Running VSE8.7i Patch 3
Ref Generic.dx!vei (cmdow.exe version 1.4.2) - found in threat library under http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=325341, but and Generic.Tra!cd4d4e9b8f8a (cmdow.exe version 1.4.3) not found in the threat library.
Following the update from DAT 6202, the file cmdow.exe (detected as above) is being deleted from my customers machines. This becomes a problem since we use this for hiding windows during automated installs. We understand that this has been marked as a potential hacking tool (for sometime). We can add an exclusion, but what we are specifically wish to understand is what has changed to elevate this to being detected and the file being deleted as I cannot find any further information or details?
I'd recommend you to submit this file to McAfee Labs via Service Portal (preferred) or via email@example.com and then contact technical support so they can escalate your request to McAfee Las. You will need to provide the work id or analysis ID regarding your submission so they can escalate your request. Once confirmed it's a real clean file they will provide you a negative extra.dat or another solution to do not detect this file anymore.
Hope this helps.
Here is the response from McAfee Labs -
Thank you for submitting your suspicious file.
For the file:CMDOW.EXE,CMDOW142.EXE (note - older version)
Detection is corrected in the latest source and Dats for the files(CMDOW.EXE,CMDOW142.EXE). We were detecting as Generic DX a few days ago but this has been rectified now.Kindly update to the latest Dats to see the correct PUP detection.