9 Replies Latest reply on Mar 29, 2016 8:59 AM by catdaddy

    Artemis!2A3FEAF081B4

    mikegonzi

      Dear Sir, Madam,

       

      I hope this message finds you well first of all.

       

      I kindly ask you to look into the reason/s why Uniblue's flagship product, PC Mechanic, is currently being blacklisted by your anti-virus.

       

      Additionally, I would greatly appreciate it if you could let me know if there are certain guidelines which we are currently not adhering to. If this is the case then we will try our best to solve these problems with our development team. Feel free to get in touch with me directly on email removed by Moderator I will be happy to provide you with any additional information you require.

       

      You can download PC Mechanic from the following link: Removed Link until Analyzed/Whitelisted by McAfee Labs

       

      I look forward to your feedback and hopefully a resolution to this problem. I've tried multiple times to get in touch with someone who could actually help us out, but we've never come to a conclusion. This has been pending since 2014.

       

      I've provided some screenshots to make your life easier also. As you can see we have two problems: the product side (McAfee Total Protection) and the web browser add-on (SiteAdvisor).

       

      Kind regards,

       

      Mike Gonzi

      Software Quality Assurance Manager

      Email: email removed by Moderator

        • 1. Re: Artemis!2A3FEAF081B4
          exbrit

          Moved to Artemis Discussion.

          I removed your email for your own safety and security.  It's against forum rules anyway to publish same.

          This may help you, especially the link for software owners:  What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

          • 2. Re: Artemis!2A3FEAF081B4
            rmetzger

            Hi Mike Gonzi,

             

            Downloaded the latest version of PCMechanic from the link you provided.

             

            I uploaded it to VirusTotal.

            Check out this link to VirusTotal: https://www.virustotal.com/en/file/bc06a37d5b478b88af8931fa7330f37d520cad9a9a6a7 7a723baf26165fe013f/analysis/

             

            18 out of 53 report this as suspicious, with repeatable names in the list.

             

            Use caution with this file.

            Good luck,

            Ron Metzger

            1 of 1 people found this helpful
            • 3. Re: Artemis!2A3FEAF081B4
              catdaddy

              Removed Link until McAfee has cleared it

              Cliff

              Moderator

              • 4. Re: Artemis!2A3FEAF081B4
                rmetzger

                Mike,

                 

                Are you the owner and developer of this product?

                 

                If so, you must have source code available. I noted several DNS requests listed in the analysis.

                 

                There must be good reasons why over 1/3 of the VirusTotal engines detect something wrong. One or 2, probably not a big deal, but 18?

                 

                As I write code, I have gotten false positives from 2 or 3 which usually get resolved easily and quickly. Usually, my issue relates to the compiler I use, which I found through experimentation.

                 

                Your question to McAfee: 'are there certain guidelines which we are currently not adhering to?' might best be answered within your code.

                 

                Ron Metzger

                • 5. Re: Artemis!2A3FEAF081B4
                  mikegonzi

                  Thank you for the feedback rmetzger, appreciate your fast feedback on my query.

                   

                  We got in touch with VirusTotal (a couple of months ago) and they informed us that their anti-virus engines are purposely set to high heuristics, which as I'm sure you understand, means that the sensitivity of detection is set to high and doesn't reflect the default setting of an anti-virus. Since we weren't confident with this, a number of licenses (pointing to different AVs) were purchased and we internally started running our tests against a number of our software products. Many of the AVs reported in VT didn't in fact detect anything wrong with our software. Those that did (like McAfee), resulted in the software falling under the Potentially Unwanted Applications detection. Therefore, my personal opinion is that VT should not be used as a solution to conclude on these problems as the results may not be entirely precise as I personally confirmed hands-on. I will directly quote a person who works at VT who got in touch with me via email:

                   

                  "Detections may vary depending on parameters used on each AV product. A typical standard installation of a desktop antivirus will probably have low level heuristics and no detection of PUAs. Here, each AV vendor decides what parameters use, so some vendors show PUAs and have high-level heuristics, or even use 'rapid release' signatures, while others have a more 'conservative' approach. Some even have features here that are not present in 'desktop' version but yes in 'enterprise' versions like Cloud technologies. It depends on each vendor and it is up to them to decide how they want the scanner to be run here."

                   

                  Before releasing software products (or product updates) to the market, we make sure they go through rigorous testing against certifications such as the Microsoft Windows App Certification Kit.

                   

                  Thank you for pointing out the requests that are sent, we are aware of this. The system we use is tailor made for partners/affiliates and as you correctly stated, this may be having an affect on some AVs.

                   

                  We will be investigating this further.

                  • 6. Re: Artemis!2A3FEAF081B4
                    rmetzger

                    Hi Mike,

                     

                    Well VirusTotal is only half of your reported issues.

                     

                    SiteAdvisor is also blocking your url (for those using SiteAdvisor/Web Protection). This is voted on by consumers using SiteAdvisor, not McAfee itself. It's UniBlue's reputation that is questionable according to SiteAdvisor customers. I would recommend reading the comments regarding UniBlue's site and work on improving your reputation.

                     

                    I know that finding exact code that triggered MY VirusTotal detection, I had to isolate portions of my code, compile it, then resubmit to VT to check the results. I found that what caused my false positives related to the OS detection code coupled with the particular compiler (which uses compression/encryption to help block code inspection and embed external executable files). Changing the OS detection code using less invasive techniques, made the difference in my code.

                     

                    You may have to experiment extensively to isolate what is causing VT detection within your code. Also, attached programs may be causing the issues with both Reputation and with Detection, caused by your partners/affiliates code.

                     

                    Good luck,

                    Ron Metzger

                    • 7. Re: Artemis!2A3FEAF081B4
                      dmeier

                      I'll begin a PUP review of your application, and we'll post back here, this time.  There is a proper procedure for application developers to submit their applications for review.

                       

                      - David

                      • 8. Re: Artemis!2A3FEAF081B4
                        dmeier

                        I've whitelisted this installer:

                        pcmechanicpm.exe MD5 - 612e93f41ede683d27d8a3211ef9bc83


                        - David

                        • 9. Re: Artemis!2A3FEAF081B4
                          catdaddy

                          mikegonzi,

                                          David Has 'Whitelisted your Detection. Could you kindly confirm that your issues are resolved?

                           

                          All the Best,

                          CD