Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

McAfee misidentifies my software as malicious 1

Status
Not open for further replies.
MatthewBragg

MatthewBragg

Programmer
Jul 8, 2008
6
0
0
GB
I've written a software updater in Delphi 6 with TIdFTP and TIdAntifreeze components. The updater downloads the latest update of my software to existing users. McAfee misidentifies the downloader exe file as containing a Trojan and quarantines it - so it can't run. Although this misidentification by McAfee appears to be quite common according to googling "mcafee misidentification", McAfee don't answer my emails on this topic. I'm unable to release this software until the issue is dealt with. Has anyone got a clue about what I could do about it?

 
Sort by date Sort by votes
Don't know what other think but I suspect that McAfee operate a Whitelist policy.
i.e. Anything their Heuristic engine doesn't recognise and that isn't in McAfee's list of 'Safe' software will get flagged as Bad.

I don't think McAfee will take any notice of direct emails after all any virus writer could write to them saying Please don't block our product, how would they know?

I don't use McAfee myself so you will need confirmation of this but most Anti-Malware software has a 'Report false positive' option you should use this to get them to add your software to their WhiteList.

It could be that a change of protocol will solve the problem, but doubtful?



Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
 
Upvote 0 Downvote
Another option might be to throw in a bunch of code and re-compile in case the new executable stops displaying the appearances of a trojan. If you can try stripping out as much debug information as possible in case McAfee is looking for TIdFTP in the executable.
 
Upvote 0 Downvote
I tried fiddling about, changing the code in trivial ways without removing the functionality, but it didn't help.

I finally found this McAfee website: -where I was able to upload the file. Within some hours they sent me a new antivirus .dat file - adjusted so that my program no longer gets quarantined. It seems to have worked.

However, it doesn't cover the cases where people can no longer get my updates because their downloader has been quarantined. Nor the cases where my customers don't always keep their antivirus up to date. It's my helpline that picks up the bill for that, not theirs, so I suppose I can't expect them to feel bothered about it.
 
Upvote 0 Downvote
You could use a different way to download the update.
I guess you could use this:

Code: 
uses
   urlmon;
...
...
begin
   URLDownloadToFile(nil, PChar(url_to_download), PChar(filename_to_save), 0, nil);
end;

Or any other method.
Not sure if Urlmon gets detected as a virus too...
You could use this:

 
Upvote 0 Downvote
I didn't know about URLDownloadToFile - thanks, I'll give it a try. Sounds promising.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Baldur3635
  • Locked
  • Question
Brain Fog with MyDac and XE7
Replies
2
Views
48
Baldur3635
Baldur3635
NiMuSi
  • Locked
  • Question
Catching Exception in Async TADOQuery
Replies
2
Views
58
NiMuSi
NiMuSi
LeePH
  • Locked
  • Question
Using Delphi 7, can I include "qtintf70.dll" in my program.exe file?
Replies
2
Views
78
majlumbo
majlumbo
trw12
  • Locked
  • Question
UASM Assembler - Borland Fastcall (Register) Calling Convention
Replies
0
Views
41
trw12
trw12
Sheepx
  • Locked
  • Question
Best way to go about Loading runescape within my Delphi application
Replies
0
Views
31
Sheepx
Sheepx

Part and Inventory Search

Sponsor

Back
Top