5 Replies Latest reply on Feb 1, 2014 6:12 PM by Peter M

    How do I trust a program

    daherbie

      Hi all - hoping someone can help me w/ some basic q/behavior on Security Center w/  Windows 8.1 - I have a program (cgminer ) that McAfee SecurityCenter thinks is a virus but its not.

      The realtime scan keep sending it to quarantine.  I remove it and it puts it back into quantine.

      i've submitted a support issue and was told i had to submit it to McAfee for them to review (which seems like BS, but i tried and that failed with no error detail).

       

      A few frustrating things and a question -

      How do i mark it trusted? 

      The online help says " When McAfee detects potentially unwanted programs during a scan, it asks you to review the results and decide which programs should be quarantined, and which should be trusted."  This is not true - it just quantines them w/o any prompt.  I can find no setting to say prompt me.

       

      Further when i dig through the navigation to find the file in quarantine -it doesn't list the original file name or location - just the virus name i thinks it is contaminated with - this worthless info.  No details what file this corresponds too?

       

      I figured out which file it was from there and and I 'Restore' it.  If realtime scanning is on (and it is unless i stop it) it puts it right back into quantine - again pretty worthless design there.

       

      i've talked w/ support and their answer was you must submit it to mcafee - as i said i tried that and it fails (with no error - just Error Occured Send Failed).

       

      From windows explorer if i manually scan the one file - it removes it immediately and puts it back in quarantine.  No prompt.

      there is no Trust button in my quarantine (just send to McAfee, restore and delete).

       

      help?

        • 1. Re: How do I trust a program
          daherbie
          Further when i dig through the navigation to find the file in quarantine -it doesn't list the original file name or location - just the virus name i thinks it is contaminated with - this worthless info.  No details what file this corresponds too?

          I see the program name (and details when i pull down the little widget with the file location) - so nevermind on that part  (others just have the virus name if they were in the middle of downloading it looks like).

          • 2. Re: How do I trust a program
            Peter M

            At the present time the real-time scanning can only be told to trust something it has identified as a PUP or Possibly Unwanted Program.   We believe trusting of other objects is coming soon.  We saw it briefly appear in a beta  version but it has gone back for further testing.

            Until then yes, like with all antivirus companies, you have to submit something if you want it cleared.

             

            Either here: http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx or you can do it on a commercial basis here:  https://kc.mcafee.com/corporate/index?page=content&id=KB66642&pmv=print

             

            However, from the name of it it looks like some kind of data miner, and those generally are regarded with suspicion so I can't promise anything.

             

            To submit it you will have to first disable Real-Time Scanning in SecurityCenter > Virus and Spyware Protection, then go into the Quarantine folders via Navigation and restore them to where they were.

             

            Then submit them for analysis.

             

             

            .

             

            Message was edited by: Ex_Brit on 01/02/14 4:48:45 EST PM
            • 3. Re: How do I trust a program
              daherbie

              Well thanks for quick reply - my thoughts are 1) the submit button in the quarantine doesn't work (is there a bug for this open?), and the help that says it will prompt me is wrong (again they should open a bug to fix that help).

              I guess I'll uninstall mcafee (my subscription is about up anyway) and go w/ microsoft or another free virus scanner and see if they work any better.

               

              The program and source are available - not a virus - just a crypto currency miner for graphics cards.

              • 4. Re: How do I trust a program
                Peter M

                Don't use that button, it's a throw-back to an earlier time and will be removed in future releases I believe.  Most ISP's block those channels now so it rarely works.   You will have to disable real-time scanning first, then click the restore button to put the file back where it came from.   Then submit it as instructed in the link.

                • 5. Re: How do I trust a program
                  Peter M

                  Here's a step-by-step thing I did a while back:  https://community.mcafee.com/thread/2016