I scanned my file using virustoal.com and only mcafee gw edition reported a problem which is ofcourse a false positive. The virus is: behaveslike.win32.downloader.wc.
I reported this to email@example.com and I was wondering how much time will it take to get a response about it?
Also, since I release new versions every 1-2 weeks, will I be forced to re-send them the file for analysis every time?
I hope to get a response soon because I need to distribute the new version really soon
Solved! Go to Solution.
I confirmed with the whitelisting team that your files are whitelisted. But, you will have to wait for the updates to roll out that include the changes. I don't have visibility into the timing of GAM updates, nor do I have control of when Virustotal updates.
I have a conversation going with that team about your submissions. It will be an internal investigation, don't expect any further updates on it. If anything is wrong, we will fix it.
You need to continue to submit newly created files to the data submission process, as there isn't a way to whitelist your files before we see them.
Those instructions apply to Intel Security customers, so you may ignore them, and strictly use the data submission process that I posted after that. (emailing them)
Thank you for your replies.
My application is portable and does not need to be installed so I guess my answer would be "no" to the NSIS installers
I did email the file inside a password protected zip file and now I wonder how long it will take them to let me know if they whitelisted it and more important, will I have to re-submit my file every time I will release a new version.
I did submit this form as well: Detection Dispute Submission | McAfee Labs but there was no place where I could actually attach the file itself so I didn't understand the logic behind this form.
So after fixing the previous false positive, now it gives me a new one: BehavesLike.Win32.Sality.wc
They reply back but never on my question regarding future versions and the need to keep to re-sending them the executable whenever a new version is released.
People starts to complain about false positive and how can I explain them that this is a false positive and they shouldn't be worried? It's a mess.
I wonder if mcafee people even read this forum or just other users with no formal reply actually read these posts.
- McAfee/Intel staff are very rarely here as they are busy dealing with detections that are submitted as CD has explained above. We can bring outstanding/delayed results to their attention and that is all we can do here.
Best consult with experts on how to code the applications so they aren't detected at every upgrade.
I use virus total in order to check my own application (I'm the developer) for viruses and everything is clean except mcafee GW edition. I'll be glad to know what is causing my app to wake GW edition up from its sleep while all other engines are OK with it but they are not here to answer this very question.
Well you said you tried this form I believe? Detection Dispute Submission | McAfee Labs
Note that it says there that they will get back to you and it is at that stage, I would imagine, that they may ask for samples.
I already sent a sample and they whitelisted it from being a certain false positive but now it detects my exe as a new false positive so again I sent a sample. I hope you understand this is not a good method if I need to chase them every time I release a new version and moreover, when their engine suddenly decides that my exe is false positive without me doing anything.