9 Replies Latest reply on Nov 20, 2015 3:33 PM by jeff_es

    False Positive: BehavesLike.Win32.Suspicious.rc

    jeff_es

      Hello,

       

      I am the developer of an email notifier (to add context to the filename) and each release has several distribution packages.  Inevitably, one or two are always reported by McAfee-GW-Edition on VirusTotal as BehavesLike.Win32.Suspicious.rc

       

      Samples:

      https://www.virustotal.com/en/file/340af5293ac17c5f8f95d0c02bd235b6392c491b66716 bcc0b02b7f9e0e9ed2f/analysis/1447879099/

      https://www.virustotal.com/en/file/d37a57abca43183132aedf1437b65a4e980c3aabf4b2b 0f9bfaad1ef83a779ae/analysis/1447878057/

       

      The above files use NSIS installer (and are digitally signed).  The zip distributions, containing the same files, usually pass clean:

      https://www.virustotal.com/en/file/5532597dc9357ae2a9f3c224b68187eac723400858347 7bf9a6d1e4419d1082a/analysis/1447879008/

      https://www.virustotal.com/en/file/a8c1183f0dd7a0a8ae8a5c0ae74b69d08438fe98acc62 f936d9ae9ab5a1df861/analysis/1447879123/

       

       

      Please let me know what I need to do to get a clean bill of health, now and in the future!

       

      thanks,

      Jeff