Moved to Corporate > Malware Discussion from Consumer for better attention.
Thanks for your report.
When you submitted your sample to firstname.lastname@example.org, you should have received confirmation of your submission that included an assigned Analysis ID number identifying your escalation. Please respond to this message with that Analysis ID number so that we may expedite this issue to our researchers.
Thanks for your reply.
Here are the first lines of confirmation report:
McAfee Labs - Beaverton
Current Scan Engine Version:5400.1158
Current DAT Version:6427.0000
Thank you for your submission.
Analysis ID: 6709456
File Name Findings Detection Type Extra
mch.dll |current detection |pws-brmonitor |Trojan |no
current detection [mch.dll]
The filesubmitted is malware that can be detected with curred DAT files. It is
recommended that you update your DAT and enginefiles and scan your computer again.
Thanks for your information, Fabio !
I'm going to escalate this to our research team and will let you know of any progress.
Please, let us know if you need any information about software or company. The quick solution of this false positive problem is very important for us.
I'll let you know if any detail is requested.
Your sample is currently under analysis and we will let you know its results.
The file has been previously detected as a Trojan due to its characteristics. However, as this is a commercial software, McAfee Labs recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. Therefore this detection has been reclassified as Potentially Unwanted Program Spyware-BRMonitor, which is an application detection, which means that it does not contain a virus, and is not considered a trojan because it does not damage systems maliciously. This reclassification will reflect in tomorrow's DAT files.
We recommend customers who do not want to receive the detection, to exclude the application in their AV product.
Please see http://vil.mcafeesecurity.com/vil/pups/configuration.htm for information about how to exclude detection of legitimately installed programs.
Depending on the product you use, you may additionally contact our Technical support to assist you in excluding this program from detection.
Thanks for your reply!
Well, this "reclassification" do NOT help us much, once we still need to spent several hours supporting clients to configurate McAfee, and mainly because future potencial new customers, that download trial version of our software, thinks the file is really infected, and give up buying...
BRMonitor is our commercial monitoring software. We would like to explain that It is avaliable only in portuguese (Brazil), cannot be remotely installed (sending by e-mail, for example), do not monitor virtual keyboards (on bank's websites, for example), each licence can be used in only one computer (online authentication) and cousts about U$60. It is used by parents to avoid pedophilia and other internet problems, and by company owners to keep the good usage of computers. For more information, please visit http://www.brmonitor.com.br
Our company is in the market since 1996, and this software since 2004. We can provide any information you want. Please, help us!!
Btw, not even your Technical support could inform how to exclude a file from McAfee. We read in many places that this "exclude" configuration is impossible.
We made more tests today, and McAfee is not detecting our software anymore.
Thank your very much for your help!