I have had a key logger installed for many years on my PC and in the past VirusScan has flagged it and left it alone once I ID'd it as OK. The other day I got a notification that one of the .dll files for this program was removed as a suspected Trojan and won't let me restore it. I assume if I go search for the file and restore manually the problem will keep occurring??
Installed versions are: Security Center 9.15 Virus Scan 13.15
Agree not surprising it was detected (as it had been previously) What is surprising (and annoying) is that the file was quarantined after being specifically told to ignore it. The file has been submitted to McAfee and webimmune which replied with this:
"Our analysis detected a potentially unwanted program or joke program with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again. If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy."
So what does that mean and how do we get VirusScan to cease quarantining files without first asking permission (as it has always done previously)? Common sense (and logic) would dictate that once a file is restored it should be accepted henceforth. Yes, no??
They didn't send an email You get an account with a link that gives this result: ==================================================
Avert(r) Labs WebImmune
View Analysis • Log out • Change password • Submit a file • Update registration • My Account • Frequently Asked Questions • Instructions For Use McAfee Labs - Beaverton Current Scan Engine Version:5300.2777 Current DAT Version:5774.0000 Thank you for your submission.
Analysis ID: 5583210 Name Findings Detection Type Extra thehook.dll current detection generic pup.e Application no
current detection [ thehook.dll ] Our analysis detected a potentially unwanted program or joke program with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again. If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy.
McAfee Labs =================================================== There is no way to respond and the "Contact Us" results in a blank screen. Based on their FAQ this seems to be a site that evaluates files that the submitter suspects may have a virus which was not the purpose for submitting it. Since the Avert site seems to think the file is virus related (when it in fact isn't) nothing is probably going to change.
Their FAQ would seem to advise against this. Quote: ========================================================== Should I send samples to WebImmune and e-mail them to Avert(r) Labs? No, you only need to submit the sample to Avert(r) Labs once. The only exception is if WebImmune prompts you to send to Avert(r) Labs via e-mail. This will usually be the case if the file is over three megabytes in size. ==========================================================
Since they already have the file and have apparently identified it (wrongly) as malware will this make any difference?
How do we return to the mode where the user (and payer for the software) decides when a file or application should be quarrantined or left alone? This is like hiring a security firm to watch you property and they keep turning in a member of your household for B & E. Would you keep paying this group?