1 of 1 people found this helpful
have you sent the file where GAM is blocking to the AVert Team? Whitelisting with GAM is different to the normal signature based engine. because GAM does behavior based detection.
Finally, if your application has a similar behavior to a known threat the easiest way is to
a) make a rule in MWG to whitelist the detection name with a given URL.
b) open a ticket an upload the file to McAfee to whitelist.
Hope this helps,
we got a "process sheet" who we schould submitt it and use the GetSusp software.
We submitted it and get a "we received the mail" but until now nothing.
I've added the detection name to your header in order to draw more attention to it and have moved this to Corporate User Assistance.
The software developer has to submit the software using this form: https://secure.mcafee.com/apps/mcafee-labs/dispute-form.aspx?region=us
It takes quite a long time sometimes for software to be cleared.
i do not understand what you mean with "process sheet".
GetSusp does not help if GAM blocke somthing. You need to upload the original file to McAfee Support opening a Support ticket.
is this a new form, i have not seen it before.
Hi got the following instruction from the McAfee Support. Btw: We don't use McAfee inhouse.
How to submit virus samples and false positives to McAfee Labs
Consumer KnowledgeBase ID: TS102053
Last Modified: 10/27/2015
This article describes how to submit virus samples and false positives to McAfee Labs. There are two possible reasons you might need to submit a file. Use the appropriate Solution for your issue:
- Solution 1: You suspect you have malware but nothing was detected, or malware was detected but you were unable to clean it.
- Solution 2: You suspect a malware detection is a false positive.
Possibly Infected File Submissions
You can submit samples to McAfee Labs if you have located a file:
- that you believe is infected but was not detected by your McAfee software
- that was detected, but was not cleaned
There are two methods for submitting potentially infected files:
- GetSusp: McAfee recommends that you use GetSusp as a first tool of choice to analyze a computer you suspect has malware.
To download GetSusp, go to http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx.
IMPORTANT: The submitted file cannot be larger than 10 MB.
- Email: You can submit samples directly to McAfee Labs by emailing firstname.lastname@example.org and attaching the file(s) for review.
When submitting samples via email, ensure your attachments are contained in password-protected .zip files with the password infected (all lowercase). If the automated system is unable to determine if there is a valid threat, your submission will be escalated for further analysis. For more information on creating a .zip file, see:
Regular Technical Support cannot assist in malware removal. If you prefer support assistance, contact McAfee Virus Removal Services (http://home.mcafee.com/root/stdlandingpage.aspx?LPName=vrs_v2&affid=0&culture=en -us&mm_campaign=905652cc39caaa3e7b5e6e4837f0b0be&aco=0&cid=99724).
False Positive Submissions
If you think that a file has been falsely detected or incorrectly classified, follow this process to submit the sample to McAfee Labs.
To submit a sample via email, zip the file (using the procedure described in Solution 1) and send it to McAfee Labs Virus Research at:
IMPORTANT: Prefix the email subject line with the word FALSE. For example, "FALSE: file being detected by McAfee."
Include the Product and version, DAT version, Engine version, and a short description (including any other relevant information regarding why you think the file has been incorrectly detected). You can find all of the product information inside your McAfee Security suite by clicking About.
Please review the submitted file as we believe this is a false detection.
Product: McAfee Security Center 12.8
DAT version: 6587
Description of issue: This file has been detected as malware, but is part of my game.
After the sample has been analyzed, one of the following occurs:
- The sample is considered clean. Detection is suppressed, and will be updated in the next DAT release.
- The sample is incorrectly classified. It will be reclassified, and detection will be updated in the next DAT release.
- Analysis of the file determines that the sample is properly detected. You will be notified of the results.
is this a new form, i have not seen it before.
I assume you are asking me? No it's been around for a while. We were told that software developers should use that form.
If the OP isn't the software developer but only a user of it then the KB article you refer to would apply.
the GetSusp Tool is a tool that can be used on a Windows Endpoint It inspects your System and is able to upload a suspicious file to McAfee.
This tool does not help when the GAM engine (this is another engine completely different to the engine on endpoint) detects a false/positives.
So, when following the instrusctions you posted, take the file, zip it with Password and send it to McAfee.
Yes, I used both ways. But still no feedback. I'll submit it again and maybe the McAfee Team will whitelist it.