×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
exbrit
MVP
MVP
Message 11 of 25

RE: Happened again today

To clarify...

 

QUESTIONS I WOULD LIKE ANSWERED.

(1) There is nothing I can find on the site about a new version. Is SiteAdvisor in the process of distributing updates? If the answer is no, then I'd like a statement to that effect so I would know this must be a virus or spyware. If the answer is yes, then please post something (like an answer here), so I can add this item to Kaspersky's Trusted Zone.

Not that I know of, not yet anyway. As long as you are installing SA directly from either your online McAfee account or from http://www.siteadvisor.com then it should be the latest version anyway.
The only other thing that I can think of that Kaspersky probably doesn't like is SA's "Protected Mode" which I trust you haven't turned on.
As far as their trusted zone, I would assume entering the file that it is objecting to would suffice using the poath you already posted.

 

(2) Is there a SiteAdvisor site that discloses information about new versions distribution and "definition" updates (ie: lists of new site ratings additions/changes IF they're downloaded to the local computer).

Infortunately, much as we wish there was, no.

 

(3) When site ratings are changed/added to, does SiteAdvisor retrieve those lists and store them on the local machine for reference, or is SiteAdvisor constantly checking sites against a database at McAfee's site?

Nothing is stored on your machine. SA "dials home" for all information.

 

WHAT I WOULD LIKE TO ASK MCAFEE TO DO BEYOND THE ABOVE: Please talk to Kaspersky. I'm sure they'd be willing to include an exclusion for a valid update file or process from detection in a definition file soon.

As I stated earlier, I will bring this up at the Monday evening call where we volunteers can talk directly to McAfee developers and management. I can't promise anything though.
patflgn
Contributor
Message 12 of 25

Thanks

Ex_Brit,

Thanks again. You're a great resource for us users and for McAfee/SiteAdvisor, and I hope they appreciate you. I know I do. Thanks for answering the questions I posted.

Thank you also, in advance, for bringing this up in Monday's conference call.

If McAfee developers/managers would like to contact me directly for diagnostics follow-up, I'll be glad to supply an email address & phone number if you can supply a way to send that privately, or I'll be glad to share the computer with them so they can look around.

For the purposes of your call, the folder C:\WINNT\Temp\SiteAdvisor was deleted by me after each instance, so it's being downloaded and re-created from somewhere at least. In addition to the aformentioned mcinst.exe file, I ran a dir of the other contents of that folder today before deleting it, piping it to a .txt file (the mcinst.exe file had been deleted when I made this, so is missing). The other contents of the folder were:

Directory of C:\WINNT\Temp\SiteAdvisor

06/13/2008 02:02 PM <DIR> .
06/13/2008 02:02 PM <DIR> ..
06/13/2008 02:02 PM 57,822 elist.cab
06/13/2008 02:02 PM 49,382 ffplg.cab
06/13/2008 02:02 PM 59,954 ieplg.cab
06/13/2008 02:02 PM 49,209 msacmain.cab
06/13/2008 02:02 PM 4,651 msacmain.inf
06/13/2008 02:02 PM 301,466 sac.cab
06/13/2008 02:02 PM 86,625 sachook.cab
06/13/2008 02:02 PM 62,889 sacimg.cab
06/13/2008 02:02 PM 87,272 sacomm.cab
06/13/2008 02:02 PM 470,118 sacore.cab
06/13/2008 02:02 PM 8,083 sacorinf.cab
06/13/2008 02:02 PM 64,873 sacres.cab
06/13/2008 02:02 PM 36,813 safeff.cab
06/13/2008 02:02 PM 58,392 safeie.cab
06/13/2008 02:02 PM 24,897 safelocalization.cab
06/13/2008 02:02 PM 6,746 subst.cab
06/13/2008 02:02 PM 2,638,621 ytb.cab
17 File(s) 4,067,813 bytes
2 Dir(s) 54,877,622,272 bytes free

I will attempt to report this to Kaspersky.

Regarding protected mode. I'm running the free version, and it's not included.

From the toolbar icon drop-down, today after reinstalling, I selected Get latest version to make sure. I'm told "You are running version 2.6.0.6261 of SiteAdvisor's plug-in. You are already using the latest version available. There is no need to re-install SiteAdvisor".

I will submit all this also to SiteAdvisor Feedback as you suggested.

Regarding Hijackthis. I'm not concerned at this point that I am infected. I am concerned rather that someting is trying to get in but is being stopped by Kaspersky.

The facts that I've confirmed that I'm running the currrent version, yet I've gotten the warning from Kaspersky twice; had the C:\WINNT\Temp\SiteAdvisor folder come back after deletion; and based on your answer that SA "dials home" for all information (which confirms it isn't downloading new definition files to my hard drive) is what's concerning me.

There appears to be no reason at all that SiteAdvisor would be trying to install anything.

FYI: One more site you may want to check out and add to your list of sites to post Hijackthis logs for help is http://www.castlecops.com Excellent help there in their forums by trained technicians.

Thanks again,

Pat
exbrit
MVP
MVP
Message 13 of 25

RE: Thanks

Let's hope that it is a false positive from Kaspersky. It wouldn't be the first time rival software objects to McAfee, or vice versa.

Hopefully your submissions will help as will the phone call on Monday.

I've added Castlecops Hijackthis forum to our list, and thanks for that suggestion.

Good luck. I'll get back to you after the call.
exbrit
MVP
MVP
Message 14 of 25

RE: Happened again today

Our developer guy says: "right click the file, go to Properties and check for the signature tab to see it it's really a McAfee exe or not".
Peacekeeper
Message 15 of 25

RE: Happened again today

The tech in on the call suggested next time you see this go to the file and right click on it and click on properties and Digital signature tab and confirm it says mcafee.
paullotion
Former Member
Message 16 of 25

RE: Happened again today

Kaspersky is not saying this is a virus or spyware, it defines programs such as Siteadvisor as riskware, this is the way the PDM(Proactive Defense)works. Put Siteadvisor in the trusted zone and it will not bother you again, until another update.
patflgn
Contributor
Message 17 of 25

Thanks

Good idea on checking properties and digital signature.

Sorry to be late on this reply. For some reason, I'm no longer receiving email notifications on this thread. Checked today just to see if there was any additional info.

paullotion: I'm still suspicious of this because I know I have the current version of SiteAdvisor, and apparently as far as anyone knows, McAfee has not released an update, so it shouldn't be downloading an update to WINNT\Temp.

For that reason, I'm not going to add it to the Trusted Zone.

Mitigating factor though is that it would be odd for a hacker to attack SiteAdvisor specifically when Microsoft OS and other more widely used vendors (like flash) would be broader targets.

Anyway, thanks for all you help everyone, especially Ex_Brit. If it happens again, I'll repost with a screenshot of the banner notification.

Thanks,
Pat
paullotion
Former Member
Message 18 of 25

RE: Thanks

Pat

The reason Kaspersky flagged the file(s) is because its trying to register a copy of itself at startup, its asking you want you want to do, if it happens again, post the problem in the Kaspersky Forum they`ll be able to assist you.
Riddlez
Contributor
Message 19 of 25

RE: Thanks

To the OP:

The SiteAdvisor product can behave eratically. To what extent this is due to the SiteAdvisor 'team', McAfee, someone else, the code, I don't know.

I've had my own bad experiences with the SiteAdvisor.

Last time I checked with HijackThis, the SiteAdvisor at the startup list had an 'unknown owner'. And it has happened to me more than once that the SiteAdvisor or a new version of it unexpectedly 'jumped' on my computer. (I received an informational alert)

My guess is that it's not a virus/malware, although one could make a case that the SiteAdvisor or McAfee software is malware ...
paullotion
Former Member
Message 20 of 25

RE: Thanks



This is a weakness within HJT, you`ll find that is quite common with HJT.
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community