1 2 Previous Next 11 Replies Latest reply on Oct 26, 2011 9:03 AM by pammirab

    False positive problem with our software

      Dear McAfee support team,

       

      We are a serious company from Brazil, that develops all kind of softwares, since little games for kids, to complex database managers.

       

      One of our softwares is being detected by McAfee as a vírus (false positive). We already followed many instructions found on McAfee website (see links below), to avoid this problem, but without sucess. We also tried to call to Brazil McAfee support phone, but no one can help us there either (we are not McAfee client, and do not have a Grant Number).

       

      Our software have more than 7,000 clientes and we are receiving many complaints about this problem. We are loosing many hours supporting our clients because of this problem, and loosing sales because new customers, that download trial version of our website, think the software does have a virus!

       

      Please, we need detailed instructions to avoid our software been (false positive) detected by McAfee.

       

      PS. We already tried this links, an others:

      https://kc.mcafee.com/corporate/index?page=content&id=KB67411

      https://kc.mcafee.com/corporate/index?page=content&id=KB66642


       


      Thanks,

       

      Fabio P Jr.

        • 1. Re: False positive problem with our software
          Peter M

          Moved to Corporate > Malware Discussion from Consumer for better attention.

          • 2. Re: False positive problem with our software

            Hello Fabio,

             

            Thanks for your report.

             

            When you submitted your sample to virus_research@avertlabs.com, you should have received confirmation of your submission that included an assigned Analysis ID number identifying your escalation.  Please respond to this message with that Analysis ID number so that we may expedite this issue to our researchers.

             

            Best Regards,

            Patty

            • 3. Re: False positive problem with our software

              Hi pammirab,

               

              Thanks for your reply.

               

              Here are the first lines of confirmation report:

               

              McAfee Labs - Beaverton                                                              

              Current Scan Engine Version:5400.1158                                                

              Current DAT Version:6427.0000                                                        

              Thank you for your submission.                                                       

               

              Analysis ID: 6709456

               

              File Name           Findings                      Detection                   Type         Extra

              --------------------|------------------------------|---------------------------- |------------|-----

              mch.dll            |current detection            |pws-brmonitor              |Trojan      |no  

               

              current detection [mch.dll]                                                                            

               

                 The filesubmitted is malware that can be detected with curred DAT files. It is       

              recommended that you update your DAT and enginefiles and scan your computer again.

               

               

              Thanks again,

               

              Fabio

              • 4. Re: False positive problem with our software

                Thanks for your information, Fabio !

                 

                I'm going to escalate this to our research team and will let you know of any progress.

                 

                Best Regards,

                Patty

                • 5. Re: False positive problem with our software

                  Hello,

                   

                  Please, let us know if you need any information about software or company. The quick solution of this false positive problem is very important for us.

                   

                   

                  Thank you,

                   

                   

                  Fabio

                  • 6. Re: False positive problem with our software

                    Thanks Fabio!

                     

                    I'll let you know if any detail is requested.

                    Your sample is currently under analysis and we will let you know its results.

                     

                    Best Regards,

                    Patty

                    • 7. Re: False positive problem with our software

                      Hello Fabio,

                       

                      The file has been previously detected as a Trojan due to its characteristics. However, as this is a commercial software, McAfee Labs recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. Therefore this detection has been reclassified as Potentially Unwanted Program Spyware-BRMonitor, which is an application detection, which means that it does not contain a virus, and is not considered a trojan because it does not damage systems maliciously. This reclassification will reflect in tomorrow's DAT files.

                       

                      We recommend customers who do not want to receive the detection, to exclude the application in their AV product.

                      Please see http://vil.mcafeesecurity.com/vil/pups/configuration.htm for information about how to exclude detection of legitimately installed programs.

                      Depending on the product you use, you may additionally contact our Technical support to assist you in excluding this program from detection.

                       

                      Best Regards,

                      Patty

                       

                      Message was edited by: pammirab Correction regarding the detection name. on 8/9/11 1:41:27 PM CDT
                      • 8. Re: False positive problem with our software

                        Hello Patty,

                         

                        Thanks for your reply!

                         

                        Well, this "reclassification" do NOT help us much, once we still need to spent several hours supporting clients to configurate McAfee, and mainly because future potencial new customers, that download trial version of our software, thinks the file is really infected, and give up buying...

                         

                        BRMonitor is our commercial monitoring software. We would like to explain that It is avaliable only in portuguese (Brazil), cannot be remotely installed (sending by e-mail, for example), do not monitor virtual keyboards (on bank's websites, for example), each licence can be used in only one computer (online authentication) and cousts about U$60. It is used by parents to avoid pedophilia and other internet problems, and by company owners to keep the good usage of computers. For more information, please visit http://www.brmonitor.com.br

                         

                        Our company is in the market since 1996, and this software since 2004. We can provide any information you want. Please, help us!!

                         

                         

                        Btw, not even your Technical support could inform how to exclude a file from McAfee. We read in many places that this "exclude" configuration is impossible.

                         

                         

                        Thanks!

                         

                        Fabio

                        • 9. Re: False positive problem with our software

                          Hi Patty,

                           

                          We made more tests today, and McAfee is not detecting our software anymore.

                           

                           

                          Thank your very much for your help!

                           

                           

                          Fabio

                          1 2 Previous Next