Unfortunately it isn't independent apparently, but I'm afraid the technicalities aren't revealed to the likes of us.
I agree with you it would be great if it were browser independent.

All we've been told is that McAfee is working closely with Microsoft on the issue.

Thanks for the kind remarks and good luck.:)

Hello...

I am a senior software developer with a company servicing many clients worldwide. We have recently begun receiving reports of false positive antivirus scan results thrown by McAfee's on one of our helper applications.

On investigation, I now find that it is not possible to manually exempt a file from being quarantined, so, at present, we have no straightforward way of allowing our clients to continue working when McAfee's insists on quarantining the file on every scan. This is rapidly becoming a serious problem for both us and our clients.

I have reviewed the (Delphi) source code and confirmed that there is no malicious activity - all I can surmise is that McAfee's takes exception to the application making a socket connection to an arbitrary address:port (defined externally in an .ini file). The file concerned has not been changed for months and no other antivirus application has any issue with it whatsoever.

I have already submitted the file to WebImmune (Analysis ID: 4977318) and I am hoping that the issue can be resolved quickly. If it is not, then I am afraid that we will have no option but to recommend to clients that they uninstall McAfee's in favour of a more configurable antivirus solution, since this is not a problem of our creation.

Is there anything else we can do from this end to expedite matters? I sincerely hope there is some way we can resolve this matter as soon as possible - certainly more quickly than having to wait for a beta release.

Regards,

Alex.

We have no connection with Webimmune here I'm afraid. You have to deal with them directly. If they reply negatively reply to that message immediately disputing it making sure that the header is intact with the case ID #. That is from personal experience here at home when I got a false positive.

Their responses are usually pretty quick in my own experience.

By the way, it's home products that we are talking about here. Corporate (Enterprise) VirusScan 8.xi is dealt with here: http://community.mcafee.com/forumdisplay.php?f=142

Thanks, Peter...

This is the first time I've had to submit a virus report (either positive or negative) to McAfee, so I'm in uncharted territory. I suppose I must have just wanted the comfort of something beyond the automated responses from WebImmune, so thank you for for your reassuring comments.

I actually did experience the problem on one of my own, personal machines running McAfee Security Centre as well as on my work machine running McAfee Enterprise, so the problem seems to be exhibited across the McAfee range.

I suppose I will just have to sit tight until I get an official response (while continuing to field questions from baffled and irate clients)...

Regards,

Alex.

Good luck ipai.

Hi,

I know this is an old problem and this is a old thread but I hope that a moderator is checking this from time to time.

I think that its about time that things like the subject heading of this thread be looked at seriously.

The point of the matter is, I like playing games, sometimes find it difficult to complete certain stages, this is where things called trainers come in ( used to be easy, they used cheat codes but not anymore ).

These trainers utilise techniques that can trigger false positives. In my case every time I want to use the game and trainer I have to disable the virus protection. This is not good at all and a really bad practice for anyone, you may forget after playing the game for a while to turn it back on goto bed, wake up the next moening and fine you have been scewed while asleep.

I understand that the program is doing what its meant to do ( in my case total security 2009 ) however there are things that can be done, eg right click the file and trust it for instance. Yes you will get idiots that click trust for anything that comes through and this is why you have to right click it. The trainer in my case does dosappear till activation, generic.dx trgan is what it says, BUT its a harmless trainer from a respectable site.

As a paying customer I should have some power over what is allowed and what isnt. Again I understand there are plenty of idiots that for the sake of a few seconds they will say trust it. If they do this, its there fault, not mcafee not yours not mine.

Unfortunately there isn't that kind of flexibility. I can understand why - many people would start trusting malicious software and then McAfee might be on the hook for some legal repercussions.

At present time it is only permitted for PUP's (Possibly unwanted programs).

You can submit samples for testing and possible acceptance...

Send a file to Avert for analysis:
http://vil.nai.com/vil/submit-sample.aspx
or
https://www.webimmune.net/default.asp
or
Email file to: [EMAIL="virus_research@avertlabs.com"]virus_research@avertlabs.com
When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP can be no more than 3 megabytes in size and can contain no more than 30 files. Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.

still comes up as virus infected see below

AVERT Labs - Beaverton
Current Scan Engine Version:5300.2777
Current DAT Version:5570.0000
Thank you for your submission.

Analysis ID: 5232150

File Name Findings Detection Type Extra
--------------------|------------------------------|----------------------------|------------|-----
brewers.exe |current detection |generic.dx |Trojan |no
brewers.nfo |inconclusive | | |no

inconclusive [brewers.nfo]

Upon analysis the file submitted does not appear to contain one of the 200,000 known
threats in the AutoImmune database. The file may contain a new threat, or no code
capable of being infected. Your submission is being forwarded to an Avert Labs
Researcher for further analysis. You will be contacted by AVERT through e-mail with
the results of that analysis.

current detection [brewers.exe]

The file received is infected and can be detected and removed with our current DAT
files and engine. It is recommended that you update your DAT and engine files and scan
your computer again.


Its a game trainer for C and C red alert 3 uprising

its from a respectable site

its a false positve

That's when you should immediately reply, keeping the header intact, appealing that decision and they will then test it further.

If after all that they still find it infected, then there's no choice but to do what you usually do I'm afraid.