1 2 Previous Next 13 Replies Latest reply on Jun 5, 2011 4:15 PM by Peter M

    Moving Item from Quarantine to Trusted

      I'm using Win7 with McAfee Security Ctr. 10.5

       

      I'm trying to install a program on my computer that uses a generic downloader.  As soon as I try to save the file to Desktop, McAfee identifies it as a trojan and immediately places it in quarantine.  The website is trustworthy.  So, as per the Help instructions I go into Quarantine in order to restore the file, so that I can then move it into Trusted Programs.

       

      HOWEVER: Every time the file is restored, McAfee again judges the file to be a trojan and quarantines it.  Except for turning off McAfee's real-time protection and then downloading the file, I can't figure out how to place the item in the Trusted section.

       

      * * *  By the way, I an NOT YET trying to run the file -- just save it to Desktop.  After that, I typically run a virus scan of the saved file (even from a trustworthy site) just as a precaution.

       

       

      I'm attaching screenshots.

       

       

      k.png

       

      m.png

       

       

       

      Message was edited by: mwidunn on 4/28/11 11:22:10 PM CDT
        • 1. Re: Moving Item from Quarantine to Trusted
          Peter M

          Did it get an 'Artemis' label by any chance?  If so please post the full details.

           

          You will have to submit it to McAfee for approval first.

           

          In order to submit it you will have to temporarily disable McAfee, procedures outlined here:  https://community.mcafee.com/thread/2016

           

          Also have you tried disabling McAfee and then installing the product, perhaps it is only objecting to the installer and once done it will work OK...you could try that.

          • 2. Re: Moving Item from Quarantine to Trusted

            Thanks for the reply.  Sorry for taking so long to reply.

             

            No, I got no Artemis message.

             

            I disabled BOTH the AV AND the Firewall and STILL had problems with the installer being quarantined.  It would start working, downloading the program, and then would just disappear from the Desktop.

             

            The only thing I can think to do is to: completely uninstall McAfee; install the program; and, then re-install McAfee.  However, my presumption is that, once McAfee is running again, it would continue to quarantine the installer when it attempted to upate.

             

            Regarding your thread above about Artemis -- portions of which for some reason the site WILL NOT let me paste here -- I think it is absolutely brain-dead stupid for McAfee to have eliminated the option to "Restore and Trust" in the Home edition.  This is "numbnuts" territory, . . . especially, when te Help section still holds out the possibility of adding a program to the Trusted list. (How?)

             

            I paid for McAfee to come pre-installed on a Dell.  But, before on my previous computer I was using the free Avast! without any problems.  I never had so many hassles with that product, which as I said was free.  I expect more from something for which I have paid.  Not a happy customer . . . 

             

            Thanks.

             

            Pic Canadian Flag 1957.png

            • 3. Re: Moving Item from Quarantine to Trusted
              Peter M

              I agree with you totally. 

               

              Restore and trust was a feature years ago and we complained bitterly when they removed it...VirusScan 7 I think.   The new one which is being released soon, VirusScan 15,  does have a limited ignore function built-in so may help.

               

              You should submit the offending file to McAfee Labs.  It's laid out in that link I gave.

               

              By the way if real-time scanning was turned off then nothing should have been detected, so it's weird that it was still detected.  Are you sure you told it to stay off?

               

              Also Windows Defender acts in a similar manner sometimes.

               

               

               


               

              Message was edited by: Ex_Brit on 08/05/11 9:02:44 EDT AM
              • 4. Re: Moving Item from Quarantine to Trusted

                Still, the same problem; and, no way apparently to fx it.  I had a much better end-user experience when I had the FREE Avast on my old laptop.

                 

                I guess that's what I'll be installing after removing McAfee.

                 

                I'll just chalk it up to one of those costly "life lessons" . . . and, never use (or, recommend) a McAfee product again.

                • 5. Re: Moving Item from Quarantine to Trusted
                  Peter M

                  SecurityCenter 11 which is in the process of being released allows a limited amount of trusting.

                   

                  It's a pretty normal thing to have to submit false findings to a company no matter who they are.  I've done it for Avast, Kaspersky and Norton as well as McAfee over the years.

                   

                  At one time files and folders could easily be trusted, that was back with VirusScan 7 I believe, we are now up to version 15, although my memory is a bit hazy now, but with the proliferation of gaming, online file sharing, torrents etc. etc. it was decided to take those decisions out of the hands of the public as the McAfee Labs were beginning to see a sharp upward trend in actual infections deliberately trusted by people who then blamed McAfee for the subsequent problems.  Not to mention that malware is becoming particluarly malicious of late.

                   

                  VirusScan 15, part of the 2011 product allows files and folders to be trusted when initiating a manual or scheduled scan, but still not for the real-time (background) scanner.    We Moderators pushed hard for that last step to be reinstated but thus far the requests have been rejected.

                   

                  Their argument is that the whole ball game has changed very much foir the worse and safety comes first.  We argued that the Enterprise (Business) product has always had that feature to no avail, so far anyway.

                   

                  If you want to help shape things to come become a beta tester:  https://community.mcafee.com/docs/DOC-1236 and give lots of feedback/product improvement suggestions.

                   

                  Advantage - a perpetual license for as many machines as you like.  Disadvantage, it downloads the entire Total Protection suite but you aren't forced to use them all, just don't set up the parts you don't want to use (for instance Online Backup, AntiSpam, Parental Controls etc.are optional), and you have to participate in the feedback process and there are occasional issues obviously, it being a beta test, but there is active response to feedback problems and a special private section in these forums for posts.

                  I wouldn't recommend beta for anyone on a production machine however.  I multi-boot and keep the beta on other than my main OS.

                   

                  I'm really surprised that a file was quarantined when McAfee was turned off, it certainly shouldn't have happened.

                   


                   


                   


                   


                   

                  Message was edited by: Ex_Brit on 23/05/11 7:52:28 EDT AM
                  • 6. Re: Moving Item from Quarantine to Trusted

                    Thanks for the information.  I'll try to download a copy of SecurityCenter -- just to keep it handy if I decide to re-install. (I mean, I did pay Dell to have it put on the computer in the first place.)  I'll look in every now and then to see if McAfee has bettered the product regarding its ability to "trust" safe programs.

                     

                    I admit, I'm a complete novice when it comes to all of this . . . and, I'm also appreciative that McAfee is looking out for my computer's safety.

                     

                    But, let's grant the scenario whereby I tell McAfee to trust a program / file / whatever: Couldn't McAfee have mandated that -- before trusting anything -- it would initiate a thorough scan of the program / file /etc. JUST TO MAKE SURE that -- before trusting it -- it didn't really have a virus or malware attached?  If nothing were found, it could say, in effect: "O.K., looks fine.  The program will be trusted from now on."

                     

                    As I say, I'm a novice; and, perhaps, the "bad guys" have found a way around even this.  Still, it seems like a really simple fix to the previous scenario where SecurityCenter was apparently just letting people approve programs willy-nilly with little questioning or response from the AV software.

                     

                    BY THE WAY, just by way of update:

                     

                    When I turned off real-time scanning, I was able to download some components of the program I wanted off the web.  However, the connection would eventually break down and the downloader would disappear.  I was told it might have something to do with the web site's bandwith and that I should try again at another time.  I was (at least) finally able to download the browser window for the program . . . and, precisely what I feared would happen happened, namely, when I clicked on the updater, the file was immediately quarantined by McAfee.

                     

                    Since I have installed Avast, I'm currently downloading the program again.  No problems: Real-time scanning is on -- but, the file (which I know is safe) wasn't quarantined and there's no break in the connection.  The people who make McAfee need to take that customer experience into account.

                     

                    Message was edited by: mwidunn on 5/23/11 1:45:21 PM CDT
                    • 7. Re: Moving Item from Quarantine to Trusted
                      Peter M

                      There'll be a time when Avast catches something that it shouldn't too, so really it's the luck of the draw.

                       

                      Turning off real-time scanning isn't wise since that stop the antivirus form working, full stop.

                       

                      Also files can change, especially with malware present so the idea of forever ignoring files if once clean could be a bad one anyway.

                      • 8. Re: Moving Item from Quarantine to Trusted

                        In fact, I also encountered problems like the ones on this thread.

                        Few months ago, I have downloaded some Game Trainers (those that allow you to have certain advantages in going through certain games, I never used them during online play though! Just those that are offline).

                        4 out of 5 of those trainers will have problems running certain features due to McAfee Antivirus (mine's using McAfee Security Center as provided by Dell since buying a Dell XPS 15 in Dec 2010) inteference. Most of those sites will also alert those who downloaded those trainers of the so-called False Positives.

                        Take one of the trainers I had for years for example. This particular trainer has been with me since 2007 when I was still using Windows XP (in a old Dell Inspiron Notebook bought in 2005). There was no bundled antivirus software at that time and I installed AVG Free after advice from a seasoned ISP Technician. The trainer I had had absolutely NO CONFLICTS with the antivirus all this time. But when I upgraded into this XPS 15 which has a bundled McAfee Internet Security Licence with it (like many new notebooks nowadays which also comes with free 1-year licence of Internet Security Software, but Dell's computers have 2 vendors for their Internet Security Solutions - McAfee and Trend Micro with minimum 15 months licence), this trainer starts to get itself deleted whenever it gets unzipped (just the .exe file gets hit, other files are not affected) due to McAfee detecting it as a trojan horse (fyi, the Trojan Horse name in this file is classified as Generic.dx!gnb, probably something to do with the DirectX code used in making this trainer). Even completely disabling ALL the festures of McAfee Internet Security proved useless (it just delays the time used to delete the file sutomatically).

                         

                        For that particular file I have uploaded it into McAfee Avast Labs and they tell me the same thing as well. In addition, I have sent the same compressed file to a site called VirusTotal which runs scans of a file on 40 different Antivirus and Internet Security Software. The result: Only 12 out of 40 of them reported a Trojan Horse in the file, which makes it a highly possible False Positive. (A False Positive is likely if two-thirds of those programs detected nothing inside those files). A further analysis shows that the Antivirus/Internet Security Software that is likely to be bundled with computers will show a virus inside those files (McAfee, McAfeeGW, Symantec, Trend Micro, AntiVir), but others that can be bought off retail shelves showed a negative result (Avast, AVG, BitDefender, eTrust, Kaspersky, NOD32, Panda, MSE, PCTools).

                         

                        Trainer spplications that pass through McAfee also have problems running full functionality as well (most notably, some functions disabled automatically). This has been brought up several times in forums that create those Game Trainers, and they have one thing in common - They have blacklisted Symantec and McAfee Antiviruses as programs with detects too many False Positives and recommend disabling or uninstalling those programs before running those trainers. So far, ONLY ONE TRAINER that I have works normally (all functions working) with McAfee up and running (I had about 6 different trainers at one time.).

                         

                        I really think that only with this new release that the problems can be partially resolved because even sending those False Positives via email can take months to resolve, if they ever get noticed at all.

                        • 9. Re: Moving Item from Quarantine to Trusted
                          Peter M

                          You mean McAfee Avert Labs I assume...;-)

                           

                          Well if you get a false positive you should post a new thread either in the Home User Assistance section of Malware Discussions here: https://community.mcafee.com/community/security/malware_discussion/consumer

                           

                          or, if it's detected as an 'Artemis' detection (new and unknown) post in the Artemis section here:  https://community.mcafee.com/community/security/malware_discussion/artemis with the header False Artemis!xxxxxx where xxxxxX is the number allocated to that detection.

                          1 2 Previous Next