It is too bad I have been recommending Mcafee to my friends, family and clients for many years, along with using it on my own machines. I was very happy, up until they removed the ability to trust files. Last year when I had to update my Mcafee I found that one of my programs I had been using for a long time was now being considered a virus and Mcafee deletes it instantly. I can even restore it and it is deleted again, what is the use to allow a person to restore a file only to delete it and never give them the ability to trust it? I spoke to On line support, after running around in circles with them they finally admited that you can no longer trust files manually in Mcafee. So after running in circles I loaded Norton into my personal machine and it never had a problem with the file. Of course you may say well some other programs may miss a possible virus while it is better safe then sorry and leave an infected one. Problem with that is a close friend of mine use the Enterprise version in his business and also has no problems with the file, so is the Enterprise version faulty or is the Home version over zealous? Sorry I know many people work from home but how many would want to have to pay for a company version software to run their personal equipment. Now the easiest fix is to allow the option of manually trusting a file or program, please do not say that it will leave Mcafee on the hook for any thing since it is the users responsibility to know what they are trusting or else every antivirus program would be on the hook for them allowing a hijak program/virus to take over their PC even though the user is the one that clicked the window. Other antivirus applications do have this ability still. I have kept Norton on my PC for a year now and have had no issues with it deleting files that I run every day to monitor my server. On my server I have had to disable Mcafee every time I have wanted to run those file. I am sorry but by being unable to trust the files I need to makes Mcafee a liabilty since I have to disable its over zealous protection and leave my server exposed while checking players on my server, once again very funny that not all levels of current versions of mcafee have this issue. I have 6 Windows based PCs in my home, 2 for work, my wife's, my daughter's, a spare laptop, and the server, 5 of them are currently running Mcafee but the year subscription is shortly going to be running out and I am going to be uninstalling Mcafee and installing Norton on them until Mcafee will listen to its users and allow manually trusting back in its software. I cannot really see much difference in a virus that deletes a file I want to keep and use or a program that deletes a file that I want to keep and use. Just one last note, what is more foolish to give a person the ability to trust a file/program or require that they shut of their antivirus to run said file/program and leaving them exposed to many more possible infections while it is off?
We hear you and have asked time and time again for McAfee to allow files to be trusted in the consumer edition as they were back in VirusScan 7 days, and still are with VirusScan Enterprise.
You can submit files for approval and it can often all be taken care of in a matter of a few hours so they wont be detected again.
See this thread for guidelines: http://community.mcafee.com/thread/2016
I went through that path originally and got no were. Funny though, yes Enterprise can allow you to trust a program but in this case it was never an issue. My best friends Enterprise that he runs in his company had no issues with the program that my Home version deletes. This post was mostly to point out that not listening to customers will cause them to move on to another company that is more willing to work with users instead of treating them like fools who cannot cannot properly decide what is right or wrong with their own PCs. This is too bad since I have been working as a tech since 91 and always prefered Mcafee since the first time I had to deal with a virus breakout when working for a small system integrator company shipping to the US and Canada, good old Michaelangelo. I maybe one person and they probably do not care one bit what I do, very obvious from them not listening to the vocal few who have brought it up. but I do deal with many clients and family members on their equipment and when they ask not only what I recommend but what I personally use and why more will tend to follow until Mcafee finally cares to listen to people.
The home and Enterprise versions shouldn't differ in detection, it could have happened because one of them wasn't up to date perhaps? You should resubmit the file to Webimmune firstname.lastname@example.org with the header "False" and if they finally say it is a virus/trojan or whatever, then immediately reply disputing that, making sure you keep the email header intact.
Don't forget to zip the file and password protect it using the password "infected" (minus the "").
Message was edited by: Ex_Brit on 15/03/10 7:16:38 EDT AMMessage was edited by: Ex_Brit on 15/03/10 7:16:56 EDT AM
I too have had problems with McAfee and the help is just about non-exitent, I have 5 websites that I submitted to McAfee SiteAdvisor for testing on January 25, 2010, and I have not yet been tested (and I have left a comment on all the sites as per their request). Norton tested my sites in under a week and all have the green light. You be the judge. Who has a better system, Norton or McAfee.
Delta78 whilst I appreciate your frustration, SiteAdvisor has absolutely nothing to do with antivirus and I think it was just pure chance that Norton took only a week to check a site. I've known SiteAdvisor only take that amount of time or even less, it all depends on the site and how long since its inception and how long since last scanned.
In any case Somer Pyron from McAfee has answered your SiteAdvisor query and is looking into it.
Hope it helps.
You're right, submitting it as a false detection will get it added to the safelist. What's probably going on here is that the application getting deleted is accessing memory or doing something similar to malware so VirusScan is removing it. And while an exclusion would help this particular application in this specific case, it won't cure the underlying problem, which is that this application is doing something odd. It could be something as simple as bad coding causing the app to generate a buffer overrun or something. Either way, Artemis detection will see the activity and stop it until it gets added to the safelist.
I must echo the sentiments expressed by the OP.
I am not having problems with FP detections, though I can only imagine the OP's frustration trying to rectify this issue without the ability to set exclusions.
However, it defies comprehension that MSC cannot be designed to allow the user to set exclusions or otherwise customize the scheduled scans.
This is probably the only major ISS that doesn't permit this.
My immediate problem relates to file SIZE.
I have a utility to backup my FF and TB profiles (MozBackup).
It creates a single PCV file from an entire folder containing all the email clients' files, my emails, etc; it is essentially a "zip" file.
In the case of my TB email client, that file is VERY large, even w/compression (>1.5 GB).
If I create a backup anywhere in my files/folders, my overnight scheduled scans with MSC take >5 hours b/c MSC takes *forever* to unpack and scan within this big file. (Heaven forbid I should create a 2nd backup file of similar size.)
If I manually scan and tell MSC to "skip" when it gets to this large file, the scan proceeds at a decent pace and completes in ~2.5 hours.
(It would be even more efficient if I could exclude a large folder of jpgs that don't need scanning every darn day and to otherwise customize the scheduled scans.)
My only "workarounds" are to:
1) Create TB MozBackup files ONLY on my USB external HDD (very inconvenient), or
2) Cancel my scheduled scans and ONLY scan manually/"on demand", when I can control the process (would hardly seem to enhance system security).
Frankly, this is really disappointing.
Added to the myriad OTHER significant functionality and configurability issues with this product (some of which are actually worse in the 2010 versions I have yet to receive), I am rapidly coming to the conclusion that -- despite having current subscriptions on 2 of my 3 computers, it may be time for me to move to a more "compliant" and configurable ISS.
If I'm missing something about how to make this all work best, please advise.
There is an option in the scanner to not scan compressed files. If your email file is a common type of compression, this might fix the issue for you. Open SecurityCenter and open the Virus and Spyware Protection drawer. Click Scan your PC, and Run a customer Scan. Unfer "All File Types," you can select the check box beside "Exclude ZIP and other compressed files." This is an on-demand scan, as you pointed out, so you'd still have to launch it. You could also change your scheduled scan time to run at a time when you're not using the computer (say, right after you go to sleep, for example).
In the meantime, I'm going to forward your comments to our product management. As Ex_Brit stated, we had the ability to exclude files in previous versions, but not in the last couple releases. I don't personally know the reasoning behind it, but I can assume it had to do with direct customer feedback (as we use feedback during the design phase). Regardless, I'd like to provide this feedback as well and see what we can do with future versions.
Please let me know if disabling compressed file scanning helped. I understand these are only workarounds, and will make sure your feedback gets to our developers.
Thanks for replying (and Peter, too). And thanks to the other posters for their insights.
Yes, I understand what you explain about a "customer" (I think you meant "custom") scan that skips compressed files, but that only applies to a manual, on-demand scan, as I already mentioned in my original post.
I am talking about the scheduled scans.
These scheduled scans are completely "all or none" -- no option to select/customize the drive, the folders or the files, and no option to manage the items (real or FP) that the scanner detects, at least with exclusions. Every other ISS and AV I have ever used provides the options to exclude folders and/or files by file path or size, and to effectively manage the quarantined items. ONLY MSC scans EVERYTHING and provides no user control on the detections. The procedures kindly described by Peter for reporting FPs is hopelessly complicated, and, by all accounts, not effective.
Yes, I already run my scheduled scans overnight when the system is idle, even though my hardware can support an active scan while other programs are in use. That's a no-brainer. But when I noticed in the logs that they were taking hours longer than "normal", I monitored one of them and observed that the scanner was working forever in the large, compressed file. As soon as I clicked "skip", everything ran more quickly to the end. (Note: the scanner was not hung up or frozen, it was just taking VERY LONG to scan the big file). If I create additional backup files (or other large files, such as videos) on the machine, then McAfee will end up working 8 hours a day or more just to run a routine, scheduled scan. I certainly understand the possibility of a bad file masquerading as a zip or other apparently benign item. But, as the OP suggested, I should have the OPTION of designating any particular file (based on size or other criteria) as "safe" and to be excluded from scanning.
At the risk of beating a dead horse, this is just one of so many numerous issues with the lack of user control, configurability and features that are the norm among all other major ISS these days. I have posted many times in the past few months about these issues.
In fact, by all accounts, the 2010 versions remove even more features than were present in 2009.
If McAfee's detection rate and other critical stats were the best in the industry, it might be worth tolerating these annoyances and even the fact that the company apparently considers its home users to be entirely computer-illiterate and incapable of doing anything more than pushing the on/off switch.
Alas, such is hardly the case. I have had to add additional protection from other security apps to bolster my defenses, especially for rogue malware detection and IP protection.
I make no claim to being an expert, but I do have enough experience and knowledge to know that McAfee's ongoing dumbing-down of their products has likely reached a point of hindering rather than helping the home user's computer security.
OK. More than enuf said.
I do hope that the developers will re-consider some of their recent product changes and restore some modicum of user configurability and features.
Thanks very much for your time and consideration, and thanks to Peter and the other volunteer and McAfee moderators, without whose support I would already be an EX-customer,