Worthwhile to submit installers for AV whitelisting?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Worthwhile to submit installers for AV whitelisting?

nrjank
Administrator
A few false positive emails popping up on help list recently. Peeking around, I found the following page for McAfee application screening submission.  Seems it just takes and email with some info and link to the download.  

Is that worthwhile? Some of the info requested (mostly corporate contact stuff)  I don’t know what we’d fill in. 

Yes this is just one company, but this is a pretty low bar for consideration

Reply | Threaded
Open this post in threaded view
|

Re: Worthwhile to submit installers for AV whitelisting?

nrjank
Administrator
On Thu, Feb 20, 2020 at 7:44 AM Nicholas Jankowski <[hidden email]> wrote:
A few false positive emails popping up on help list recently. Peeking around, I found the following page for McAfee application screening submission.  Seems it just takes and email with some info and link to the download.  

Is that worthwhile? Some of the info requested (mostly corporate contact stuff)  I don’t know what we’d fill in. 

Yes this is just one company, but this is a pretty low bar for consideration



I'm guessing getting Octave and the libsqlite3-0.dll file whitelisted would require submission to the following for 3rd parties. Assuming most emails won't permit dll and exe attachments, it'll probably require requesting FTP access:


If you want files to be included, you can submit them using the following methods:
  • Notify McAfee Labs of a download location by contacting: [hidden email]
  • Upload files to the False Submission FTP site.

    To request an FTP account, contact: [hidden email] 
NOTE: The supported submission formats are ZIP, RAR, or pre-extracted. Presently, McAfee Labs is unable to process Norton Ghost, ISO, VMware, or other proprietary image formats. If you are submitting specific applications or data, submit the extracted contents of the installation package in addition to the installer. Submitting both ensures that all components are whitelisted.

After the data is processed and moved to the scanning rig, a confirmation email is sent to you. The expected time between McAfee Labs receiving the data, and it being processed, varies with the size of the submission and current workloads. It normally does not exceed two working days from receipt of the submission.

What happens to the submitted data?
Where possible, the data is extracted and hashes are created to uniquely identify each file. These hashes are compared against a database of existing data. Any that we already have are discarded. Any new data not currently held on the False Rig is included on the rig and scanned with each DAT release.


Submission details
Include as much information as possible with any submission, including (but not limited to) the following:
  • Company name
  • Contact name
  • Address
  • Contact phone number (including country code)
  • Contact email address
  • SAM or Account Manager name
  • Products used (including product version and update level)
  • Any Scan or product settings used
  • If posting by traditional mail, confirm the count of media enclosed, including the number of files
  • Description of submission contents (for example, bespoke product, internal data, software functionality and purpose)
  • Any other relevant information (such as frequency of updates)
For further information or questions, contact the False Prevention team at: [hidden email]
 
Reply | Threaded
Open this post in threaded view
|

Re: Worthwhile to submit installers for AV whitelisting?

nrjank
Administrator
On Thu, Feb 20, 2020 at 1:21 PM Nicholas Jankowski <[hidden email]> wrote:
On Thu, Feb 20, 2020 at 7:44 AM Nicholas Jankowski <[hidden email]> wrote:
A few false positive emails popping up on help list recently. Peeking around, I found the following page for McAfee application screening submission.  Seems it just takes and email with some info and link to the download.  

Is that worthwhile? Some of the info requested (mostly corporate contact stuff)  I don’t know what we’d fill in. 

Yes this is just one company, but this is a pretty low bar for consideration



I'm guessing getting Octave and the libsqlite3-0.dll file whitelisted would require submission to the following for 3rd parties. Assuming most emails won't permit dll and exe attachments, it'll probably require requesting FTP access:


since my work machine got flagged as well today at work after virus definitions updated, I took the liberty of emailing them for access to upload files for whitelisting.  (cc'd jwe as official org rep)