Hi,
I noticed that McAfee's false positive submission system is not working properly.
As described in this KB article, I submitted two samples that are whitelisted by several vendors but are detected by McAfee via email, with subject line starting with the word FALSE.
I received an automatic analysis report (Analysis ID: 11086750) minutes later, stating that these files can be detected with current DAT files (of course!), and advising me to update my DAT and engine files.
Clearly, even with FALSE in the subject line, the sample submission system cannot distinguish between False Negative and False Positive submissions, and it assumes all submissions received are malware samples submissions.
According to the KB article, I also tried to add NOAUTO in the subject line to prevent automatic analysis. However, even with NOAUTO in the subject line, I still received an automatic analysis report.
McAfee should investigate and fix its false positive sample submission system.
Anthony