1 2 Previous Next 17 Replies Latest reply on May 14, 2014 1:02 AM by alsw

    Analysis ID: 8039084 FALSE: Rawlist.dbf

    alsw

      Hi Vinoo,

      This file is still being deleted by McAfee Internet Security, McAfee Total Protection and McAfee Security Scan Plus from our software.

      It is not even in the quarantine.

      Can you help check?

       

      Thanks.

       

      Message was edited by: Peacekeeper Possible infected files are not allowed to be posted here please follow the steps below on 23/04/14 6:08:02 PM
        • 1. Re: Analysis ID: 8039084 FALSE: Rawlist.dbf
          Peacekeeper

          Submit the file as per

          http://vil.nai.com/vil/submit-sample.aspx

          When you get a reply replt to it changing the subject to False +ve and name of detection. Say why you feel it is a false detection and send it off. Post the analysis Id here.

           

          If no movement in 4 days i will ping a lab tech to look at it. This assume Vinoo does not read the thread.

          • 2. Re: Analysis ID: 8039084 FALSE: Rawlist.dbf
            alsw

            Hi Tony,

            Email with attachment was sent on 20 Mar 2014. However, we are still getting customers calling us up complaining that they face an error that the file was missing.

            Upon checking, we found out that it was McAfee that deleted the file. Exclusions and Smart Advice has been edited and that seem to temporary solve the issue.

            However, calls are still coming in with similar complains.

            Thank you for your help.

             

            McAfee Labs - Beaverton                                                               
            Current Scan Engine Version:5600.1067                                                 
            Current DAT Version:7382.0000                                                         
            Thank you for your submission.                                                        

             

            Analysis ID: 8039084

             

            File Name            Findings                       Detection                    Type         Extra
            --------------------|------------------------------|---------------------------- |------------|-----
            rawlist.cdx         |inconclusive                  |                            |            |no  
            rawlist.dbf         |inconclusive                  |                            |            |no  
            rawlist.fpt         |inconclusive                  |                            |            |no  

             

            inconclusive [rawlist.cdx rawlist.dbf rawlist.fpt]                                                

             

               Automated analysis was not able to determine that this file is malware. This file is  
            being sent for further processing and the DAT files will potentially be updated if    
            detection of this sample is warranted.                                                

             

            Note –                                                                                 

             

            Due to the prevalence of network gateway AV products, it is important that all        
            submissions be zipped and the zip file password-protected (password - infected). Some 
            products will reject an email that contains a virus that is not sent in this way. In  
            addition, often we receive a file that appears not to have been infected, to find     
            later that the file was infected when it left the sender, and was cleaned somewhere   
            along the line.                                                                       

             

            Regards,                                                                               

             

             

             

            McAfee Labs                                                                           
            =

            • 3. Re: Analysis ID: 8039084 FALSE: Rawlist.dbf
              Peacekeeper

              Ok pinged vinoo as you have gone way past time this should have been addressed

              • 4. Re: Analysis ID: 8039084 FALSE: Rawlist.dbf
                vinoo

                I checked the 3 files submitted under Analysis ID: 8039084

                None of them are detected nor is there a history of them ever being detected.

                 

                What is the exact detection name you're seeing?

                • 5. Re: Analysis ID: 8039084 FALSE: Rawlist.dbf
                  Peter M

                  Moved to Home User Assistance for better filing.   To alsw, you mentioned Security Scan Plus in your first post.  This is  nothing but a sales tool that installs as an option with such things as Adobe products, amongst others, and should be uninstalled.  You'll find it listed in Control Panel > Programs and Features.  It's designed merely to check security and point a user to suitable products that they should purchase or subscribe to.   It has no protection value whatsoever.

                  • 6. Re: Analysis ID: 8039084 FALSE: Rawlist.dbf
                    alsw

                    Hi All,

                    Thanks for all your help and replies. Apologise for my late reply.

                     

                    Vinoo,

                    There appears to be no detection name. I wouldn't know if there is really one too because these errors occur on our customers' computers.

                    What we do know is that the rawlist.dbf file is always deleted by Mcafee and thus missing.

                     

                    Ex_Brit,

                    Noted with thanks. Will let my other colleagues and customers know about this.

                     

                    Regards.

                    • 7. Re: Analysis ID: 8039084 FALSE: Rawlist.dbf
                      alsw

                      Hi Vinoo,

                      btw just a clarification: the email with attachment was sent to virus_research@mcafee.com with the password "infected" for the zip file.

                      and this was the reply to us below. There's no detection name under the column "detection" if that was what you were referring to. Thanks.

                       

                      McAfee Labs - Beaverton                                                               

                      Current Scan Engine Version:5600.1067                                                 

                      Current DAT Version:7382.0000                                                         

                      Thank you for your submission.                                                        

                       

                      Analysis ID: 8039084

                       

                      File Name            Findings                       Detection                    Type         Extra

                      --------------------|------------------------------|---------------------------- |------------|-----

                      rawlist.cdx         |inconclusive                  |                            |            |no  

                      rawlist.dbf         |inconclusive                  |                            |            |no  

                      rawlist.fpt         |inconclusive                  |                            |            |no  

                       

                      inconclusive [rawlist.cdx rawlist.dbf rawlist.fpt]                                                

                       

                         Automated analysis was not able to determine that this file is malware. This file is  

                      being sent for further processing and the DAT files will potentially be updated if    

                      detection of this sample is warranted.                                                

                       

                      Note –                                                                                 

                       

                      Due to the prevalence of network gateway AV products, it is important that all        

                      submissions be zipped and the zip file password-protected (password - infected). Some 

                      products will reject an email that contains a virus that is not sent in this way. In  

                      addition, often we receive a file that appears not to have been infected, to find     

                      later that the file was infected when it left the sender, and was cleaned somewhere   

                      along the line.                                                                       

                       

                      Regards,                                                                               

                       

                       

                       

                      McAfee Labs                                                                           

                      =

                      • 8. Re: Analysis ID: 8039084 FALSE: Rawlist.dbf
                        Peacekeeper

                        Reply to that email saying in subject false +ve and name of detection. Say why you feel it is a false detection.

                         

                        I will monitor here if no fix in 4 days post back and I will stir things up

                        • 9. Re: Analysis ID: 8039084 FALSE: Rawlist.dbf
                          alsw

                          Hi Tony,

                          There is no name of the detection. The file just gets deleted off without any warning. Just received another call from a customer using

                          McAfee Total Protection:

                          SecurityCenter ver 12.8

                          anti-virus 16.8

                          firewall ver 13.8

                          on Windows 7 Home Premium Service pack 1(64 bit)

                           

                          Thanks.

                          1 2 Previous Next