You need to go through a submission as explained here
when they reply post the analysis id number here and reply to the email changing the subject to False +ve and name of detection.
say why the file is a false detection. If no fix in 4 days post back and I will chase up a tech. Nitin I assume rarely reads these posts.
Hello again Nitin,
It appears that our most recent update is again being flagged:
Please review and remove this asap. If this keeps happening (as it has been for EVERY update), we will have to look into legal action as we were forced to with Avast recently.
"Peacekeeper" - we've already submitted the file via email.......
OK will stir the pot as well
Sample is now whitelisted.
You might want to follow the steps under https://kc.mcafee.com/corporate/index?page=content&id=KB67411 to pro-actively whitelist your software next time via the firstname.lastname@example.org route.
Hello again Nitin, Vinoo & Peacekeeper
It appears that our most recent update is again being flagged: Artemis!E41F663D6526
Please review and remove this asap, this is a constant vicious circle that is clearly a time burn for everyone. We've gone through the submission process over and over, and with every update, you start flagging our product again.
"Peacekeeper" - we've already submitted the file via email....... (again, and again....)
There really is no value in posting here every time - just submit your app in advance of public release, or when it gets triggered. You must be using some of the tricks that malware uses, packers, obfuscation etc to keep getting flagged.
you should probably look at using metas can from OPSWAT prior to release as well.
but again, no point posting here - you need to submit as you have done before.
Because obfuscation is only used in Malware?? As for OPSWAT, we already use VirusTotal.com for this, but in this case, it's useless, because it takes weeks if not longer before we're flagged. With other companies, we've simply had to initiate legal action, which appears may be what we need to do in this case. Mcafee most certainly has the ability to white list this particular app, and considering it's a Play Store product, that's commercial in nature, there's absolutely no reason this can't be done.
It's just a matter of time before some developer finally takes one or more of these companies to court for defamation, and this will most certainly open a massive can of worms. False positives from so-called "anti virus" companies that don't even have competence to find actual malware are becoming far too frequent. It's a defame first, and check later mentality.
Well before you make your decision, please remember the facts
1. Artemis!80A569BD65AA and Artemis!E41F663D6526 are two completely different executables - they are different hashes which means they are NOT the same file. So, please remember we didn't "flag our file again" we flagged a completely new file.
2. Artemis is not a condemnation that a program is malware, it's a warning that the file exhibits features and behaviour common to malware and should be considered suspicious until determined otherwise. Users get a choice as to how to react to this warning.
So, since you pretty much know you're going to trigger Artemis, why not just send in your file BEFORE you launch? We can't whitelist things not yet created...
And on the topic of Avast - let's review how Total.Recall dealt with them on their community. I am astounded their mods let the name calling go as far as it did without shutting down the thread. Very liberal of them.
1) Yes, I'm fully aware this isn't the same file, however it is an update of the same app. I mentioned in the post above that our "most recent update" was being flagged. Every time we release even a minor update, we go through this same ordeal.
2) If that was only how users see it. Labeling an app as Artemis or a PUP to an end user may as well scream out virus or Trojan. Users simply don't distinguish between the various labels, ANY label means the app is bad to them, and this equates to lost sales & a damaged reputation. Imagine if your competitors started labeling your Mcafee app as a PUP? I'm certain your attorneys would be on this within hours.
As for proactively submitting the file - now that we know that this is an option, we most certainly will. But the issue of the current Artemis flagging remains (and we did submit the file through the proper channels already). But with that said, I'm certain you guys have the ability to do a deeper "fingerprinting" of applications so that the whitelisting of a minor app update can be automated?
As for the Avast forum, it's exactly due to this (and the fact it was so clearly documented) and their utter refusal to resolve the issue (and yes, it is an issue as companies such as Avast, Mcaffee, etc simply do not have the right to incorrectly label applications as even "potentially" dangerous) that we escalated this to our Attorneys and resolved this quickly. Of course getting attorneys involved is expensive, so I'd prefer to simply resolve issues like this directly.
Look, I'm not trying to be a big pain in the butt here - however it is frustrating that we're the ones that have to spend the time getting your company to treat our application as it should - as a legitimate, commercial application with millions of downloads and hundreds of thousands of paid users, that is quite simply one of the most legitimate, and one of the ONLY ad-free/tracking-code free app of it's kind found on the Play Store.