This content has been marked as final. Show 34 replies
It isn't surprising that a keylogger would be identified as those applications operate on similar principles to many types of malware.
See this sticky on what you can try: http://community.mcafee.com/showthread.php?t=233662
Agree not surprising it was detected (as it had been previously) What is surprising (and annoying) is that the file was quarantined after being specifically told to ignore it. The file has been submitted to McAfee and webimmune which replied with this:
"Our analysis detected a potentially unwanted program or joke program with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again.
If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy."
So what does that mean and how do we get VirusScan to cease quarantining files without first asking permission (as it has always done previously)? Common sense (and logic) would dictate that once a file is restored it should be accepted henceforth. Yes, no??
I would have replied to that email stating that it continues to be detected and can they do something about it.
They didn't send an email You get an account with a link that gives this result:
Avert(r) Labs WebImmune
• Log out
• Change password
• Submit a file
• Update registration
• My Account
• Frequently Asked Questions
• Instructions For Use
McAfee Labs - Beaverton
Current Scan Engine Version:5300.2777
Current DAT Version:5774.0000
Thank you for your submission.
Analysis ID: 5583210
Name Findings Detection Type Extra
thehook.dll current detection generic pup.e Application no
current detection [ thehook.dll ]
Our analysis detected a potentially unwanted program or joke program with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again.
If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy.
There is no way to respond and the "Contact Us" results in a blank screen. Based on their FAQ this seems to be a site that evaluates files that the submitter suspects may have a virus which was not the purpose for submitting it. Since the Avert site seems to think the file is virus related (when it in fact isn't) nothing is probably going to change.
They will send an email if you submit it by email. I refer to that method in that link.
Their FAQ would seem to advise against this. Quote:
Should I send samples to WebImmune and e-mail them to Avert(r) Labs?
No, you only need to submit the sample to Avert(r) Labs once. The only exception is if WebImmune prompts you to send to Avert(r) Labs via e-mail. This will usually be the case if the file is over three megabytes in size.
From personal experience I find that if you don't pester them sometimes nothing gets done. I would do it anyway.
Since they already have the file and have apparently identified it (wrongly) as malware will this make any difference?
How do we return to the mode where the user (and payer for the software) decides when a file or application should be quarrantined or left alone? This is like hiring a security firm to watch you property and they keep turning in a member of your household for B & E. Would you keep paying this group?
If they say wrongly that it is an infection nothing will ever change until someone convinces them otherwise.
VirusScan home can only be told to ignore something identified as a PUP, not as any other type of malware.
We've been asking to have the feature reintroduced for ages and have thus far been ignored.
It was a feature several years back and still is with the corporate editions.