×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
christopherpric
Former Member
Message 1 of 10

Potential False Positive / x86 Bug

Hi, I have an installed APK that is being flagged as having trojan Android/GinMaster.c!n on an x86-based Android device running McAfee Mobile Security

When I copy the APK to an SD card and test on an ARM device, the trojan reports no virus detected. Of course, I did not install the APK on this device.

I'm not aware of any place to upload an Android vector for McAfee to evaluate. Can someone please point me in the right direction to analyze if this file is infected, and how to possibly regress if this is a false positive or not. Thanks.

9 Replies
exbrit
MVP
MVP
Message 2 of 10

Re: Potential False Positive / x86 Bug

You'd have to submit it to the labs as a false positive.   Maybe using a computer for that if there is no tab for that in the mobile product.

See:  https://community.mcafee.com/thread/2016

christopherpric
Former Member
Message 3 of 10

Re: Potential False Positive / x86 Bug

Wiped the device, reinstalled false positive, McAfee now declares virus free on the x86 device.

I'm thinking McAfee is not yet tested/certified on x86 devices, as it crashes a lot. I downloaded it on my RAZR i (Intel Medfield phone by Motorola) from the Amazon Appstore.


Perhaps McAfee may want to flag the app as incompatible for x86 on Amazon or add an install check on the APK until it is tested further for the architecture.

Regardless, I'm off to go change all the passwords that I fed the device... can't be 100% sure it wasn't contaminated somehow with an unknown exploit. Sigh...

exbrit
MVP
MVP
Message 4 of 10

Re: Potential False Positive / x86 Bug

Not sure if they read this section so best to report this to Technical Support if you want to.  It's a free phone call or online chat and linked under Useful Links at the top of this page.

christopherpric
Former Member
Message 5 of 10

Re: Potential False Positive / x86 Bug

It's not free. It takes time (and effort) to do things in duplicate/triplicate. McAfee darn well better be reading their own forums.

Message was edited by: christopherprice on 2/20/13 8:44:37 AM CST
exbrit
MVP
MVP
Message 6 of 10

Re: Potential False Positive / x86 Bug

The forums are mainly peer-to-peer support.   Rarely a technician or developer will look in, and for that we can only hope they do.

What is this x86 device?   x86 usually refers to a Windows installation.

Message was edited by: Ex_Brit on 20/02/13 10:30:24 EST AM
christopherpric
Former Member
Message 7 of 10

Re: Potential False Positive / x86 Bug

I'll leave it at this, if your forum (like the Mobile Products forum) is only getting a few posts per week, it's a common industry practice to make sure it's read by someone on the team.

Message was edited by: christopherprice on 2/20/13 9:14:36 AM CST
exbrit
MVP
MVP
Message 8 of 10

Re: Potential False Positive / x86 Bug

It's not my forum as I'm only a volunteer here but I'll send an email to someone at McAfee to see if I can get a mobile person to look in.

The time taken typing here could have been well spent with Support, but then that's just my thought on the matter.

I can't promise anything but I'll try.

dougr_t3_suppor
Former Member
Message 9 of 10

Re: Potential False Positive / x86 Bug

Hello christopherprice,

Thank you for posting your concerns about the validity of this file. Outside of our McAfee Labs team, we (Support) treat any detection as malware until given the all clear. I think the fact that there was a specific detection should be a red flag, and you have made a good decision to not take a chance installing it.

I have emailed the team asking if you can use the standard process in the link above. One thing you might also try is submitting it to www.virustotal.com and replying back with the MD5 hash or test results URL. This will also show you if other AV companies are flagging the file.

Regards,

christopherpric
Former Member
Message 10 of 10

Re: Potential False Positive / x86 Bug

Here's the hash: 07e76dce4cbbee20df20e94284c3f6bbf2c25ac10b4523b48d3c85da5041cfcb

Part of the problem with Android malware is that an APK runs in an altered state on the device. But, my expectation is that it's a false positive since re-scanning the file after reinstalling McAfee reports no infection. This application was supplied by Google, so it is not likely it was infected.

My main concern is that bugs in the scanning process on McAfee when on an x86 Android device might be triggering false positives, simply based on the number of force close errors I encountered when looking at the logs. If McAfee has been tested/approved for x86 devices, I'd be happy to regress further with McAfee, if not I'd suggest simply flagging on Amazon/GooglePlay that the Android version of McAfee Mobile Security is not yet x86-compatible.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community