kudos
SamSwift
Level 12

Re: False Positive issues

Hi,

Did you get an analysis ID from us when you sent the file in? If so please can you let us know what it is?

Thanks,

Sam

Message was edited by: SamSwift - edited my horrendous spelling on 13/09/11 14:13:09 IST
0 Kudos
g.brown
Level 7

Re: False Positive issues

Yes it was 6732421

0 Kudos
exbrit
Level 21

Re: False Positive issues

Thank you Sam for speedily coming to the rescue.  All the best g.brown, you are in good hands ;-)

Message was edited by: Ex_Brit on 13/09/11 9:53:35 EDT AM
0 Kudos
pammirab
Level 11

Re: False Positive issues

Thanks for letting us know the Analysis ID. The file submitted has been escalated to the research team for further review and we will let you know of any updates.

Best Regards,

Patty

0 Kudos
pammirab
Level 11

Re: False Positive issues

Hi,

We confirmed a false detection in the file you submitted and I'm going to send you a negative extra.dat via e-mail for detection suppression.

Best Regards,

Patty

0 Kudos