7 Replies Latest reply on Dec 7, 2010 5:29 AM by mjmurra

    Add to whitelist for Getsusp?

    dbusby3

      I have a file tb2skype.dll.  You might want to consider adding to the whitelist.

      http://www.virustotal.com/file-scan/report.html?id=4654c0b4e0ff4977b3cc28974477f e5132483b1cb6dbca80bb6478fbb7be2b86-1289404061

      MD5   : b9c58ddafc7b2c37958195a3e1af976c
      SHA1  : 7e625df1d6f3a8ab19429453b619ed993438a5e0
      SHA256: 4654c0b4e0ff4977b3cc28974477fe5132483b1cb6dbca80bb6478fbb7be2b86
        • 1. Re: Add to whitelist for Getsusp?
          vinoo

          It was added to our whitelist two days back (11/8/2010 10:13:26 PM) :-)

           

          We track incoming GetSusp submissions from SLB and other customers and whichever files are prevalent get a priority whitelisting on a regular basis.
          You might want to consider specifying your email address in the getsusp uploads. It makes it easier for us to pull up your recent submissions.

          • 2. Re: Add to whitelist for Getsusp?

            The following files are causing my zip's to exceed 5Mb:

            <removed files>

             

            All are files from the Lotus Notes 6.5.0 email client. Could  they be whitelisted?

             

             

            Message was edited by: mjmurra on 19/11/10 10:04:03 AM

             

             

            Message was edited by: mjmurra on 7/12/10 9:30:00 PM
            • 3. Re: Add to whitelist for Getsusp?
              HBullock

              Check out SR 3-1311731013. There is a malware file and some that most likely need whitelisted.

              • 4. Re: Add to whitelist for Getsusp?
                vinoo

                @mjmurra: nnotesws.dll which is 17MB is causing the zip file bloat. The Notes related files have been whitelisted.

                 

                @HBullock: There is more than 1 malware file- actually 8 of them. All the files posing as Opera Software are confirmed malware. I've taken care of whitelisting the IBM related files.

                 

                Thanks for reporting!

                • 5. Re: Add to whitelist for Getsusp?

                  I have some more common files that often turn up as suspicious or unknown:

                   

                  <removed files>

                   

                  What is the best way to get mass whitelisting done? I know that there is a corporate product being worked on (getwhite ?) that will acheive the task, but looking for the easiest way for McAfee Labs to whitelist without submitting too many samples etc.

                   

                   

                  on 7/12/10 9:27:25 PM
                  • 6. Re: Add to whitelist for Getsusp?
                    vinoo

                    Thanks for reporting - these have been validated and added to the whitelist.

                     

                    Later this month, I'll be reaching out to you with GetClean - a tool to scan COE images and upload unknown files or just their meta data to McAfee for purposes of whitelisting.
                    Once you've run GetClean on the standard images and we've whitelisted the unknown files in the backend - it should greatly reduce the noise in GetSusp reports and also prevent DAT/Artemis falses on those files.

                    • 7. Re: Add to whitelist for Getsusp?

                      vinoo wrote:

                       

                      Thanks for reporting - these have been validated and added to the whitelist.

                       

                      Later this month, I'll be reaching out to you with GetClean - a tool to scan COE images and upload unknown files or just their meta data to McAfee for purposes of whitelisting.
                      Once you've run GetClean on the standard images and we've whitelisted the unknown files in the backend - it should greatly reduce the noise in GetSusp reports and also prevent DAT/Artemis falses on those files.

                       

                      Vinoo.

                       

                      Thanks

                       

                      Yeah, GetClean (I remember the name now!) will be great for getting my organisation's most common files whitelisted - so definately looking forward to it.