cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
asas54
Level 7

False positive: Official Steam client file detected as crypt ransomware file

I have installed Steam client from official steam website, and whenever I start the client program, McAfee VSE Access Protection detects a file as a ransomware with this log:

"Blocked by Access Protection rule  (Windows Account Name) C:\PROGRAM FILES (X86)\STEAM\STEAM.EXE C:\PROGRAM FILES (X86)\STEAM\LIBX264-142.DLL.CRYPT User-defined Rules:Ransomware:Block .crypt Action blocked : Create"

Steam Client log with bootstrap_log.txt shows this error: "BCommitUpdatedFiles: failed to rename package\tmp\.\libx264-142.dll.crypt_ -> ./libx264-142.dll.crypt (error 32)"

I have sent an email to Virus_Research@avertlabs.com with the file, and it says there is no malicious behaviour.  (Analysis ID: 10505966)

I have also uploaded on Virustotal to check whether it is malicious or not, and 0/59 is detected as malicious.

Here is a link from VirusTotal with the results: https://www.virustotal.com/en/file/d443b012167fe7698aa5bdf2cc6857c519efbe355e3b363c9696716a4f0d2b7b/...

If this file is not judged as a malicious file and if any mcafee staff is reading this, can I please request to make sure that this file is not blocked by McAfee VSE as a Ransomware?

It would be a pleasure if this issue is being escalated and reviewed by McAfee staff.

Thank you for your cooperation.

Problem Solved: I have deleted all files in the C:\Program Files (x86)\Steam\package\tmp, and steam program is executed properly. Although it would be much more appreciated if any of the McAfee staff have helped me with solving this problem rather than finding the solution by my self.

0 Kudos