2 Replies Latest reply on May 9, 2014 1:38 PM by eobiont

    May8-9 Autoit Scripts false detection

    eobiont

      On May 8-9 McAfee AV detected a lot of my AutoIt scripts as viruses with the ThreatName PWSZbot-FCI!---{ID}----

       

      I was wondering if anyone else had this issue.

       

      It seems like there is somehting fishy about this too.

       

      There were a few marked on my personal workstation and they are in my quarantine manager.  the quarantine manager says they were detected with  DAT version 7432 which at the time of this post is current. When I click on the files and do check for false positive, it says that is can't do that because the current DAT installed is the DAT version that detected the virus.  However, if I recover the quarantined file and then scan it again, it is not detedted as a virus anymore.  So how did 7432 detect this as a virus yesterday, but today it is not detecting it as a virus?

       

      Also, files I submitted to virustotal yesterday - McAfee and another or two detected as virus, but today, they do not detect the same file as a virus.  However the DAT version has not been updated.

       

      Does McAfee ever update the DAT file without incrementing the version?  That is what this feels like.

       

      Just currious if anyone else knows anything about this.

        • 1. Re: May8-9 Autoit Scripts false detection
          amarosi

          same problem here!  Downloading 7433 - hoping it resolves the issue.  Did it fix the issue for you by chance?

          • 2. Re: May8-9 Autoit Scripts false detection
            eobiont

            7433 corrects the false positive.  You still have to unquarantine all the files it deleted.  I am not sure how I am going to unquarantine these files on the hundreds of machines where htey were removed from.  We need a better way to clean-up the aftermath when these mass false positives happen.

             

            The strange thing is that it seems like the problem was corrected before 7433 was released.  I'm not sure how McAfee corrected the false positive prior to releasing an updated DAT.  That part is weird.

             

            Good luck.  I see it is your first post, welcome to the McAfee community forums.

             

            Message was edited by: eobiont on 5/9/14 12:38:26 PM GMT-06:00