cancel
Showing results for 
Search instead for 
Did you mean: 
stockdiv
Level 7

behaveslike.win32.downloader.wc false positive

Jump to solution

Hi

I scanned my file using virustoal.com and only mcafee gw edition reported a problem which is ofcourse a false positive. The virus is: behaveslike.win32.downloader.wc.

I reported this to virus_research_gateway@avertlabs.com and I was wondering how much time will it take to get a response about it?

Also, since I release new versions every 1-2 weeks, will I be forced to re-send them the file for analysis every time?


I hope to get a response soon because I need to distribute the new version really soon

Thanks

0 Kudos
1 Solution

Accepted Solutions
dmeier
Level 13

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

I confirmed with the whitelisting team that your files are whitelisted.  But, you will have to wait for the updates to roll out that include the changes. I don't have visibility into the timing of GAM updates, nor do I have control of when Virustotal updates.

I have a conversation going with that team about your submissions.  It will be an internal investigation, don't expect any further updates on it.  If anything is wrong, we will fix it.

You need to continue to submit newly created files to the data submission process, as there isn't a way to whitelist your files before we see them.

Those instructions apply to Intel Security customers, so you may ignore them, and strictly use the data submission process that I posted after that. (emailing them)

- David

0 Kudos
87 Replies
catdaddy
Level 20

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

,

                  Although I am from the Consumer side of the Equation, may I ask if your detection is due to (NSIS Installers)? For there has been lengthy discussions related to this detection.

All the Best,

Catdaddy/CD

Volunteer Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

Also have you tried submitting following these Guidelines/Instructions;Submit a Virus or Malware Sample | McAfee Labs

In addition, if it is your personal Software;Detection Dispute Submission | McAfee Labs

Cliff
McAfee Volunteer
0 Kudos
stockdiv
Level 7

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

Thank you for your replies.

My application is portable and does not need to be installed so I guess my answer would be "no" to the NSIS installers

I did email the file inside a password protected zip file and now I wonder how long it will take them to let me know if they whitelisted it and more important, will I have to re-submit my file every time I will release a new version.

I did submit this form as well: Detection Dispute Submission | McAfee Labs but there was no place where I could actually attach the file itself so I didn't understand the logic behind this form.

0 Kudos
stockdiv
Level 7

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

So after fixing the previous false positive, now it gives me a new one: BehavesLike.Win32.Sality.wc

They reply back but never on my question regarding future versions and the need to keep to re-sending them the executable whenever a new version is released.

People starts to complain about false positive and how can I explain them that this is a false positive and they shouldn't be worried? It's a mess.

I wonder if mcafee people even read this forum or just other users with no formal reply actually read these posts.

0 Kudos
exbrit
Level 21

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

- McAfee/Intel staff are very rarely here as they are busy dealing with detections that are submitted as CD has explained above.   We can bring outstanding/delayed results to their attention and that is all we can do here.

Best consult with experts on how to code the applications so they aren't detected at every upgrade.

0 Kudos
stockdiv
Level 7

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

I use virus total in order to check my own application (I'm the developer) for viruses and everything is clean except mcafee GW edition. I'll be glad to know what is causing my app to wake GW edition up from its sleep while all other engines are OK with it but they are not here to answer this very question.

0 Kudos
exbrit
Level 21

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

Well you said you tried this form I believe?  Detection Dispute Submission | McAfee Labs

Note that it says there that they will get back to you and it is at that stage, I would imagine, that they may ask for samples.

0 Kudos
stockdiv
Level 7

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

I already sent a sample and they whitelisted it from being a certain false positive but now it detects my exe as a new false positive so again I sent a sample. I hope you understand this is not a good method if I need to chase them every time I release a new version and moreover, when their engine suddenly decides that my exe is false positive without me doing anything.

0 Kudos
exbrit
Level 21

Re: behaveslike.win32.downloader.wc false positive

Jump to solution

Well it's all I can suggest other than perhaps complain to head office:  Contact McAfee United States | McAfee

0 Kudos