4 Replies Latest reply on Feb 27, 2013 9:50 AM by SafeBoot Branched from an earlier discussion.

    McAfee automatically deleting a file without my permission "trojan"

      MurderMan11Newcomer

      9 posts since
      01 Mar 2010

      Currently Being Moderated

      9. 02 Mar 2010 5:59 PM (in response to SamSwift)

      It's not even really about the fact that it may or may not be a virus, as much as it is about the fact that I have no choice but to submit to McAfee's determination of if the file is a virus or not. I, as a user and a customer, should be able to choose whether or not to have a file on my computer. Letting me know that it might be a virus is enough, automatically deleting it and leaving me no way to recover the file and use it except by leaving my computer open to infection is unacceptable. It completely baffles me as to why there isn't an option to add an exception for a specific file. What if I was a programming student, writing programs and my programs kept getting deleted by this? I would have no way to do my work.

       

       

      on 3/2/10 5:59:43 PM CST

       

       

       

       

      I totally agree agree with this post.

       

      We use Linux based software on a memory stick to load images of Windows 7 on client pc's and laptops.

      One of my desktop tecchies informed me there is a problem with the memory stick. I pop it into a SB port on my laptop to check........Mcafee immediately deleted all the files on the memory stick, no warning, no asking for confirmation before deleting, My colleague had a backup of the files on his laptop., when he tried to copy the files to the memory stick, Mcafee once again deleted the files, no warning, no asking for permission or confirmation just going forward and deleted the files. It cost me wasting a morning downloading data recovery software and recovering the data and files on the memory stick.

       

      Mcafee once again living up to its name of McCrappy

       

      Message was edited by: wolf0069 on 2013/02/26 4:16:21 AM
        • 1. Re: McAfee automatically deleting a file without my permission "trojan"
          exbrit

          You are posting to a 3 year old thread and times, software and procedures have all changed greatly in the meanwhile.

           

          Under your real-time settings there is a section marked 'Check removable media drives' which can be turned to ask first before scanning.  (Assuming consumer version of software but I'm sure Enterprise has similar settings)

           

          However if everything was deleted I suspect the files were in a suspect format at least.

           

          Incorrect diagnosis can be appealed to McAfee Labs, and it always has been possible, so not too sure why you are slamming McAfee for erring on the side of caution especially considering malware has become so rife since this thread was started in 2010.

           

          See:  What To Do When McAfee Detects Legitimate Software As An Infection - How to Submit To McAfee Labs

           

          Besides you could simply have restored the files from quarantine with real-time scanning turned off and those settings for checking removable media changed, and it would have been an easy job to reinstate. 

           

          This is the Artemis thread and the labs need Artemis detection numbers to do anything about it.   If not Artemis then the latter doesn't apply.

           

          If security software asked permission every time before deleting malware most people and in particular, the gaming and file-sharing community would have unusuable machines within days I would imagine.

           

          You shoud submit the contents of that drive to VirusTotal perhaps to get independent analyses.  https://www.virustotal.com/en/

           

           

           

           

          .

           


           

           

           

          Message was edited by: Ex_Brit on 26/02/13 5:58:22 EST AM
          • 2. Re: McAfee automatically deleting a file without my permission "trojan"

            You are posting to a 3 year old thread and times, software and procedures have all changed greatly in the meanwhile.

             

            >I agree that times, software and procedures have all changed.

             

            > I did notice and do realise that it is a three year old thread. I came across it when I googled the issue.

             

            >In my opinion it actually makes the problem worse. It was reported three years ago and it STILL happened. TWICE in our situation.

             

            Under your real-time settings there is a section marked 'Check removable media drives' which can be turned to ask first before scanning. (Assuming consumer version of software but I'm sure Enterprise has similar settings)

             

            >We are using the Enterprise version BTW. I did change the settings to ask first before scanning, but that was before I started the process of data recovery. ( I didn't want to risk the files being deleted again)

             

            However if everything was deleted I suspect the files were in a suspect format at least

             

            >If the files wre suspect in anyway, warn and ask for confirmation at least before deleting the files.

             

            Incorrect diagnosis can be appealed to McAfee Labs, and it always has been possible, so not too sure why you are slamming McAfee for erring on the side of caution especially considering malware has become so rife since this thread was started in 2010.

             

            Appealing incorrect diagnosis after the damage has been done,is not an option.Appealing would not restore the deleted files. Caution is one thing, acting in a Gung-ho style without warning or confirmation is not.

             

            Besides you could simply have restored the files from quarantine with real-time scanning turned off and those settings for checking removable media changed, and it would have been an easy job to reinstate.

             

            > And this is part of the problem, the files were never quarintined, they were outright deleted,.the files were recovered with a data recovery process.

             

            If security software asked permission every time before deleting malware most people and in particular, the gaming and file-sharing community would have unusuable machines within days I would imagine.

             

            > that might be the case, but I would think that these users would rather have the hassle of acting on confirmation requests and warnings than loose data or sit with unusable machines of which important system file files were deleted without their input.

             

            Message was edited by: wolf0069 on 2013/02/27 6:45:47 AM
            • 3. Re: McAfee automatically deleting a file without my permission "trojan"
              exbrit

              I don't think outright deletion is possible unless VSE is set to act that way, but as it's years since I used VSE I can't be sure.   Now as you are using Enterprise and the thread this was originally appended to were home users I've separated you out.   If it was indeed an Artemis detection then we/they (the labs) need the Artemis detection number(s) posted here to go over their results and maybe reverse that detection.

               

              If it's not an Artemis detection please advise and I will move this once again to Corporate User Assstance in this area or the actual VirusScan Enterprise section, which ever you prefer and/or think might get better attention.

              • 4. Re: McAfee automatically deleting a file without my permission "trojan"

                VSE can be set to auto delete on detect - it's something the administrator of the product can choose. Prompt is another choice.  The root cause of the product deleting the files is most likely that the company administrator told it to.

                 

                I would be worried that these files are being marked as bad - I am guessing that your company has decided that having possible trojans and malware on their machines is not acceptable?