8 Replies Latest reply on Jan 4, 2010 6:54 PM by krissy.only Branched to a new discussion.

    False Positive

      Hello Peter and all,

       

      McAfee Internet Security 9.15

      Engine 5301.4018

      DAT 5840.0000

       

      I'm getting a FP on the uninstaller for Shadow Defender - uninstall.exe.

       

      I have submitted the file twice to Avert Labs in the last 5 days with the initial findings being inconclusive.

       

      Any idea on how long I will have to wait for a researcher to analize the file and get back to me?

       

      I've had FP's before with McAfee and usually received an Extra.Dat within 24 hours. Is there any way to escalate this to get it resolved as soon as possible.

       

      File Analysis ID:

      5692357

      5691705

       

       

      Thanks for any help,

      Gerry.

        • 1. Re: False Positive
          Peter M

          We have no way of escalating them here.  I'll try to alert internally but at Christmas it's not going to be dealt with very quickly, here at least.

           

          If they have replied by email respond asking for a decision.  Keep the email header intact of course.

           

          By the way you should be installing SP2 a.s.a.p....!

           

           

          Message was edited by: Ex_Brit on 24/12/09 8:59:33 EST AM
          • 2. Re: False Positive

            Thanks Peter.

             

            Hope you have a Merry Christmas and all the best in the new year.

             

            Sp2 already installed, just need to update my sig. Thanks for the reminder though.

             

             

            Best regards,

            Gerry.

            • 3. Re: False Positive
              Peter M

              Thanks. Good - glad you've updated OK.  All the Best to you too.  I did post an alert in the Threat Center Moderators' section, but it's another matter if anyone is 'at home" there right now.

              1 of 1 people found this helpful
              • 4. Re: False Positive
                Peter M

                Got a message just now that they are "looking at it" with a reminder that "Customer is also able to escalate via a chat session to support".

                1 of 1 people found this helpful
                • 5. Re: False Positive

                  Hi

                  Thank you for submitting your suspicious file.

                   

                  McAfee Labs researchers have examined the file in question and no malware was found.

                   

                   

                  McAfee(R) Artemis technology provides real-time protection that secures enterprises and consumers from threats as they strike and much quicker than traditional signatures can be deployed. As Artemis is updated in real-time there is no requirement to wait for a full DAT update nor to use an EXTRA.DAT intermediate solution. Simply wait approximately 30 minutes and this false will no longer exist or trigger on your system. Depending on the network settings you have or the caching involved between your system and ours it may take slightly longer for this false alarm to be resolved.

                   

                  Please let us know if any issue persists.

                   

                  Regards

                  Neha

                  • 6. Re: False Positive

                    Hi Peter and Neha,

                     

                    Just scanned the file again and it's no longer being flagged.

                     

                    Thank you both for all your help in resolving this FP detection, very much appreciated.

                     

                     

                    Best regards,

                    Gerry.

                     

                     

                    • 7. Re: False Positive
                      Peter M

                      Glad it's OK now.   All the best.

                      • 8. Re: False Positive

                        Hi,

                         

                        Thanks for all your help for helping us solve this issue.

                         

                        We have tested, and it's OK now.