How did you submit the files? Sending them to webimmune will never get you an answer on a false without a support escalation.
Either submit them via the customer submission page in service portal, or call support to have them raise an escalation.
Hope this helps!
Thank you very much for the response.
I e-mailed the files to email@example.com.
I have pasted part of the response below, which sure indicates that they will be contacting me, although no one ever has I don't own any Macafee products -- I am simply trying to stop them from mis-labeling software as trojans when they are not.
Thank you very much!
McAfee Labs - Beaverton Current Scan Engine Version:5400.1158 Current DAT Version:5957.0000 Thank you for your submission. Analysis ID: 5957310 Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected. Your submission is being forwarded to an McAfee Labs Researcher for further analysis. You will be contacted by McAfee through e-mail with the results of that analysis.
Dude, Like Sam said, GO to Mcafee Service Portal and log a case!
In my experience, AVERT will definitely not entertain your query as anybody could be a member of AVERT and submit any suspicious files. BUT AVERT are not obliged to reply to each and every person who submitted a query / sample. If you want your submission to be checked and monitored. Go to the Service Portal (only MCAFEE customers can log-in) and log a case then an engineer will contact you and ask him/her to follow-up the submission that you made. Dont forget to include the AVERT analysis ID.
Thanks for the reply, but I am not a Mcafee customer. I am just trying to get them to stop incorrectly flagging my files.
And, out of curiosity, why would they state in their response that I will be contacted by Mcafee with the results of their analysis.
The bottom line is that Mcafee is incorrectly labeling some of our software as malicious; they should have an easy way to correct / prevent this.
The whole False Positive thing has really gotten out of hand.
Thanks for the reply, but I am not a Mcafee customer
- Now we know why they aren't contacting you for status updates. Even i an enterprise customer who supports 8000 nodes are having a hard time during escalation and "follow-ups" before when we're submitting suspicious sample files.Because having an undetected malware is as painful as your false positive issue.
I am just trying to get them to stop incorrectly flagging my files.
- Well, most of the people here are from Mcafee Technical Support. Perhaps one of them will be kind enough to follow-up your query.
Although i disagree with you when you said the latest versions has no settings for EXCLUSIONS..i highly doubt that...im not sure with the consumer products as i am an enterprise user. And the one we're using even the oldest versions has settings for EXCLUSIONS. Our homegrown apps are all indicated on the exclusions to prevent false positives.
Thanks again for your reply. I hope you are right in that someone from Technical Support will follow up with me.
And I think you are right about the latest consumer products being the ones with the inability to add exceptions. I am hearing this from users, who are familiar with setting exceptions. If this is true this should DEFINITELY be changed.
Maybe I'll post this in the home products section as well.