Moved to Artemis Discussion.
I removed your email for your own safety and security. It's against forum rules anyway to publish same.
This may help you, especially the link for software owners: What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal
1 of 1 people found this helpful
Hi Mike Gonzi,
Downloaded the latest version of PCMechanic from the link you provided.
I uploaded it to VirusTotal.
Check out this link to VirusTotal: https://www.virustotal.com/en/file/bc06a37d5b478b88af8931fa7330f37d520cad9a9a6a7 7a723baf26165fe013f/analysis/
18 out of 53 report this as suspicious, with repeatable names in the list.
Use caution with this file.
Removed Link until McAfee has cleared it
Are you the owner and developer of this product?
If so, you must have source code available. I noted several DNS requests listed in the analysis.
There must be good reasons why over 1/3 of the VirusTotal engines detect something wrong. One or 2, probably not a big deal, but 18?
As I write code, I have gotten false positives from 2 or 3 which usually get resolved easily and quickly. Usually, my issue relates to the compiler I use, which I found through experimentation.
Your question to McAfee: 'are there certain guidelines which we are currently not adhering to?' might best be answered within your code.
Thank you for the feedback rmetzger, appreciate your fast feedback on my query.
We got in touch with VirusTotal (a couple of months ago) and they informed us that their anti-virus engines are purposely set to high heuristics, which as I'm sure you understand, means that the sensitivity of detection is set to high and doesn't reflect the default setting of an anti-virus. Since we weren't confident with this, a number of licenses (pointing to different AVs) were purchased and we internally started running our tests against a number of our software products. Many of the AVs reported in VT didn't in fact detect anything wrong with our software. Those that did (like McAfee), resulted in the software falling under the Potentially Unwanted Applications detection. Therefore, my personal opinion is that VT should not be used as a solution to conclude on these problems as the results may not be entirely precise as I personally confirmed hands-on. I will directly quote a person who works at VT who got in touch with me via email:
"Detections may vary depending on parameters used on each AV product. A typical standard installation of a desktop antivirus will probably have low level heuristics and no detection of PUAs. Here, each AV vendor decides what parameters use, so some vendors show PUAs and have high-level heuristics, or even use 'rapid release' signatures, while others have a more 'conservative' approach. Some even have features here that are not present in 'desktop' version but yes in 'enterprise' versions like Cloud technologies. It depends on each vendor and it is up to them to decide how they want the scanner to be run here."
Before releasing software products (or product updates) to the market, we make sure they go through rigorous testing against certifications such as the Microsoft Windows App Certification Kit.
Thank you for pointing out the requests that are sent, we are aware of this. The system we use is tailor made for partners/affiliates and as you correctly stated, this may be having an affect on some AVs.
We will be investigating this further.
Well VirusTotal is only half of your reported issues.
SiteAdvisor is also blocking your url (for those using SiteAdvisor/Web Protection). This is voted on by consumers using SiteAdvisor, not McAfee itself. It's UniBlue's reputation that is questionable according to SiteAdvisor customers. I would recommend reading the comments regarding UniBlue's site and work on improving your reputation.
I know that finding exact code that triggered MY VirusTotal detection, I had to isolate portions of my code, compile it, then resubmit to VT to check the results. I found that what caused my false positives related to the OS detection code coupled with the particular compiler (which uses compression/encryption to help block code inspection and embed external executable files). Changing the OS detection code using less invasive techniques, made the difference in my code.
You may have to experiment extensively to isolate what is causing VT detection within your code. Also, attached programs may be causing the issues with both Reputation and with Detection, caused by your partners/affiliates code.
I'll begin a PUP review of your application, and we'll post back here, this time. There is a proper procedure for application developers to submit their applications for review.
I've whitelisted this installer:
pcmechanicpm.exe MD5 - 612e93f41ede683d27d8a3211ef9bc83