I have a couple of files that McAfee keeps moving into quarantine. The files are HBCDCUSTOMZER.EXE, and R-Kill.com. I'm pretty sure they are false positives. How can I know for sure they are harmless, and how do I move them to the Trusted Items folder. Both files are from a boot disk Falconfour. This disk has utilities to trouble shoot and repair a PC.
Solved! Go to Solution.
Thanks for submitting the files for analysis. They have both been analysed and confirmed to be non-malicious. One is related to r-kill, a bleepingcomputer.com utility, and the other is a file associated with Hirens boot CD.
They should both no longer be detected by GTI.
It is quite likely that McAfee detects certain processes with-in R-Kill/HBCDCUSOMIZER.EXE/and the program "Falconfour" as well. It even states on (BleepingComputer.com) that Malwarebytes may even detect some of the processes in R-Kill.
In a lot of cases, when downloading/Installing (Freeware) there are additional processes (Bundled) as well. My recommendation is that you follow the Guidelines/Instructions in the following link:
Please allow (4-5) Buisness days to Analyze/Process. You should receive a confirmation from McAfee Labs, indicating your submittal was successful. With it, should come a Anaylysis Id # .Should the case be that your files/programs have not been Cleared/Whitelisted after allowing the appropriate time.
Please post back the Analysis ID #, and quite possibly we can contact a technician from McAfee Labs, to expedite the process.
(Note) If you use use McAfee Getsusp, it will detect and send (all) the files/programs in question at once.
In Version 13.6 File Exclusion has been Re-introduced. However at your own risk. This is why I felt it best to submit the above mentioned Files/Programs to cleared first.
Edited: By Catdaddy on 9/18/2014
Thanks for the information. I do have more questions about how to manually send files to the Trusted Items folder. You posted "In version 13.6 File Exclusion has been Re-introduce". How do I know if I have Version 13.6? From what I can see I have SecurityCenter 12.8, Anti-Virus 16.8, Firewall 13.8, SiteAdvisor 3.7, QuickClean 12.8, and Vulnerability 2.8. I don't see any radio buttons to move the files from the Quarantined to the Trusted folder. Is there a way to manipulate this with the Security Suite I have? Do I need to update to Version 13.6, if so how do I do that?
In the consumer version you can only have the option to trust PUPs (potentially unwanted Program and this usually given as a popup option. You cannot move file to the trusted area sorry.
Re 13.6 it has a file exclusion option BUT has to be used carefully as if the file actually is malware you would then have allowed it free reign.
re 12.8 you still hav ethis if
1 you are running XP 12.8 is the limit for upgrades to Mcafee for the XP OS.
2. Your Mcafee was purchased or supplied through a McAfee partner such as your ISP. They or at least some them lag a bit in releasing upgrades as they want to add their own options into the interface or want to quality test it.
Basically PK ( Peacekeeper) said it all . In fact if your OS is Windows XP, the highest Version available is the one you presently have. And as PK mentioned, quite often when you receive your McAfee through your ISP/Manufacturer, they tend to (Lag) behind on occasion with Version upgrades. No fault of McAfee.
Having said all of this, I would concentrate more so in submitting your Artemis! Detections following the Guidelines outlined in the link provided. Please keep in mind that they will need to be Password Protected-"Infected"/Zipped and individually sent.
As I stated in my initial post, please allow the appropriate time to be Analyzed/Prcocessed. For McAfee Labs receive over 150,000 detections a day. Should your issues by chance not be resolved after the appropriate time. Please post back the (Individual Analysis ID #,S) and I will seek a McAfee Labs Technician to expedite the process.
After your attempt to submit, would you kindly post back that you indeed received (Confirmation) from McAfee Labs that they were submitted successfully?
Wishing you all the very best,
Unfortunately you should wait for the Update to be installed automatically. Could you please post back your AFFID which will be listed in About link at the bottom right of main GUI. Based on this i will be able to inform if you are eligible for WSS 13.6 version.
You can try below Temporary workaround until the file is being Whitelisted
Turn OFF Real Time Scanning and check if you are able to restore both the files. Once Restored move them to a Flash Drive. Whenever using the Application use this Flash drive to operate the application.
Well then you might need to wait for ATT to upgrade to 13.6 version. I can't assure or comment on the ETA since it is taken care by Top level Management. Currently latest Suite from ATT will have 12.8 version.
Again, I will reiterate that you should concentrate more so, on the submission of the Files/Programs mentioned here-in. For the simple fact being is, since your protection was not purchased from McAfee directly, one can never place a time when you will be upgraded to the (13.6) Version.
I am in no way attempting to be contadictive as to what Selvan suggests, for by him being from support himself, dwarfs my knowledge. I am simply saying if your Affld:0 is not the case. Your issues will be better resolved if you concentrate more so, on Submitting the Artemis! Detections to McAfee Labs as suggested . This way you can be assured of them being processed with-in a reasonable time, rather than (waiting) for your ISP to upgrade your version to (13.6).
Especially as I indicated in my intial response, that certain Vendors detect your items mentioned.
It is much better to have McAfee Labs to Clear/ whitelist the detections you mentioned, opposed to (Excuding them) for there is a chance that one or more of the Applications could be Harmful.
It is entirely your prerogative.
With all due respect,
OK I think I have this figured out. First I followed your advice and emailed firstname.lastname@example.org the file name and
False Artemis! number for submission. I'll probably send the actual files at a later time, but this is what I found. It looks like there is a way to exclude the files from a scheduled scan. If I click on Virus and Spyware protection, and then on Scheduled Scans there is a place to exclude files and folders. There is also a way to exclude files with a custom scan. I haven't run this long enough to know if this will work but so far so good.
BTW I also have Windows 7 Home pre