cancel
Showing results for 
Search instead for 
Did you mean: 
wzehntner
Level 7

False positiv with McAfee-GW-Edition

Jump to solution

My sample file is reported by virustotal as infected.

I sent the sample 3 times now to virus_research@mcafee.com and I always got the answer,

that the sample is inconclusive and:

"   Automated analysis was not able to determine that this file is malware. This file is  

being sent for further processing and the DAT files will potentially be updated if    

detection of this sample is warranted."

Analysis ID: 9031386 from 2014-07-02

Analysis ID: 9036646 from 2014-07-08

Analysis ID: 9049871 from 2014-07-23

Latest report of virustotal is here:

https://www.virustotal.com/de/file/c46f47da9ba07db254d64b80c805363087528e065f88d79f637c8999b6306d58/...

McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-PKR.O 20140804

Could someone take care that this is looked into please.

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: False positiv with McAfee-GW-Edition

Jump to solution

Hello,

you need to follow the steps in this KB please: McAfee KnowledgeBase - Web Gateway/Webwasher: How to submit virus and anti-malware samples (false po...

Please note the specific submission process for Web Gateway/GAM + follow the steps of gathering a sample.

McAfee Gateway Anti-Malware (Secure Anti Malware)  

  • Use email: 
    1. Send an email with the sample file attached to virus_research_gateway@avertlabs.com.
    2. If you believe the submission is a false detection, put Possible False in the subject line of the email.
    After the sample has been received, it will be validated for detection issues and whether it is a known clean file, a possible false detection, or a completely unknown file. A sample that is a possible false detection or unknown file will be escalated for review and further processing. After a submission status is confirmed, an email update is sent to the submitter.

  • If the sample is larger than 5 MB, open a Service Request (SR) with MWG Support to submit the sample.
  • If you do not get a timely response after submitting your sample to virus_research_gateway@avertlabs.com, open an SR with MWG Support to escalate the request.  

thanks,

Michael

2 Replies
McAfee Employee

Re: False positiv with McAfee-GW-Edition

Jump to solution

Hello,

you need to follow the steps in this KB please: McAfee KnowledgeBase - Web Gateway/Webwasher: How to submit virus and anti-malware samples (false po...

Please note the specific submission process for Web Gateway/GAM + follow the steps of gathering a sample.

McAfee Gateway Anti-Malware (Secure Anti Malware)  

  • Use email: 
    1. Send an email with the sample file attached to virus_research_gateway@avertlabs.com.
    2. If you believe the submission is a false detection, put Possible False in the subject line of the email.
    After the sample has been received, it will be validated for detection issues and whether it is a known clean file, a possible false detection, or a completely unknown file. A sample that is a possible false detection or unknown file will be escalated for review and further processing. After a submission status is confirmed, an email update is sent to the submitter.

  • If the sample is larger than 5 MB, open a Service Request (SR) with MWG Support to submit the sample.
  • If you do not get a timely response after submitting your sample to virus_research_gateway@avertlabs.com, open an SR with MWG Support to escalate the request.  

thanks,

Michael

wzehntner
Level 7

Re: False positiv with McAfee-GW-Edition

Jump to solution

Thanks a lot !

I just submitted my sample to virus_research_gateway@avertlabs.com

I was not aware that virus_research@mcafee.com is not the best place to submit my sample.

Hopefully I won't have to escalate the request, because I am not part of the MWG Support

and wouldn't know how to open a SR ...

Anyway, let's give them a couple of days.

Wolfgang

0 Kudos