Will point someone here as this is deeper than we go.
Usually when they reply you reply to that email adding False detection and name of detection.
In body email add Please review as I think this is a false detection.
I have PM'd an engineer
Could you please post the sample ID here which you have submitted to McAfee.
McAfee Labs - Beaverton
Current Scan Engine Version:5400.1158
Current DAT Version:6350.0000
Thank you for your submission.
Analysis ID: 6635584
Name Findings Detection Type Extra briony gadget helpline.pdf.exe current detection generic malware.ck Trojan no
current detection [ briony gadget helpline.pdf.exe ]
The file submitted is malware that can be detected with curred DAT files. It is recommended that you update your DAT and engine files and scan your computer again.
Malware writers use the double-extension trick to get users to click on a malicious download. If the hide-extensions flag is set - or if an initial exploit sets it - all the user sees is an innocent pdf or doc file. When the file is opened the executable runs and executes the malware. What your encryption software is producing bears all the hallmarks of malware, so if other vendors are giving the files the all-clear perhaps the McAfee testing needs to be tweaked to analyse the file contents more thoroughly.
As a test, I suggest you upload a couple of files to VirusTotal and see how many AV vendors flag them as suspect.
Antivirus Version Last Update Result AhnLab-V3 2011.05.21.00 2011.05.20 - AntiVir 188.8.131.52 2011.05.20 - Antiy-AVL 184.108.40.206 2011.05.20 - Avast 4.8.1351.0 2011.05.20 - Avast5 5.0.677.0 2011.05.20 - AVG 10.0.0.1190 2011.05.20 - BitDefender 7.2 2011.05.20 - CAT-QuickHeal 11.00 2011.05.20 - ClamAV 0.97.0.0 2011.05.20 - Commtouch 220.127.116.11 2011.05.20 - Comodo 8772 2011.05.20 - Emsisoft 18.104.22.168 2011.05.20 - eSafe 22.214.171.124 2011.05.19 - eTrust-Vet 36.1.8338 2011.05.20 - F-Prot 126.96.36.199 2011.05.20 - F-Secure 9.0.16440.0 2011.05.20 - Fortinet 4.2.257.0 2011.05.20 - GData 22 2011.05.20 - Ikarus T188.8.131.52.0 2011.05.20 - Jiangmin 13.0.900 2011.05.20 - K7AntiVirus 9.103.4693 2011.05.20 - Kaspersky 184.108.40.2067 2011.05.20 - McAfee 5.400.0.1158 2011.05.20 - McAfee-GW-Edition 2010.1D 2011.05.20 - Microsoft 1.6903 2011.05.20 - NOD32 6139 2011.05.20 - Norman 6.07.07 2011.05.20 - nProtect 2011-05-20.01 2011.05.20 - Panda 10.0.3.5 2011.05.20 - PCTools 220.127.116.11 2011.05.19 - Prevx 3.0 2011.05.20 - Rising 23.58.04.03 2011.05.20 - Sophos 4.65.0 2011.05.20 - SUPERAntiSpyware 18.104.22.1686 2011.05.20 - Symantec 2022.214.171.124 2011.05.20 - TheHacker 126.96.36.199.202 2011.05.20 - TrendMicro 188.8.131.522 2011.05.20 - TrendMicro-HouseCall 184.108.40.2062 2011.05.20 - VBA32 220.127.116.11 2011.05.19 - VIPRE 9337 2011.05.20 - ViRobot 2011.5.20.4470 2011.05.20 - VirusBuster 13.6.365.0 2011.05.20 -Additional information MD5 : 36648a023061bbc026af78add696379d SHA1 : a5fc24ad2106cd2a4e186fa8efe6e3d0cc38b703 SHA256: a2999da32ff2c5fb721c43f1aa102ba45c19596f7fb23866c2ee54e1856af46e
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
Maybe nownitin has fixed it retry detection on your pC.
Mcafee does not detect the creation of the encrypted file. It is the real-time scanning that quarantines my file when I try to attach it to an email.
I must admit I don't know what the VirusTotal results (above) are telling me - there is no explanation nor summary.
The end result is that Mcafee has again deleted my file. GRRRR.
Best to await nownitin's comment.
Real time scanner uses same dats so unsure why will see what he says
when real time scanning happens, does it show Artemis!0AAF63234E86 detection?, if that is the case Artemis detection should be resolved in another 30-45 minutes.
Detection Generic Malware.ck is also fixed and should be in in real time DATs2 in 2-3 days.
since malware writers use the double-extension trick to get users to click on a malicious download and if you still want to use these files, you can either change the file name limited to one extension only or add the file name based exclusion from the product.