cancel
Showing results for 
Search instead for 
Did you mean: 
okli
Level 7

Report for a false positive

Hi,

I have a couple of files, compiled from a source, which are incorrectly detected as a virus bu few antivirus vendors with McAfee amongs them.

I am struggling for a few weeks to contact McAfee and report for a false positive. Tried email, chat support and webimune.com sites. I keep getting reffered to either of those 3 in a loop.

Webimune service seems automated, it simply returns that the files are "current detection".

Email to Avert(r) Labs returns the same.

Chat support refers me to webimune.com.

Email support refers me to chat support.

I've sent similar report to other major antivirus vendors which were detecting those files with the same request and it was straightforward procedure with replies within a day,  confirmation it's a false positive and a note that signatures will be updated.

What would be the best procedure with McAfee? Does it really have to be that hard or I just cannot find the proper way?

0 Kudos
33 Replies
exbrit
Level 21

Re: Report for a false positive

Try the steps mentioned HERE.  I also moved this to Malware Discussions for quicker response.

0 Kudos
okli
Level 7

Re: Report for a false positive

It's not Arthemis detection...

I did try to resend the files to virus_research (at) avertlabs.com and reply to the auto response noting that it's a false positive but just got yet another auto response with the same scanning result.

I am attaching the files in question as well as their source code, password is 'infected'.

The files are used and in circulation for ages as per this thread:

http://www.msfn.org/board/topic/12566-solved-drivers-from-cd/

and suddenly a few months back several antivirus vendors started detecting it.

This affects a few helpful applications which make use of this setup.exe:

http://www.msfn.org/board/topic/120444-how-to-install-windows-from-usb-winsetupfromusb-with-gui/

http://www.msfn.org/board/topic/137714-install-xp-from-a-ram-loaded-iso-image/

I hope someone from McAfee would eventually have a look and take the appropriate action.

0 Kudos
exbrit
Level 21

Re: Report for a false positive

That link I gave isn't just for Artemis-identified items.  Perhaps one of their staff will answer this soon.

0 Kudos
okli
Level 7

Re: Report for a false positive

I have already followed what's not about Artemis.


1. Submitted the files to virus_research@avertlabs.com, replied to the auto response as well

2. Submitted the files to http://vil.nai.com/vil/submit-sample.aspx

3. Sumbitted the files to https://www.webimmune.net/default.asp

4. Had a chat with tech. support who referred me back to http://vil.nai.com/vil/submit-sample.aspx although I explained that had been done

5. Had a few emails with tech. support who referred me to chat, and few referred me to http://vil.nai.com/vil/submit-sample.aspx and virus_research@avertlabs.com

It's just a crazy loop lasting more than 2 weeks already which I am trying to break...

Message was edited by: okli on 12/11/10 19:42:30 CST
0 Kudos
exbrit
Level 21

Re: Report for a false positive

If you submitted the sample and got an auto-response then it will eventually be followed by the final answer usually within a matter of hours.

If negative simply reply disputing it.

0 Kudos
okli
Level 7

Re: Report for a false positive

First time I've submitted it was more than a week ago, never received second, 'final' response.

Disputing the auto response led to nothing as well, just yet another auto response, just like the semi-automatic emails from the tech. support where only name is the different part.

on 11/12/10 9:10:24 PM CST

Message was edited by: okli on 11/12/10 9:10:34 PM CST
0 Kudos
exbrit
Level 21

Re: Report for a false positive

That's odd I must say, they are usually pretty quick in my own experience.   Hopefully one of their staff will spot this thread or you could submit it again.

0 Kudos
okli
Level 7

Re: Report for a false positive

Still no reply...

0 Kudos
exbrit
Level 21

Re: Report for a false positive

I'll alert someone to this thread.

0 Kudos