It is too bad I have been recommending Mcafee to my friends, family and clients for many years, along with using it on my own machines. I was very happy, up until they removed the ability to trust files. Last year when I had to update my Mcafee I found that one of my programs I had been using for a long time was now being considered a virus and Mcafee deletes it instantly. I can even restore it and it is deleted again, what is the use to allow a person to restore a file only to delete it and never give them the ability to trust it? I spoke to On line support, after running around in circles with them they finally admited that you can no longer trust files manually in Mcafee. So after running in circles I loaded Norton into my personal machine and it never had a problem with the file. Of course you may say well some other programs may miss a possible virus while it is better safe then sorry and leave an infected one. Problem with that is a close friend of mine use the Enterprise version in his business and also has no problems with the file, so is the Enterprise version faulty or is the Home version over zealous? Sorry I know many people work from home but how many would want to have to pay for a company version software to run their personal equipment. Now the easiest fix is to allow the option of manually trusting a file or program, please do not say that it will leave Mcafee on the hook for any thing since it is the users responsibility to know what they are trusting or else every antivirus program would be on the hook for them allowing a hijak program/virus to take over their PC even though the user is the one that clicked the window. Other antivirus applications do have this ability still. I have kept Norton on my PC for a year now and have had no issues with it deleting files that I run every day to monitor my server. On my server I have had to disable Mcafee every time I have wanted to run those file. I am sorry but by being unable to trust the files I need to makes Mcafee a liabilty since I have to disable its over zealous protection and leave my server exposed while checking players on my server, once again very funny that not all levels of current versions of mcafee have this issue. I have 6 Windows based PCs in my home, 2 for work, my wife's, my daughter's, a spare laptop, and the server, 5 of them are currently running Mcafee but the year subscription is shortly going to be running out and I am going to be uninstalling Mcafee and installing Norton on them until Mcafee will listen to its users and allow manually trusting back in its software. I cannot really see much difference in a virus that deletes a file I want to keep and use or a program that deletes a file that I want to keep and use. Just one last note, what is more foolish to give a person the ability to trust a file/program or require that they shut of their antivirus to run said file/program and leaving them exposed to many more possible infections while it is off?
We hear you and have asked time and time again for McAfee to allow files to be trusted in the consumer edition as they were back in VirusScan 7 days, and still are with VirusScan Enterprise.
You can submit files for approval and it can often all be taken care of in a matter of a few hours so they wont be detected again.
See this thread for guidelines: http://community.mcafee.com/thread/2016
I went through that path originally and got no were. Funny though, yes Enterprise can allow you to trust a program but in this case it was never an issue. My best friends Enterprise that he runs in his company had no issues with the program that my Home version deletes. This post was mostly to point out that not listening to customers will cause them to move on to another company that is more willing to work with users instead of treating them like fools who cannot cannot properly decide what is right or wrong with their own PCs. This is too bad since I have been working as a tech since 91 and always prefered Mcafee since the first time I had to deal with a virus breakout when working for a small system integrator company shipping to the US and Canada, good old Michaelangelo. I maybe one person and they probably do not care one bit what I do, very obvious from them not listening to the vocal few who have brought it up. but I do deal with many clients and family members on their equipment and when they ask not only what I recommend but what I personally use and why more will tend to follow until Mcafee finally cares to listen to people.
The home and Enterprise versions shouldn't differ in detection, it could have happened because one of them wasn't up to date perhaps? You should resubmit the file to Webimmune email@example.com with the header "False" and if they finally say it is a virus/trojan or whatever, then immediately reply disputing that, making sure you keep the email header intact.
Don't forget to zip the file and password protect it using the password "infected" (minus the "").
Message was edited by: Ex_Brit on 15/03/10 7:16:38 EDT AM
I too have had problems with McAfee and the help is just about non-exitent, I have 5 websites that I submitted to McAfee SiteAdvisor for testing on January 25, 2010, and I have not yet been tested (and I have left a comment on all the sites as per their request). Norton tested my sites in under a week and all have the green light. You be the judge. Who has a better system, Norton or McAfee.
Delta78 whilst I appreciate your frustration, SiteAdvisor has absolutely nothing to do with antivirus and I think it was just pure chance that Norton took only a week to check a site. I've known SiteAdvisor only take that amount of time or even less, it all depends on the site and how long since its inception and how long since last scanned.
In any case Somer Pyron from McAfee has answered your SiteAdvisor query and is looking into it.
Hope it helps.
You're right, submitting it as a false detection will get it added to the safelist. What's probably going on here is that the application getting deleted is accessing memory or doing something similar to malware so VirusScan is removing it. And while an exclusion would help this particular application in this specific case, it won't cure the underlying problem, which is that this application is doing something odd. It could be something as simple as bad coding causing the app to generate a buffer overrun or something. Either way, Artemis detection will see the activity and stop it until it gets added to the safelist.
I must echo the sentiments expressed by the OP.
I am not having problems with FP detections, though I can only imagine the OP's frustration trying to rectify this issue without the ability to set exclusions.
However, it defies comprehension that MSC cannot be designed to allow the user to set exclusions or otherwise customize the scheduled scans.
This is probably the only major ISS that doesn't permit this.
My immediate problem relates to file SIZE.
I have a utility to backup my FF and TB profiles (MozBackup).
It creates a single PCV file from an entire folder containing all the email clients' files, my emails, etc; it is essentially a "zip" file.
In the case of my TB email client, that file is VERY large, even w/compression (>1.5 GB).
If I create a backup anywhere in my files/folders, my overnight scheduled scans with MSC take >5 hours b/c MSC takes *forever* to unpack and scan within this big file. (Heaven forbid I should create a 2nd backup file of similar size.)
If I manually scan and tell MSC to "skip" when it gets to this large file, the scan proceeds at a decent pace and completes in ~2.5 hours.
(It would be even more efficient if I could exclude a large folder of jpgs that don't need scanning every darn day and to otherwise customize the scheduled scans.)
My only "workarounds" are to:
1) Create TB MozBackup files ONLY on my USB external HDD (very inconvenient), or
2) Cancel my scheduled scans and ONLY scan manually/"on demand", when I can control the process (would hardly seem to enhance system security).
Frankly, this is really disappointing.
Added to the myriad OTHER significant functionality and configurability issues with this product (some of which are actually worse in the 2010 versions I have yet to receive), I am rapidly coming to the conclusion that -- despite having current subscriptions on 2 of my 3 computers, it may be time for me to move to a more "compliant" and configurable ISS.
If I'm missing something about how to make this all work best, please advise.
There is an option in the scanner to not scan compressed files. If your email file is a common type of compression, this might fix the issue for you. Open SecurityCenter and open the Virus and Spyware Protection drawer. Click Scan your PC, and Run a customer Scan. Unfer "All File Types," you can select the check box beside "Exclude ZIP and other compressed files." This is an on-demand scan, as you pointed out, so you'd still have to launch it. You could also change your scheduled scan time to run at a time when you're not using the computer (say, right after you go to sleep, for example).
In the meantime, I'm going to forward your comments to our product management. As Ex_Brit stated, we had the ability to exclude files in previous versions, but not in the last couple releases. I don't personally know the reasoning behind it, but I can assume it had to do with direct customer feedback (as we use feedback during the design phase). Regardless, I'd like to provide this feedback as well and see what we can do with future versions.
Please let me know if disabling compressed file scanning helped. I understand these are only workarounds, and will make sure your feedback gets to our developers.
As I mentioned in my second post I originally went through the issue of contacting support online and emailing the file in, but got no were with that path. Also yes there should be no difference between the Enterprise version and the Home version on how they automatically handle the same file, so why is there a difference? As for the post about site adviser, true this is posted in the antivirus forum but it does point out what I saw with my issue when I originally had the problem, slow to no support. I have seen these same issues with other people who have my type of issues in olderversion forums, who have also sent their files in only to be told too bad it is a virus even though it is not. Personally the slow response of the site advisor group would worry me even more since you have many people with little knowledge and are paranoid so they may be unwilling to visit a safe site just because it is showing bad on Mcaffee's site advisor causing that company potential loss of revenue. Norton may have been a fluke to have taken a week to correct they issue, maybe they are usually longer then again maybe they are usually faster. At least they responded. The fact that the Home version of Mcafee antivirus will not allow a person to manually add a file or program to the trusted list and deletes it immediately when seeing it is the primary problem I dislike. The fact that Enterprise version does not see the program as an issue is another problem taht I do not trust. People have been requesting this to be fixed for a long time and obviously Mcafee does not care to make it easier for their customers so why fight to use a product whose company does not want to be user friendly when there are so many other good choices out there who do? Hopefully this post will help do what it was posted for- getting Mcafee to listen to its users and be more flexible. Otherwise more dedicated users will start choosing other options. In a couple years I would have been a dedicated 2 decade user and supporter of their product, but as it is I am moving on to an easier to use product.