3 Replies Latest reply on May 11, 2010 6:52 AM by SamSwift

    false-positive

      Dear Sir,
      McAfee detect the file HPLoader.sys as  New Win32.
      The infomation you may need are list below,

      The file HPLoader.sys is the driver of the the ZHENGTU Online Game Time Edition, a product of Giant Interactive
      Group Inc (NYSE GA),Official site http://ztsj.ztgame.com/.
      HPLoader.sys  have Digital Signatures, which were issued by "VeriSign Class 3 Code Signing 2009-2 CA", a
      Windows XP default trusted root certificate.

      Issuer: VeriSign Class 3 Code Signing 2009-2 CA
      Subject: Shanghai Giant Network Technology Co., Ltd.
      I attached the file HPLoader.sys' FYI.
      Decompression password is 'ztgame'.

       

      scan result for me

       

      mcafee.bmp

       

       

       

      Decompression password is 'ztgame'.

       

       

      on 10-3-29 下午09时35分47秒

       

       

      Message was edited by: Samantha Price - removing file. Please do not attach samples to community posts. on 4/5/10 10:02:14 AM CDT
        • 1. Re: false-positive
          Dinz

          Hi lixiaodong,

          From the image posted , I can see that it’s a Mcafee enterprise version , I shall move you thread to our enterprise section where our enterprise product experts would be helping you soon.

           

          Regards,
          Dinesh K
          McAfee Community Moderator

          • 2. Re: false-positive
            SamSwift

            Hi,

             

            The best process to follow with a potential false detection is documented here - however if you are a corporate user with a valid support contract you can use the new corporate submission portal, details for usage can be found here

             

            Using webimmune to submit a possible false detection is not recommended.

             

            Hope this helps,

             

            Sam

            • 3. Re: false-positive
              SamSwift

              Marking as 'assumed answered' due to age of thread. If you need any further assistance please don't hesitate to let us know.