Hello, I downloaded Mcafee total protection in order to test it and eventually proceed to its purchase. I think that I found a bug of your software. In fact, mcafee total protection blocks ALL processes originated from an UNC path, regardless of the actual executable: also perfectly legit softwares are blocked if they are executed from an UNC path.
You can reproduce this problem in this following simple way.
Open an Explorer windows (for example, "My computer"), then put this shared folder address into the address bar: \\live.sysinternals.com\tools
Then try to execute one of the executables, that are all signed from Microsoft (for example, autoruns.exe"). They will get blocked even they are perfectly legit and signed by Microsoft!
#### You can also reproduce the problem by command line. Open a cmd.exe and try to execute this:
C:\Users\username> \\live.sysinternals.com\tools\autoruns.exe
Access is denied.
#####Same wrong behavior is triggered by the following commands:
pushd \\live.sysinternals.com\tools
autoruns.exe
As I said before, the problem is not that the exe is a false positive, but the fact that Mcafee blindly block every process created from an UNC path (in the example before, the Microsoft Sysinternal shared directory webdav server). This behavior unjustifiably breaks lot of our benign use cases thus make the antivirus not utilizable for us.
Please fix this behavior and scan the executed files instead of flagging all as malicious.
Many thanks for understanding and help!
Antonciro
Solved! Go to Solution.
Hi @Antonciro
Greetings from McAfee!
I have sent a personal message. Kindly revert back with the requested details to assist you further.
Regards,
Sudharsanam G
Hi @Antonciro
Greetings from McAfee!
McAfee security software for Windows or macOS, such as LiveSafe or Total Protection, allows you to exclude individual files from being scanned for viruses by the product's Real-Time, Scheduled, On-Demand, or command line scanning features. McAfee blocks the executable file/folder, when publisher certificate is unverified or not trusted. This is to safe gaurd the user privacy data. Kindly refer the below article for the steps to exclude files from virus scan.
Alternatively, You can always contact the chat support using below link for technical assistance.
Regards,
Sudharsanam G
Dear @Sudharsanam_G1
first of all thank you for your quick reply, I appreciate it!
Unfortunately your suggestion doesn't work in this case. I tried to exclude the file and the folder, also with the remote access help of a support chat operator (Veronica) but McAfee Total Protection will block the exe in any case.
In the example I gave in my previous post, the executable \\live.sysinternals.com\tools\autoruns.exe is Microsoft signed and hosted on a remote directory with a valid Microsoft certificate.
The problem is not that single exe. There is a bug into the Real-Time scan module that blocks all executables that tries to run from an UNC path (webdav, shared folders, ...) even if they are signed and trusted, like in my example.
Please, I'm kindly asking you to fix this buggy behavior. The Real-Time scan module should not block them blindly "because they come from a remote path", but instead it should scan the remote exe like any other exe, and blocks them only if _after a scan_ they are considered malicious.
Thank you very much for your time and understanding. I'm available to give you some more information and details to reproduce this problem, if needed.
Regards,
Antonciro
Hi @Antonciro
Greetings from McAfee!
I have sent a personal message. Kindly revert back with the requested details to assist you further.
Regards,
Sudharsanam G
Mr. Sudharsanam has been very kind and helpful to track the bug and solve it together with engineering team, keeping me constantly informed about progresses. Thank you very much !
Antonciro
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: