Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Positive BehavesLike.Win32.Dropper.nh NON-SENSE by McAfee-GW-Edition


  • Please log in to reply
8 replies to this topic

#1 msi4mahesh

msi4mahesh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 27 October 2014 - 11:49 AM

I am a developer and I use nsis most of the time. I am sure there are other who use nsis and perhaps they have faced the same problem as I did. Problem is mcafee detects even an empty installer as a threat regardless of it's emptiness. As a developer I am frustrated with all the alerts given by Mcafee. Below is an analysis done by various antivirus programs and they seem to function quiet fine with nsis but not Mcafee.

 

https://www.virustotal.com/en/file/755f5eb13371bf03b5e8d4398869e0b1a19b189b7214d8cfe516bda9b951748b/analysis/1412582177/

 

If anyone here has faced the same problem, please complain this to them so they will review it.  



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 27 October 2014 - 04:17 PM

If you are a client from McAfee, the best thing you can do is open a support case with them for a false positive.

Edited by Didier Stevens, 28 October 2014 - 02:13 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:13 AM

Posted 27 October 2014 - 09:41 PM

Submit a Sample To McAfee
How to submit virus samples, false positives, clean files for false prevention, and detection disputes
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 msi4mahesh

msi4mahesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 28 October 2014 - 10:04 AM

 

 

Thank you for your reply and actually we have submitted a sample and also found a thread related to the same issue on mcafee community.

 

https://community.mcafee.com/message/355351#355351



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:13 AM

Posted 28 October 2014 - 11:48 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 msi4mahesh

msi4mahesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 30 October 2014 - 10:50 AM

Whoever faces this problem could simply respond to https://community.mcafee.com/message/355351#355351 In order to get a fast response from mcafee.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:13 AM

Posted 30 October 2014 - 11:50 AM

Looks like several users are having the same issue...but as one poster (asabban Oct 29, 2014) notes...

...the people who could give a response do not participate here, so while I understand that the situation is frustrating it won't get by complaining at the community...I think the right processes have already mentioned. It is not the first time the established processes do not work or do not yield the expected result, in such a case the issue should be escalated through the Support Account Manager or Sales representative...Actually it was already mentioned that the detection was not by any static pattern but due to behavioral analysis.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 msi4mahesh

msi4mahesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 30 October 2014 - 12:29 PM

Looks like several users are having the same issue...but as one poster (asabban Oct 29, 2014) notes...

...the people who could give a response do not participate here, so while I understand that the situation is frustrating it won't get by complaining at the community...I think the right processes have already mentioned. It is not the first time the established processes do not work or do not yield the expected result, in such a case the issue should be escalated through the Support Account Manager or Sales representative...Actually it was already mentioned that the detection was not by any static pattern but due to behavioral analysis.

 

 

 

Yeah that is true and I have talked with the person who started the thread and he mentioned they have reported a false positive to mcafee using their procedures many times and NSIS problem is something that has been there for a long time without a respond from Mcafee.

 

Here is false positives of NSIS 

 

http://nsis.sourceforge.net/NSIS_False_Positives

 

Over the time almost all other AVs whitelisted NSIS yet Mcafee fails to do so under not one but many false positive reports. However thank you very much for your interest taken on this subject.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:13 AM

Posted 30 October 2014 - 04:22 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users