TROJ_GEN.RCBH1ES13 : That's what Trend Micro call it : McAfee will have a different name for it (An Artemis detection, presumably). Yes, I see it on a couple of VirusTotal reports but those aren't for your product. And this is the Artemis section but you haven't provided the Artemis detection number.
We need the Artemis code and preferably a link to the VirusTotal page that detects this.
How to report an Artemis false positive : see https://community.mcafee.com/docs/DOC-1265
Thank you for responding.
You are right. Sorry. I put down the wrong response for Mcafee. It is RDN/Pinkslipbot.as!a for both Mcafee and McAfee-GW-Edition.
Here is the totalvirus page:
Please let me know if there is anything else you need.
Submit the file as per
When you get a reply (it is automatic) change the subject to false+ve and name of detection and say why it is a fal;se +ve and send that back. Note the analysis id here.
As this is not an artemis detection will move this to the general malware area
I have responded to the Analysis ID: 7575417 with the subject line of false+ve.
Thank you for your help.
Good luck if no fix in 5 days post back and I will ping a lab tech
Thank you so much.
I am also working with Mcafee to get this taken care of.
My only other question is there a way to whitelist a program? It really causes a lot of problems when a file on your website is detected as a false postive.
I have now gotten the file code signed so the signature would be different then the one above. Is there a way to present this file so it does not get flagged as a virus again?
You could whitelist a program its possible..
KB66642: How to submit your company software or images to McAfee Labs to be considered for validation against McAfee DAT files, to avoid false positives
KB67411: How to submit a possible false or incorrectly classified sample file to McAfee Labs
KB67356: How to submit a McAfee Detection Dispute
Subject line must say
Prefix the email subject line with the word FALSE. For example:
FALSE: In-house file being detected by McAfee
you could also add NOAUTO to prevent an automatic reply