Forum Replies Created
-
AuthorPosts
-
wyattwicParticipant
Forgot to add this before I head off. Here is a screenshot of the detection trace
In this case vorpcontrol downloads the update file to temp and when it tries to execute it ATP deletes the downloaded file, causing vorpcontrol to crash. Vorpcontrol is seen as 70% trusted because it knows it ran in response to the user and came from a trusted source. The downloaded file is seen as 15% because it sees it as a background executed file, from an unknown source being ran as admin.
Hope this helps a little!
wyattwicParticipantThe folder is already excluded, you have executable being written to the tmp folder then ran, causing the new issues I’m having.
vorpcontrol.exe is also already considered trusted and doesn’t need an exclusion but flags on the files you are writing to “\AppData\Local\Temp”. The flag description tells me that McAfee doesn’t recognize the file in temp as yours and looks like a privilege escalation attempt of a tool kit.
Is there an option to modify that behavior to keep the file inside the installation directory?
I want to help you get your program away from being detected. I get paid to do this for programs I don’t enjoy. I enjoy your program, I would like to help.
Goodnight, I’ll be on tomorrow!
wyattwicParticipantAdding this for reference. Its from good old 2005, but it hasn’t changed.
wyattwicParticipantHello Ralf,
Leaving McAfee is not an option for us right now and asking people to change major aspects of their environment isn’t reasonable.
My question is would you be willing to do code signing?
It helps security professionals like myself eliminate issues like this and helps us know it was made by you. I’ve already emailed samples of the current version to McAfee support and it will likely be off the list in the next few days, but code signing helps keep future versions off too.
-
AuthorPosts