cancel
Showing results for 
Search instead for 
Did you mean: 
Bezian
Level 7

False Positive - program running for years now has key xls file quarantined

I have been running and using a program since 2005 - NetObjects Fusion. Although the program has been updated several times, one of the core files siteStyle.xls has remained unchanged.

A couple of months ago this file was identified as infected with JS/Exploit-Script Trojan.

I believe this is a false positive because whether the file is loaded from the original manufacturer's disk, a downloaded version of the installer or from the computer where it was originally installed the file is still quarantined.

Can anyone help with this issue?

Message was edited by: Samantha Price - removing sample please do not attach files which could be infected to your posts, even if you believe them to be false detections.  Thank you. on 5/5/10 5:19:15 AM CDT
0 Kudos
10 Replies
Dinz
Level 16

Re: False Positive - program running for years now has key xls file quarantined

Hi Bezian,

Sorry for the inconvenience caused. If a file exhibits unusual and possibly threatening behavior, Virus Scan uses Artemis technology to evaluate the threat of the unknown file . Plese let me know the following information so that we could proceed and restore or send the file to mcafee for further investigation .


What is the version of mcafee installed in the computer ? 2009 or 2010
What is the version of virus scan DAT ?
Please attach a screen shot of your security center .

Regards,
Dinesh K

0 Kudos
Bezian
Level 7

Re: False Positive - program running for years now has key xls file quarantined

The screen grab attached gives all the information requested.

0 Kudos
Bezian
Level 7

Re: False Positive - program running for years now has key xls file quarantined

Just to let you know. I typed the file name too quickly.

It should be an xsl file not xls!

0 Kudos
Dinz
Level 16

Re: False Positive - program running for years now has key xls file quarantined

Hi Bezian,

If mcafee finds any variant of that file to be malicious that’s wwhen to prevent damage to the computer , Virus scan quarantines the file. If your programs is legitimate and from a trusted source we could restore the file or send it to mcafee labs for futher investigations .

Please find the steps for the above mentioned options . Do report back for any further assistance on this.

Moving thread to virus scan 13 - 2009


Regards,
Dinesh K

on 4/6/10 10:57:35 AM GMT-06:00

on 4/6/10 10:58:18 AM GMT-06:00
0 Kudos
Bezian
Level 7

Re: False Positive - program running for years now has key xls file quarantined

Hi Dinz

I have tried restoring the file but McAfee simply quarantines it again when I try to copy it to its rightful place.

The sequence of events is as follows:

Restore file (see screen grab)

Each time the file is restored it is reidentified as infected (though it is not!) and quarantined (see screen grab)

Program won't run without this file

How do I get McAfee to ignore this file when it is scanning?

Or should I just give up and install different antivirus software?

Have lost over a week's worth of work so far.

I have sent a copy of the file to McAfee but that was when I first contacted this forum.

0 Kudos
exbrit
Level 21

Re: False Positive - program running for years now has key xls file quarantined

Moved to Artemis discussions so the Webimmune people will see it also.

Meanwhile take a look at this "sticky" I made about this type of detection and how to deal with it.

http://community.mcafee.com/thread/2016

0 Kudos
Bezian
Level 7

Re: False Positive - program running for years now has key xls file quarantined

OK

That's done. File zipped up and sent to avertlabs.com

Received an acknowledgement promptly with the promise of an e-mail response after a "thorough review" by McAfee Labs.

So far so good.

Thanks.

0 Kudos
exbrit
Level 21

Re: False Positive - program running for years now has key xls file quarantined

Good luck.

0 Kudos
edgemedia
Level 7

Re: False Positive - program running for years now has key xls file quarantined

Hi Bezian, I have exactly the same problem (see thread "A simple workaround?"). Have been waiting for a response from McAfee. Pls post how/if you get a resolution. Thx.

0 Kudos