cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Phil3
Level 7
Report Inappropriate Content
Message 1 of 11

FALSE POSITIVE DETECTION

Jump to solution

I have a problem with an executable being flagged as malware.

I've already contacted Consumer Support to whitelist this file who advised I should report it here as it relates to the Enterprise version. The file is still detected by McAfee, McAfee-GW-Edition and Virustotal.

Analysis ID: 11087622 Dec 29, 2021
Analysis ID: 11087153 Dec 22, 2021
Analysis ID: 11086886 Dec 18, 2021

This is the link to virustotal:

https://www.virustotal.com/gui/file/2990b936a85ccabe4a570f8230e98835b8d08c19282748b61541d2e668d109a6

It is flagged as RDN/Generic.grp.

I have tried to whitelist the file on a number of occasions but with no success so can I ask for your help.

If you need more information, please contact me.

Thank you.

Phil

1 Solution

Accepted Solutions
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

Hi @Phil3,

A Labs review request has been created. Please bear with me until we receive an update from Labs on the same.

Further updated to follow this Post.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

10 Replies
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

Hi @Phil3,

Thank you for reporting the issue.

May I know if you are an active customer of McAfee?

If yes, a support/Service Request would be the best approach here.

If not, please let me know and I will seek alternate ways of having the samples reviewed by our Labs team for False positive detection!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Phil3
Level 7
Report Inappropriate Content
Message 3 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

@AdithyanT 

Thank you for your replying. I'm not an active customer of McAfee, I'm the developer of the software affected.

I received a response when I sent it for review on Dec 29, 2021, Analysis ID: 11087622 and was later advised by a mod in the Consumer Community to submit it to this forum.

Phil

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

Hi @Phil3,

Thank you for your swift response. I will right now cross check what products are detecting your software with an internal scan using the sample details you have provided.

Since you cannot create a Service Request, I shall take care of this issue from here.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

Hi @Phil3,

Thank you for your patience. I have analyzed the sample and confirmed that both McAfee ENS and VSE are detecting this sample as malicious (RDN/Generic.grp).

Unfortunately I do not have control over other product detection (Like gateway), but I will raise an internal request ASAP to check for suppressing this detection.

In order to do so, I would need the following details:

--> Name of the program:

--> Purpose of the program:

--> Publisher of the program:

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Phil3
Level 7
Report Inappropriate Content
Message 6 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

@AdithyanT 

As requested the details are:

Name of the program: CryptoCrack

Purpose of the program: To solve classical ciphers

Publisher of the program: Phil Pilcrow (me)

Website: https://sites.google.com/site/cryptocrackprogram/home

Thank you for helping.

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

Hi @Phil3,

Thank you for the details.

Please allow us some time to review the samples and get back to you.

If verified to be an FP detection, the usual turn around time to resolve is 3 to 5 business days. I shall keep this thread updated with next updates as and when I receive them from labs.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

Hi @Phil3,

The Detections are now rectified post our submission from McAfee Labs. They have provided "EXTRA DAT" file that can help us mitigate the detection on an immediate basis that can be used by AV solutions we offer like Endpoint Security (ENS) and Virus Scan Enterprise (VSE).

Having said that, we expect the solution to be implemented on our global update release in next 3 to 5 business days (Maximum time taken).

I am attaching the said EXTRA DAT file for your kind perusal in case you have any customers who wish to use it immediately for running your software.

Details of summitted file:

Sample md5: 3bb62b46ec7f0327b8b188f37c14a5df

Suppressed Detection Name: RDN/Generic.grp trojan

Currently the file is being marked as a clean file in the back end.

Note: Also, please use our product's trial version or with the help of any of your customers who may use McAfee for confirming if the detections are suppressed as Virustotal may have some delays in updating the suppression data at their end.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

Hi @Phil3,

A Labs review request has been created. Please bear with me until we receive an update from Labs on the same.

Further updated to follow this Post.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Phil3
Level 7
Report Inappropriate Content
Message 10 of 11

Re: FALSE POSITIVE DETECTION

Jump to solution

@AdithyanT 

VirusTotal is now showing the file as clean. Thank you for your help.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community