3 Replies Latest reply on Feb 12, 2010 3:26 AM by vladimirsukhov

    Enigma Protector false positives and SPAM alerts

      Dear Mcafee,

       

      I'm developer of software protection and licensing system for Windows - Enigma Protector (http://enigmaprotector.com/)

      My customers and I'm self have many troubles of using your and mine products both. Mcafee antiviruses always detect strange viruses in each protected file. I understand that this detection is just a false positive, but would be great if your reseach team could solve this problem.

       

      I've just protected simple notepad.exe file from Windows XP and both your antiviruses "McAfee" and "McAfee+Artemis" shows that the file contains this virus "Suspect-0B!0C44881DE3BB". The file is in attachment.

       

      I understand how it is difficult to analyse dozen files, and I could agree if antiviruses will alert on each file protected with DEMO version, but not with the full registered. For this reason each protected file has hidden signature that could be used for analysing. For this information you could contact me at support@enigmaprotector.com

       

      Also, I've noticed that my customers even do not get my email that come from support@enigmaprotector.com if Mcafee anti spam is installed.

       

      Both these things are very frustrating since Enigma Protector does not any viruses inside and since any spam never came through our server.

       

      Please suggest how we can solve this problem, I would be glad to help.

       

      Regards

        Vladimir

        • 1. Re: Enigma Protector false positives and SPAM alerts

          Hello McAfee,

          I'm a legal customer of Enigma Protector. I faces same problem on my Enigma protected application! Please solve this issue. I can not run. This is purely FALSE POSITIVE / FAKE ALERT.

          I hope you should clear this isuue next coming days.

           

          0lly

          • 2. Re: Enigma Protector false positives and SPAM alerts

            Hello Vladimir,

             

            Thanks for your report. We apologize for any inconvenience this has caused.

             

            In order for us to research this question, can you please send us a sample for analysis, in a password-protected ZIP file (password - infected).  You can find detailed instructions for how to do this at

            <http://vil.mcafeesecurity.com/vil/submit-sample.aspx>. Please add word "False" in the subject line.

             

            Best Regards,

             

            Patty Ammirabile
            McAfee Labs

            • 3. Re: Enigma Protector false positives and SPAM alerts

              Hi Patty, thanks you very much for the reply. I have sent few examples to virus_research@avertlabs.com but with my experience I think that false positives will be eliminated exactly for these files, but not for the all Enigma protected. Users will still have problem after next protection...

               

              That's really very difficult to detect viruses in protected files and I understand how it is difficult if the file is under packer/protector. As an easier decision I would suggest to detect any viruses in all files protected with the DEMO version, but solve false positives of the files protected with full licensed version.

               

              Would be great and useful of somebody from McAfee reseach team contact me at support@enigmaprotector.com and I will send private information regarding hidden signatures of protector in protected files. In the signature you will be able to find version with that file is protected and some other info.

               

              But regarding SPAM detection of my email, could you please advise how I can help to solve this problem?

               

              Regards and thanks

                Vladimir