Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
This discussion is locked
183540 Views 0 Replies Latest reply: Feb 13, 2009 4:20 PM by Ex_Brit RSS
Ex_Brit Volunteer Moderator 59,592 posts since
May 6, 2004
Currently Being Moderated

Mar 22, 2014 1:24 PM

What To Do When McAfee Detects Legitimate Software As An Infection - How to Submit To McAfee Labs & Appeal

This only applies to to the Windows-based software - there are no published procedures yet for MAC or for Mobile applications.  Although it could be adapted for MAC I believe.

 

This outlines what to do when something is wrongly detected as being malware by your McAfee software.  This applies whether it is detected as regular malware or given the generic title 'Artemis' (given to "unknowns").

 

Files can be quarantined as regular malware or if they are currently unknown to the database, they will be labelled "Artemis", which I will deal with first.

 

Artemis (or McAfee 'Global Threat Intelligence' technology) is the enhanced heuristic detection component of McAfee SecurityCenter's virus protection module.

 

It works by adding an extra layer to the detection engine, but instead of just detecting something it actually "calls home" to the virus database to double-check before labelling something as a possible threat.

 

If something is identified, maybe wrongly as "Artemis" then McAfee already knows about it.  Merely send an email to virus_research@mcafee.com with the Artemis detection name and the words "False Artemis!++++++++++++" (where ++++++++++++ is the 12-digit code given to it) as the subject line. (Minus the "").  Also post  in the Artemis forum with the Artemis number as the header and put an explanation in the body of the post.  That gives you a double chance at getting it dealt with quickly.

 

However, if you still want to submit the file......

 

You should go to the Restore tab in Security Center and make sure that it is forwarded to the Threat Center (Avert Laboratories) as, if it is harmless, it will then be excluded from the database automatically.

 

To send it to the Threat Center outside of Security Center.....

 

First disable your virus protection:

 

Double-click the taskbar icon to open SecurityCenter

 

Click Virus and Spyware Protection

 

Click Real Time Protection

 

Click the Turn Off button and tell it for how long to stay that way.

 

Then click Navigation (top right)

 

Click Quarantined and Trusted Items (below) & restore the item.

 

See....How to Submit a file to the Labs for analysis: http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx

 

Email file to: virus_research@mcafee.com and make the header of the email start with the word FALSE - for example FALSE:  In-house file being detected by McAfee

 

When submitting samples via E-mail all samples must be packaged in a .ZIP file.

Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the "") - using the basic or default zipping level - some compression software offers varying degrees.  Failure to follow these guidelines will cause your submission to be rejected.

If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

If you don't receive anything it either means the file was submitted incorrectly or the response is sitting in your Junk or Spam mail folders.

 

**If they respond that it is an infection and you are sure it is not, reply to that email immediately ( to virus_research@mcafee.com ) and insert the word 'False' (minus the '') in front of the header, but keep the rest of the header intact.

 

To be on the safe side scan with an outside anti-malware agent such as MalwareBytes (Free)  or SuperAntispyware (Free). Let them clean everything they find.

 

See this FAQ regarding Artemis.

 

GetSusp

 

 

Another way of submitting files is to use the new GetSusp tool's Upload tab.  The tool is downloadable here:  GetSusp and support for it is in that Group which is free to join.

Don't forget to add your email address in Preferences to obtain a response.

 

Capture.JPG

 

 

 

Note:  The restore and trust feature used to be included in the home products and still is in the Enterprise/Business products - it has been reinstated in the 2011 consumer products (VirusScan 11 and up), in the scheduled and manual scan settings only but not in real-time scanning settings yet.

 



.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Message was edited by: Ex_Brit on 22/03/14 2:24:31 EDT PM

https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
Toronto • Canada
Volunteer Moderator
I can't help you privately - please post in the Forums
Use Advanced Forum Search To Find Answers
Beta Test McAfee Products For PC & MAC
How To Fix File Associations in Windows
XP & Office 2003 End-Of-Life - 08 April, 2014
Anti-Spyware/Malware & Hijacker Tools

More Like This

  • Retrieving data ...

Bookmarked By (10)