cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Real-Time scan BUG - it blocks ALL processes created from UNC paths, also Microsoft signed exe !!!!!

Jump to solution

Hello, I downloaded Mcafee total protection in order to test it and eventually proceed to its purchase. I think that I found a bug of your software. In fact, mcafee total protection blocks ALL processes originated from an UNC path, regardless of the actual executable: also perfectly legit softwares are blocked if  they are executed from an UNC path.

You can reproduce this problem in this following  simple way.

Open an Explorer windows (for example, "My computer"), then put this shared folder address into the address bar: \\live.sysinternals.com\tools

Then try to execute one of the executables, that are all signed from Microsoft (for example, autoruns.exe"). They will get blocked even they are perfectly legit and signed by Microsoft!

 

#### You can also reproduce the problem by command line. Open a cmd.exe and try to execute this:

C:\Users\username> \\live.sysinternals.com\tools\autoruns.exe
Access is denied.

#####Same wrong behavior is triggered by the following commands:
pushd \\live.sysinternals.com\tools
autoruns.exe

As I said before, the problem is not that the exe is a false positive, but the fact that Mcafee blindly block every process created from an UNC path (in the example before, the Microsoft Sysinternal shared directory webdav server). This behavior unjustifiably breaks lot of our benign use cases thus make the antivirus not utilizable for us.

Please fix this behavior and scan the executed files instead of flagging all as malicious.

Many thanks for understanding and help!

Antonciro

1 Solution

Accepted Solutions

Re: Real-Time scan BUG - it blocks ALL processes created from UNC paths, also Microsoft signed exe !

Jump to solution

Hi @Antonciro 

Greetings from McAfee!

I have sent a personal message. Kindly revert back with the requested details to assist you further.

Regards,
Sudharsanam G

View solution in original post

4 Replies

Re: Real-Time scan BUG - it blocks ALL processes created from UNC paths, also Microsoft signed exe !

Jump to solution

Hi @Antonciro 

Greetings from McAfee!

McAfee security software for Windows or macOS, such as LiveSafe or Total Protection, allows you to exclude individual files from being scanned for viruses by the product's Real-Time, Scheduled, On-Demand, or command line scanning features. McAfee blocks the executable file/folder, when publisher certificate is unverified or not trusted. This is to safe gaurd the user privacy data. Kindly refer the below article for the steps to exclude files from virus scan.

Exclude files from virus scan

Alternatively, You can always contact the chat support using below link for technical assistance.

McAfee Support

Regards,
Sudharsanam G

Re: Real-Time scan BUG - it blocks ALL processes created from UNC paths, also Microsoft signed exe !

Jump to solution

Dear @Sudharsanam_G1

first of all thank you for your quick reply, I appreciate it!

Unfortunately your suggestion doesn't work in this case. I tried to exclude the file and the folder, also with the remote access help of a support chat operator (Veronica) but McAfee Total Protection will block the exe in any case.

In the example I gave in my previous post, the executable \\live.sysinternals.com\tools\autoruns.exe is Microsoft signed and hosted on a remote directory with a valid Microsoft certificate. 

The problem is not that single exe. There is a bug into the Real-Time scan module that blocks all executables that tries to run from an UNC path (webdav, shared folders, ...) even if they are signed and trusted, like in my example. 

Please, I'm kindly asking you to fix this buggy behavior. The Real-Time scan module should not block them blindly "because they come from a remote path", but instead it should scan the remote exe like any other exe, and blocks them only if _after a scan_ they are considered malicious.

 

Thank you very much for your time and understanding. I'm available to give you some more information and details to reproduce this problem, if needed.

Regards,

Antonciro

Re: Real-Time scan BUG - it blocks ALL processes created from UNC paths, also Microsoft signed exe !

Jump to solution

Hi @Antonciro 

Greetings from McAfee!

I have sent a personal message. Kindly revert back with the requested details to assist you further.

Regards,
Sudharsanam G

View solution in original post

Re: Real-Time scan BUG - it blocks ALL processes created from UNC paths, also Microsoft signed exe !

Jump to solution

Mr. Sudharsanam has been very kind and helpful to track the bug and solve it together with engineering team, keeping me constantly informed about progresses. Thank you very much !

Antonciro

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community