cancel
Showing results for 
Search instead for 
Did you mean: 

Whitelisting False Positive BehavesLike.Win32.FakeAlertSecurityTool.cc

Jump to solution

Dear McAfee Team,

I tried few times to add our files on the whitelist.

https://www.virustotal.com/en/file/ab1f0bcf437bafce8c627fc93813bfea61fc364a1209e74dc955d95077e8d95e/...

It's whitelisted on the "McAfee" but not on "Gate Way". We try it since days to get the "Go".

Could somebody help me who we can do it easily?

1 Solution

Accepted Solutions
McAfee Employee dmeier
McAfee Employee
Report Inappropriate Content
Message 20 of 23

Re: Whitelisting False Positive

Jump to solution

These have been whitelisted, please confirm when you can.

- David

22 Replies
Highlighted
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 2 of 23

Re: Whitelisting False Positive

Jump to solution

Hi ,

have you sent the file where GAM is blocking to the AVert Team? Whitelisting with GAM is different to the normal signature based engine. because GAM does behavior based detection.

Finally, if your application has a similar behavior to a known threat the easiest way is to

a) make a rule in MWG to whitelist the detection name with a given URL.

b) open a ticket an upload the file to McAfee to whitelist.

Hope this helps,

Cheers

Re: Whitelisting False Positive

Jump to solution

Hi Troja,

we got a "process sheet" who we schould submitt it and use the GetSusp software.

http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx

We submitted it and get a "we received the mail" but until now nothing.

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 4 of 23

Re: Whitelisting False Positive

Jump to solution

Hmmm,

i do not understand what you mean with "process sheet".

GetSusp does not help if GAM blocke somthing. You need to upload the original file to McAfee Support opening a Support ticket.

Cheers

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 5 of 23

Re: Whitelisting False Positive BehavesLike.Win32.FakeAlertSecurityTool.cc

Jump to solution

I've added the detection name to your header in order to draw more attention to it and have moved this to Corporate User Assistance.

The software developer has to submit the software using this form:  https://secure.mcafee.com/apps/mcafee-labs/dispute-form.aspx?region=us

It takes quite a long time sometimes for software to be cleared.

---

Peter

Moderator

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 6 of 23

Re: Whitelisting False Positive

Jump to solution

Hi,

is this a new form, i have not seen it before.

Cheers

Re: Whitelisting False Positive

Jump to solution

Hi got the following instruction from the McAfee Support. Btw: We don't use McAfee inhouse.

How to submit virus samples and false positives to McAfee Labs

Consumer KnowledgeBase ID:  TS102053
Last Modified:  10/27/2015

 


 

Environment

Summary

This article describes how to submit virus samples and false positives to McAfee Labs. There are two possible reasons you might need to submit a file. Use the appropriate Solution for your issue:

  • Solution 1: You suspect you have malware but nothing was detected, or malware was detected but you were unable to clean it.
  • Solution 2: You suspect a malware detection is a false positive.

  Solution 1 

Possibly Infected File Submissions
You can submit samples to McAfee Labs if you have located a file:

  • that you believe is infected but was not detected by your McAfee software
  • that was detected, but was not cleaned

 
There are two methods for submitting potentially infected files:
 

  • GetSusp: McAfee recommends that you use GetSusp as a first tool of choice to analyze a computer you suspect has malware.

    To download GetSusp, go to http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx.

    IMPORTANT: The submitted file cannot be larger than 10 MB.
  • Email: You can submit samples directly to McAfee Labs by emailing virus_research@avertlabs.com and attaching the file(s) for review.

    When submitting samples via email, ensure your attachments are contained in password-protected .zip files with the password infected (all lowercase). If the automated system is unable to determine if there is a valid threat, your submission will be escalated for further analysis. For more information on creating a .zip file, see:

 
Regular Technical Support cannot assist in malware removal. If you prefer support assistance, contact McAfee Virus Removal Services (http://home.mcafee.com/root/stdlandingpage.aspx?LPName=vrs_v2&affid=0&culture=en-us&mm_campaign=9056...).
 

Solution 2

False Positive Submissions
If you think that a file has been falsely detected or incorrectly classified, follow this process to submit the sample to McAfee Labs. 

Email submissions
To submit a sample via email, zip the file (using the procedure described in Solution 1) and send it to McAfee Labs Virus Research at:

virus_research@mcafee.com.


IMPORTANT:
Prefix the email subject line with the word FALSE. For example, "FALSE: file being detected by McAfee."

Include the Product and version, DAT version, Engine version, and a short description (including any other relevant information regarding why you think the file has been incorrectly detected). You can find all of the product information inside your McAfee Security suite by clicking About.

Sample email:

Please review the submitted file as we believe this is a false detection.
Product: McAfee Security Center 12.8
DAT version: 6587
Engine: 5600
Description of issue: This file has been detected as malware, but is part of my game.


After the sample has been analyzed, one of the following occurs:

  • The sample is considered clean. Detection is suppressed, and will be updated in the next DAT release.
  • The sample is incorrectly classified. It will be reclassified, and detection will be updated in the next DAT release.
  • Analysis of the file determines that the sample is properly detected. You will be notified of the results.
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 8 of 23

Re: Whitelisting False Positive

Jump to solution

Hi ,

the GetSusp Tool is a tool that can be used on a Windows Endpoint It inspects your System and is able to upload a suspicious file to McAfee.

This tool does not help when the GAM engine (this is another engine completely different to the engine on endpoint) detects a false/positives.

So, when following the instrusctions you posted, take the file, zip it with Password and send it to McAfee.

Cheers

Re: Whitelisting False Positive

Jump to solution

Yes, I used both ways. But still no feedback. I'll submit it again and maybe the McAfee Team will whitelist it.

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 10 of 23

Re: Whitelisting False Positive

Jump to solution

From my side, the best Option for such a case is to open a ticket. Because you can monitor the status and you can update the case.

Additional, if something is not working you can directly interact with a Support specialist.

Cheers