cancel
Showing results for 
Search instead for 
Did you mean: 
alex_n
Level 7

Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

Dear comunity I have the following question:

How can I trust a file that I know its safe, either I use to play online games, or use to manage a webcafe (networked PCs), or even a .xls table with macros and automated calculus formulas, o just some files that particular programs need to run??

This is a very common question I keep getting and I cant seem to find a definitive solution from the McAfee software, other than send to analyze, but could take days for a return.

Is there a way to Trust a file, or to it be skipped in the scan, RTS, o to return it from the quarantine for good???

I would much appreciate the solution for this issue.

Cheers,

Alex N.

0 Kudos
1 Solution

Accepted Solutions
vinoo
Level 13

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

Both files have been analyzed clean and detection suppressed. The Artemis detection on ggxx.exe should not occur right away while the suppression for Startup.exe will reflect in tomorrow's 6442 DAT release.

Best,

Vinoo

29 Replies
Hayton
Level 18

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

Moving to the head of the list for attention

Peacekeeper
Level 20

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

NO way to trust a file so RTS skips it we have been after an exclusion setting and 2011 has it for scheduled and custom scan but not for RTS and full scan.

Unless mcafee pops up a box asking you to trust it you need to submit it to mcafee labsas per

http://vil.nai.com/vil/submit-sample.aspx

Use subject False+ve and name of detection. When you get a reply reply to that 1 asking for a review.

If no chop in 5 days post back and I will cut some corners for you

j@n
Level 7

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

You may find a solution to your problem in this thread

https://community.mcafee.com/message/196832#196832

Go to SecurityCenter->Navigation->Real-Time Scanning->Scan Settings->Extended Protection Section and uncheck Scan for viruses by identifying threat patterns.

It did work for me.

alex_n
Level 7

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

I will try that one J@n!

Now, and I ask the rest of you guys, is there a considerably sucurity risk in disabling that particular feature???   To what sort of potentially danger are we exposed by disabling that option??

Anyway, I will be trying that one in the next particular case I encounter.

Thaks J@n.

Alex N.

0 Kudos
Peacekeeper
Level 20

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

Yes there is  the program is less effective.

As I said submit the file I can then cut the time down if you do not get a solution but I need the Analysis ID  number

alex_n
Level 7

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

Tony,

Customer sent a file to

virus_research@avertlabs.com 

for the False Positive Startup.exe

file needed to run a game.

Sent by email with attached .rar file.

Is it ok if it .rar and not .zip?

and not password protected for it is not a infection?

Thanks in advance.

Alex N.

0 Kudos
Peacekeeper
Level 20

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

Must be a zip and MUST be passworded with infected as the password.Otherwise no analysis

alex_n
Level 7

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

OK then.

Is it the password "infected" eventhou it is not an infection but a False Positive?

Thank you very much Tony.

Alex N.

0 Kudos
Peacekeeper
Level 20

Re: Unharmful (trusted) Files recognized as virus/trojan.

Jump to solution

yes that is what this faq says

http://vil.nai.com/vil/submit-sample.aspx

Email

You may submit samples directly to McAfee Labs by attaching the file(s) in an email to virus_research@avertlabs.com. When submitting samples via email, you must archive them in a password-protected Zip file with the password “infected” (all lowercase)

0 Kudos