Advice Request How do you submit False Positive samples to McAfee effectively?

Please provide comments and solutions that are helpful to the author of this topic.

Anthony Qian

Anthony Qian

Level 9
Thread author
Verified
Well-known
Apr 17, 2021
448
Hi,

I’ve been using McAfee recently and I encountered some False Positive issues. Actually, I am not surprised that McAfee has a relatively high FP rate, but what surprises me most is how hard it is to let McAfee to rectify these FP problems.

I followed their False Positive submission procedure published on their website. After sending the email to virus_research@avertlabs.com, what I only got was an automatic analysis report saying the submitted sample can be detected with current DAT files. (Idk the purpose of this report. An FP sample, by definition, is definitely incorrectly detected by your engine!)

After several days, I did a rescan and found the FP problem still existed. According to the procedure, I then re-sent my samples and added NOAUTO to the subject line. Again, I got an automatic analysis report as same as the previous one.

I tried to contact their customer support, but I cannot access the chat function. I tried to get help from their official forum, but the moderator replied me with the above FP submission procedure.

Anyone who has similar experiences or has better way to submit FP samples to McAfee?
 
  • Like
Reactions: SeriousHoax and roger_m
Farhad24

Farhad24

Level 1
Mar 24, 2021
24
Norton and McAfee are both the same, they don't care that much about user submissions.
this is probably the main reason they got high FP in tests as well. they do not get any help from the outsiders and mainly rely on their own Lab
If i've submitted 30 samples to Norton since 3 years ago ( last one was like 4-5 months ago )
i only got about 3 of them replied or reclassified.
same thing goes with McAfee too.

I would say this is the way American companies works? since sending samples to TrendMicro is a cancer too. it's just so hard to find a way to submit it to them i remember a year ago that i was on Chat with their agent, even they didn't know how should you do that. one of them gave me their own upload centre to upload my samples! one of them told me to open a support case which i did and well they will ask like 1000 questions from you to see where did you find the sample and why you want to submit it etc.. its just a pain in the A. but Webroot is not the same they actually care about users submissions.

SOPHOS Dr.Web F-Secure GDATA Avast are the good ones in this era.
 
  • Like
Reactions: roger_m and Anthony Qian
Anthony Qian

Anthony Qian

Level 9
Thread author
Verified
Well-known
Apr 17, 2021
448
Farhad24 said:
Norton and McAfee are both the same, they don't care that much about user submissions.
this is probably the main reason they got high FP in tests as well. they do not get any help from the outsiders and mainly rely on their own Lab
If i've submitted 30 samples to Norton since 3 years ago ( last one was like 4-5 months ago )
i only got about 3 of them replied or reclassified.
same thing goes with McAfee too.

I would say this is the way American companies works? since sending samples to TrendMicro is a cancer too. it's just so hard to find a way to submit it to them i remember a year ago that i was on Chat with their agent, even they didn't know how should you do that. one of them gave me their own upload centre to upload my samples! one of them told me to open a support case which i did and well they will ask like 1000 questions from you to see where did you find the sample and why you want to submit it etc.. its just a pain in the A. but Webroot is not the same they actually care about users submissions.

SOPHOS Dr.Web F-Secure GDATA Avast are the good ones in this era.
Click to expand...
My FP submission experience with Norton is good. I use Symantec submission system to submit FP. They usually process my submission within 2 days. :)
 
  • Like
Reactions: roger_m, SeriousHoax, Farhad24 and 1 other person
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Anthony Qian said:
My FP submission experience with Norton is good. I use Symantec submission system to submit FP.
Click to expand...
Your submissions are "triaged" most of the time. My experience with Norton/Symantec was also very good, very professional. In general, I found that false positive related to a Microsoft app, especially a freshly updated one, will receive priority. For example: I ran Norton Power Eraser right after Edge browser updated. Three new exe/s were then uploaded. Within just a couple of hours, Symantec responded, and within four hours, each false positive was removed.
 
  • Like
Reactions: roger_m, SeriousHoax, Farhad24 and 1 other person
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,657
I would say this is the way American companies works? since sending samples to TrendMicro is a cancer too. it's just so hard to find a way to submit it to them i remember a year ago that i was on Chat with their agent, even they didn't know how should you do that. one of them gave me their own upload centre to upload my samples! one of them told me to open a support case which i did and well they will ask like 1000 questions from you to see where did you find the sample and why you want to submit it etc.. its just a pain in the A.
Click to expand...
I can confirm this question with TM (currently testing it in Malware Hub), and I could not find any working/proper site where to submit undetected samples 🤢🙄 so it seems They don't mind... 🤷‍♂️
 
  • Like
  • Sad
Reactions: roger_m, Farhad24, SeriousHoax and 2 others
Anthony Qian

Anthony Qian

Level 9
Thread author
Verified
Well-known
Apr 17, 2021
448
Farhad24 said:
Norton and McAfee are both the same, they don't care that much about user submissions.
this is probably the main reason they got high FP in tests as well. they do not get any help from the outsiders and mainly rely on their own Lab
If i've submitted 30 samples to Norton since 3 years ago ( last one was like 4-5 months ago )
i only got about 3 of them replied or reclassified.
same thing goes with McAfee too.

I would say this is the way American companies works? since sending samples to TrendMicro is a cancer too. it's just so hard to find a way to submit it to them i remember a year ago that i was on Chat with their agent, even they didn't know how should you do that. one of them gave me their own upload centre to upload my samples! one of them told me to open a support case which i did and well they will ask like 1000 questions from you to see where did you find the sample and why you want to submit it etc.. its just a pain in the A. but Webroot is not the same they actually care about users submissions.

SOPHOS Dr.Web F-Secure GDATA Avast are the good ones in this era.
Click to expand...
I eventually got in touch with McAfee's customer support and discussed the problem with them. Much to my surprise, the representative believes the problem is resolved if McAfee does not detect the sample after I manually exclude it from scanning, without asking me to provide the sample for analysis.

After some thinking, I believe the key difference between McAfee and Kaspersky (Dr. Web) in terms of their attitudes to FP is that McAfee views the analysis of client-submitted samples as a service, while Kaspersky views it as a contribution to their technology/engine.
 
  • Like
Reactions: roger_m, fabiobr, Gandalf_The_Grey and 1 other person

Similar threads

Shadowra
    • Like
    • +Reputation
    • Applause
App Review McAfee Total Protection 2024
Replies
8
Views
1,187
Video Reviews - Security and Privacy
nickstar1
nickstar1
Trident
    • Like
Serious Discussion How Well do You Understand False Positives in Forensic Reports?
Replies
7
Views
762
General Security Discussions
Trident
Trident
C
    • Like
Question What does MPSUPPORT.CAB contains? For Microsoft Defender log
Replies
9
Views
604
Microsoft Defender
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top