cancel
Showing results for 
Search instead for 
Did you mean: 
Sebstar
Level 7

Hinder McAfee putting a file under quarantine

Jump to solution

Aloha,

since the last update I've got the following problem:

My Security Center identifies a trojan (generic dropper!bpi) in a file (ragnawatch2.exe). But there is no trojan in this file.

So, Security Center puts it under quarantine. When I deactivate the Virusscan, I can restore the file but after reactivating the Scan, it's putted under qurantine again immediatly.

I tried to allow this file to use all incoming and outgoing internet connections, but Security Center deletes this settings when putting it back under quarantine.

I contacted the customer support and it told me to send in the file to the WebImmune labs.

The conclusion of the analysis is, that the file contains a trojan and can be deleted by Virusscan.

So, is there any way to hinder Security Center putting this file under quarantine?

Nachricht geändert durch Sebstar on 16.01.10 04:45:58 CST

Message was edited by: Samantha Price - please don't attach samples to this community even if you strongly believe them to be a false detection. Thanks. on 1/16/10 5:59:48 AM CST
0 Kudos
1 Solution

Accepted Solutions
exbrit
Level 21

Re: Hinder McAfee putting a file under quarantine

Jump to solution

I don't think he can do the exclusion as the home products can only ignore a file if it's identified as a PUP, something we have been asking to see improvements on for years.

0 Kudos
13 Replies
exbrit
Level 21

Re: Hinder McAfee putting a file under quarantine

Jump to solution

See this thread on what to do: http://community.mcafee.com/message/6645#6645

0 Kudos
Sebstar
Level 7

Re: Hinder McAfee putting a file under quarantine

Jump to solution

Sorry, but this doesn't help me.

I already sent the file to webimmune labs and the analysis doesn't helped me.

And the file isn't marked as "Artemis".

0 Kudos
exbrit
Level 21

Re: Hinder McAfee putting a file under quarantine

Jump to solution

Read it again, it isn't just for those labelled Artemis.   How did you submit the sample?   Did you get an emailed response saying it was an infection, if so did you reply disputing the findings?

Try submitting it using the email method and the header FALSE.

0 Kudos
Sebstar
Level 7

Re: Hinder McAfee putting a file under quarantine

Jump to solution

Ok, I sent the name of the virus with "false" to the mailadress.

The response told me, to send in the file to webimmune labs (what I already did before).

The analysis of the file has come to the same result:

The file is infected with a trojan (generic dropper!bpi) and can be deleted with Virusscan.

0 Kudos
exbrit
Level 21

Re: Hinder McAfee putting a file under quarantine

Jump to solution

Then reply immediately disputing their findings.  Make sure the header stays as they sent to you.

0 Kudos
SeanMc98
Level 9

Re: Hinder McAfee putting a file under quarantine

Jump to solution

Disputing such findings can be time-consuming and frustrating (... been there and have done that ).  What the original posting makes a strong case for is "whitelisting".  This has been mentioned before, discussed to some extent, pled to the developers and the only thing close to a "whitelist" is the trusting of PUP's ("Potentially Unwanted Programs").

The end user (customer) is the ultimate decision maker as to keeping, quarantining or removing anything on their PC.  Every once in a while, some new product or (especially) a game comes out, and the installed Anti-virus kicks out "Trojan" or worse, quarantining the offending programs or files.  As a result, the user must attempt a restore, only to have the AV repeat the process.  The end-effect is the new software or game is either rendered unusable while an authority reviews the offending program or file, or the user must deactivate the AV to use the product or game.  Neither of these recourses are particularly desirable, and absent a "whitelist" capability, the AV deactivation renders the entire PC exposed to mischief (or worse).

There is nothing inherently wrong with any Anti-virus/anti-spyware/anti-malware/anti-anything detecting a potential (or real) problem, and advising the user as to a suggested course of action.  A whitelist capability allows the ability to override (for good or bad) the recommendations.

As for the OP's specific problem, do keep sending it back.

0 Kudos
exbrit
Level 21

Re: Hinder McAfee putting a file under quarantine

Jump to solution

I've found that it can be frustrating but eventually works as a rule.  It took them 4 days to send me an extra.dat the last time it happened.

0 Kudos
Sebstar
Level 7

Re: Hinder McAfee putting a file under quarantine

Jump to solution

So,

almost 14 days are gone and nothing happend.

I send the file to McAfee and they still give me the information, that it contains the trojan.

You were right, it's very frustrating.

0 Kudos
exbrit
Level 21

Re: Hinder McAfee putting a file under quarantine

Jump to solution

Did you submit via email and then, when they responded, replied to that email disputing their findings?

0 Kudos