×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
The_Eagle_007
Contributor III
Message 1 of 21

False Negative/ vb script not being detected

Jump to solution

My system was infected and McAfee had removed 8 threats in total but it failed to remove 1 vb script which it detected when I click on it by Real time threat protection. But that vb script is still not detected and quarantined by McAfee AV. It has 27 detections over virustotal website. Attaching the screenshots and sample in a zip format , password of that zip file is "infected". Please add it to McAfee's database signatures.

Submitted to avertlabs via email. Waiting for McAfee to get this sample added to database of McAfee. 

@CraigSchmugar text me privately I can provide you the screenshots and email address which was used for emailing the sample to the avertlabs.

1 Solution

Accepted Solutions
Venkat_YM
Moderator
Moderator
Message 19 of 21

Re: False Negative/ vb script not being detected

Jump to solution

Hi @The_Eagle_007 ,

Greetings from McAfee.

We would like to inform you that the issue has been taken care. Requesting you to check and do let us know the outcome.

Regards,
Venkat

View solution in original post

20 Replies
The_Eagle_007
Contributor III
Message 2 of 21

Re: False Negative/ vb script not being detected

Jump to solution

Here are the screenshots attached here.

Screenshot 2023-12-04 163707.png

Screenshot 2023-12-04 163756.png

Screenshot 2023-12-04 163825.png

Screenshot 2023-12-04 163948.png

Screenshot 2023-12-04 164117.png

Screenshot 2023-12-04 164154.png

Screenshot 2023-12-04 164225.png

Screenshot 2023-12-04 180951.png

 

The_Eagle_007
Contributor III
Message 3 of 21

Re: False Negative/ vb script not being detected

Jump to solution

I provided the sample along with screenshots in a zip file to averlabs of McAfee. But still have'nt heard from them. I wonder how long will it take. The email was sent but no assurance from McAfee labs that they got the sample and are looking into it.

The_Eagle_007
Contributor III
Message 4 of 21

Re: False Negative/ vb script not being detected

Jump to solution

@Venkat_YM please look into the matter as I have already submitted details via avertlabs (email method) but I have not received any confirmation from the McAfee labs that they got the sample and are looking into it. One more issue that I noticed is that Advanced firewall had detected one connection and blocked it. I just need to provide one sample of undetected threat. If anyone could help me that it would be great.

Screenshot 2023-12-04 223303.png

 

Peacekeeper
Message 5 of 21

Re: False Negative/ vb script not being detected

Jump to solution

Re false positive question From my many sends to avert labs I always get a reply in fast time. I have not sent nexrecently so nor sure they still reply but usually you get a case number or such.

Two things can cause no reply

1 you have too large a zipped file what was the size. This can assist the mod in his reply.

2 Did you follow the set way to zip the file with password  "infected" no " of course.

There  is another possibility some internet companies do not like password zipped files and block such.

Just some thoughts while you wait

The_Eagle_007
Contributor III
Message 6 of 21

Re: False Negative/ vb script not being detected

Jump to solution

@Peacekeeper I am sure the size of file is not too large and I have set up the password as infected. Few months back when something was submitted to avertlabs they usually send the Analysis ID within 10 to 15 minutes. Maybe they changed their approach or method.

The_Eagle_007
Contributor III
Message 7 of 21

Re: False Negative/ vb script not being detected

Jump to solution

@Peacekeeper I hope someone from McAfee just take this sample and sent it for analysis. I wonder why I didnt get the reply from avertlabs yet.

Peacekeeper
Message 8 of 21

Re: False Negative/ vb script not being detected

Jump to solution

That was the time delay I remember

 If I do not see a mod turn will stir them politely Venkat could be on his day off. You can post the virustotal details here they can use that as well

 

The_Eagle_007
Contributor III
Message 9 of 21

Re: False Negative/ vb script not being detected

Jump to solution

Check all the previous screenshots which I uploaded in this post. It has the virustotal details of that particular vb script. @Peacekeeper 

The_Eagle_007
Contributor III
Message 10 of 21

Re: False Negative/ vb script not being detected

Jump to solution

If this threat not gets added to McAfee database then I have to discard using McAfee. What kind of virus protection pledge or 100% virus removal guarantee they are offering if they can't add one threat to its database.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community