McAfee Security Center recently began identifying a file in one of our commericial products as being infected by the virus Artemis!89B54039312F. Previously, this file had repeatedly passed virus scans by Norton, McAfee and Kaspersky over several months without any indication of problems, and we are therefore confident that the file is not infected. We do not know exactly when this misidentification began, but it existed in your virus definitions as of August 4.
The file in question is encrypted for license management purposes. Our theory is that a random byte pattern in the encrypted version is triggering detection. The unencrypted file shows no sign of being infected, and the encryption is performed by a reputable commercial product which is also malware-free.
Can you please provide details of how a software vendor can report a false positive for investigation?
Since existing users who have McAfee protection will otherwise have their main executable files for our application deleted, we would like to resolve this problem as quickly as possible.
We had VirusScan identify a file as being a virus, when in fact it was a legitimate application. I called McAfee Platinum Support (I suppose Gold Support would work as well), and after working with them for a while they presented the information to Avert Labs which in turn deemed the file as legitimate. They provided me with an Extra.DAT file that excluded that file, and the next day's DAT update had that file removed as well.
Call support and ask them how it should be handled? It worked that way for me.
Thanks for the tip. After seeing it, I poked around the McAfee site a bit more and discovered this link http://www.mcafee.com/us/threat_center/dispute/dispute_form.asp to a Detection Dispute Submission Form. I just submitted our problem there, but I'm not sure that's the correct form to use. Can a McAfee representative confirm this?
Thank you for the guidance. I had seen that post but wasn't sure it applied in this case since additonal information and an email address for a response could not be included. However, I submitted the file as suggested and hope that the issue can be resolved promptly.