By Bill Pytlovany
In the security industry it’s especially nice that many companies get along and often help each other. WinPatrol may not be considered competition but I still have great relationships with folks at SunBelt Software(now part of GFI Software), MalwareBytes, Kaspersky, ESET, Microsoft and even Symantec. One company who apparently has no interest in working together is McAfee now owned by Intel.
Two weeks ago McAfee changed one of their signature files and it started to tell all their customers our WinPatrol setup programs was a dangerous Trojan named Artemis!4FAE1D776481. A week ago I finally found the correct procedure to submit my file and report their “false-positive” error. I was told by an automated Email that their test was inconclusive and the file was being sent to Bangalore India for more research.
October 4th McAfee Labs – Beaverton
Current Scan Engine: Version:5400.1158
Current DAT Version:6120.0000
Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected.
October 6th McAfee Labs Sample Analysis
Issue Number: 6239937 Virus Researcher: Vivekanandan C
McAfee Labs, McAfee Labs, Bangalore, India
Synopsis – File Name – wpsetup.exe
We are forwarding the inconclusive samples to our Senior Research Engineers for further review. We will get back to you once the researcher has completed the evaluation.
It’s not unusual for Anti-Virus companies to report “false positives”. This has happen a few times in the past but other companies had quick responses and were anxious to fix their errors. The same is not true with McAfee which is now owned by Intel.
This mistake by McAfee came at a time when a brand new version of WinPatrol was released and widely promoted. I can’t begin to imagine how many customers I’ve lost because McAfee wouldn’t allow them to install WinPatrol. I’m sad to say many believed McAfee and will never trust WinPatrol. This is a great insult to their users and the entire WinPatrol community. Even now hundreds of copies of the falsely identified versions are still available on websites like CNET’s Download.com.
This post is excerpted with Bill’s permission from his blog