I understand your frustration and would strongly urge you to report this:
- through McAfee Technical Support (http://www.mcafee.com/us/about/contact/index.html) or
- directly with McAfee Labs if you have not done so already.
Message was edited by: Sjoerd Grimmelijkhuizen on 15/12/09 16:12:52 GMT
Just to clarify - KB66642 is not for false positive reporting - KB67411 is the one you need. I'd also recommend logging a case with support to have this escalated.
Also - GSE 6.0.3 is end of life so requires upgrading please. We do not test any of our software/update files against EOL products.
With regards to xerces-c_2_7.dll file, Our Senior Virus Research Engineers have examined the file and suppressed the false..
This detection has been corrected in the current DAT set.
Please update your DAT files to correct detection of these files.
If you utilize the McAfee VirusScan Online or VirusScan Retail products, and do not have the Dat File Version specified, please send an e-mail to firstname.lastname@example.org to request an extra.dat for your product. You must include the Analysis ID number found in the subject line of this message to receive the extra.dat file.
sorry yesterday for my heavy hint.
But I was really really angry about the many false postives in the last month.
xerces-c_2_7.dll is a very old DLL from Apache Foundation and is used by many products, (also the oudated GSE 6.0).
I get yesterday about 13 false positives messages from different products...!
Thank you, that you push up the thread analyse,
because since yet (12/16/09 10:00am CET) I get no reply to
Analysis ID: 5687188
Webimmune is the other nightmare....
1 of 1 people found this helpful
The best way to submit potential falses is as follows:
If you believe a false detection or misclassification has occurred with a particular file, use the steps below to submit the sample in question to McAfee Labs for review.
When analysis of the sample is complete, one of the following will occur:
- The sample is considered clean, detection is suppressed and will be updated in the earliest DAT release.
- The sample is misclassified, reclassification will occur and detection will be updated in the earliest DAT release.
- Analysis of the file determines that the sample is properly detected. The customer will be notified of the results.
False Positive Submission Procedure:
- When submitting a sample, send it to the McAfee Labs Virus Research mailbox: email@example.com
- All false positive samples should have the word FALSE in the subject line. Example subject line:
FALSE: In-house file being detected by McAfee
- Ensure that you include the On Access / On Demand Scan log files of the McAfee product along with the DAT and engine versions in use at the time. Also, include any other relevant information regarding why you believe the file has been incorrectly detected. This information will be helpful during our analysis of the sample. Example email message:
Please review the attached file as we believe this is a false detection.
Product: VirusScan Enterprise 8.7
DAT version: 5427
Description of issue: This application has been developed as an in-house tool for cleaning our databases. Please see the attached OAS/ODS log file showing this detection by VirusScan.
NOTE: Failure to supply all of the information requested above may result in delays in the analysis process.
Hope this helps!
Thank you Sam for your clarification.
This means, since seven years I use the wrong way to submit false positives.
And I thougt, Webimmune.net is always the best way....
We're all creatures of habit.
No probs - happy to help!