2 Replies Latest reply on Mar 21, 2014 10:50 PM by catdaddy

    false positive ticket check

    raaft_hajjan

      hello  people

       

      i send file for false positive from   week

       

      i see this reply

       

      Thank you for your submission.

      Analysis ID: 8033737

      File Name Findings Detection Type Extra
      --------------------|------------------------------|--------------------------- -|------------|-----
      asrar_2.exe |inconclusive | | |no

      inconclusive [asrar_2.exe]

      Automated analysis was not able to determine that this file is malware. This file is
      being sent for further processing and the DAT files will potentially be updated if
      detection of this sample is warranted.

      Note –

      Due to the prevalence of network gateway AV products, it is important that all
      submissions be zipped and the zip file password-protected (password - infected). Some
      products will reject an email that contains a virus that is not sent in this way. In
      addition, often we receive a file that appears not to have been infected, to find
      later that the file was infected when it left the sender, and was cleaned somewhere
      along the line.

      Regards,



      McAfee Labs

       

      i need to know

       

      how i can check again

       

      and delete false positive

       

      thanks

       

      Message was edited by: Ex_Brit on 21/03/14 6:37:38 EDT PM
        • 1. Re: false positive ticket check
          Peter M

          Please don't attach samples of possible malware.   As you don't indicate the name of the detection and whether or not this is while using Consumer or Enterprise software I've moved this provisionally to Malware Discussion > Home User Assistance.  Hopefully someone will pick it up.

           

          Here's an article I did on this situation:  https://community.mcafee.com/thread/2016

           

           

           

           

          .

           

           

           

          Message was edited by: Ex_Brit on 21/03/14 6:43:32 EDT PM
          • 2. Re: false positive ticket check
            catdaddy

            I am inclined to agree with Ex_Brit, until the here-in mentioned file has been cleared, it is not wise to post the "Possible" infection. I say this due to the fact, after doing some searching using the above "Supposedly False Positive"

             

            I got some hits that were detected as various realtionships with the "Sasser Worm" Dating as far back as 2004. This infection(if it actually is) hides with-in the "lsass.exe" process, and can also be present when the normal Windows process(services.exe) displays.

             

            One primary Red Flag, is if you notice that the "Services.exe" is spelled "ServiceS.exe" It spreads thoughout the system and infiltrates and infects other users through (Emails). Rather than giving the name,I will insert a link , that Security Vendors list their individual names for the detection, to include McAfee if in case this is the same process in Question.

             

            I might add that this primarily effects Windows XP...

            Here is the Link: http://www.threatexpert.com/threats/w32-bobax-dr.html