UBCD4Win Forums: McAfee and Windows Defender false positive - UBCD4Win Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

McAfee and Windows Defender false positive

#1 User is offline   PHO7 Icon

  • Newbie
  • Pip
    • Group: Members
    • Posts: 3
    • Joined: 22-May 09

    Posted 22 May 2009 - 01:57 PM

    Hi,

    I had downloaded UBCD4Win installer and appeared to have a potentially unwanted software alert from Windows Defender just after download. It asked me to either Ignore the Warning or Allow Windows Defender to take necessary action with this file.

    Of course I ignored the Warning, assuming it was just a false positive and Windows Defender stopped bothering me.

    I then scanned the file with various antivirus and antispyware software. These scanners are:

    McAfee VirusScan Enterprise 8.5.0i
    Malwarebytes' Anti-Malware free version (does not include real-time protection)
    AVG 8.5 FREE version

    All these scanners were up to date and did not report a single virus including McAfee.

    However, when I started installing the program, McAfee came up with a message and said it had detected a virus on the installer and removed it immediately without giving me a choice. It seems it had deleted a file from the installer and prevented me from installing the program. SO the installer gave an error message and I aborted installing the program.
    I am also assuming that what McAfee reported was also a false positive.

    Anyways, the virus alert from McAfee and the potentially unwanted software alert from Windows Defender and the McAfee Scan of the installer are shown by the image attachments I have provided.

    So these are false positives right?

    I also did a MD5 Hash check and can confirm it matches the one in the site.

    Basically this means I have to disable McAfee Virus Enterprise from running in order to properly install this program right?

    Thanks

    P.S. In order to fully read the writing in the images, click on any one here and it will redirect you to a site where you have to click on the image again in order to the full image.

    Posted Image

    Posted Image

    Posted Image
    0

    #2 User is offline   rdsok Icon

    • rdsok
    • PipPipPipPipPipPipPipPip
      • Group: Admin
      • Posts: 6,013
      • Joined: 02-October 05
      • Gender:Male
      • Location:Norman, Ok. USA

      Posted 22 May 2009 - 06:42 PM

      Neither of the detection stated that they were malware detections... they were potentionally unwanted programs also known as riskware.

      Read this FAQ http://www.ubcd4win.com/faq.htm#false


      I also noticed you have multiple antivirus programs installed... this is never recommended and causes conflicts in the system. In fact it may also make your system less protected than just running only one antivirus. See this post on the AVG Free forum for more info http://freeforum.avg...7,backpage=,sv=
      Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
      0

      #3 User is offline   PHO7 Icon

      • Newbie
      • Pip
        • Group: Members
        • Posts: 3
        • Joined: 22-May 09

        Posted 22 May 2009 - 09:42 PM

        View Postrdsok, on May 22 2009, 06:42 PM, said:

        Neither of the detection stated that they were malware detections... they were potentionally unwanted programs also known as riskware.

        Read this FAQ http://www.ubcd4win.com/faq.htm#false


        I also noticed you have multiple antivirus programs installed... this is never recommended and causes conflicts in the system. In fact it may also make your system less protected than just running only one antivirus. See this post on the AVG Free forum for more info http://freeforum.avg...7,backpage=,sv=



        hey,

        Thanks for the reply. I'm pretty sure that I did not state that McAfee detected it as malware. Anyways though I have seen the warning about having two antivirus programs installed. Thanks for that as well. By judging from the link you gave me, which was from the avg site, is it recommended to keep AVG instead of McAfee?
        0

        #4 User is offline   rdsok Icon

        • rdsok
        • PipPipPipPipPipPipPipPip
          • Group: Admin
          • Posts: 6,013
          • Joined: 02-October 05
          • Gender:Male
          • Location:Norman, Ok. USA

          Posted 22 May 2009 - 11:17 PM

          I do prefer and feel that AVG is better than McAfee, but I also volunteer my time to moderate the AVG Free forum ( a very limited amount of time currently ) so I'm certainly biased also...

          Still, that wasn't the reason that I used that link though... I simply knew where that link was located that had the informtion to help support my statement... it even has links to other companies statements about that very issue. It also has many links to the various uninstall/cleanup utils for the various products... it is highly recommended to run the uninstall/cleanup util after removing any antivirus so more of its files/settings are cleaned up.
          Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
          0

          #5 User is offline   rdsok Icon

          • rdsok
          • PipPipPipPipPipPipPipPip
            • Group: Admin
            • Posts: 6,013
            • Joined: 02-October 05
            • Gender:Male
            • Location:Norman, Ok. USA

            Posted 22 May 2009 - 11:46 PM

            Forgot this part.... false positive means a bad detection... What you were being told was that the utils were potentially risky... therefore it isn't false since if they exist without your knowledge they could be a risk.

            Examples ( with my rants on the subject)....

            All of the VNC utils are used to remotely control other computers. I think this one is obvious why its detected as riskware but I have an issue with this type of detection... that is why isn't Windows Remote Desktop ( also used for the very same thing ) not detected if they are going to classify a VNC as a risk.

            WGET ( part of the UnixUtils package )... is used to retrieve files from the internet to your computer. The rant side.... Windows includes FTP.EXE which can also be used to retrieve or even transmit files to/from the internet.

            There are also other utils that get detected by protection software... but these serve as good enough examples by themselves since all of the utils in the project are intended to be used for recovery/repair type purposes and could, if found in some other context, be considered risky by some people.


            I guess you start seeing that while you were being told they were risky... that those types of detections are valid ( but in my opinion ) are also very subjective and doesn't always use logical reasoning in what is and isn't detected.

            So as stated, the files were not falses but it also appears that you were not paying attention to what it was that you were being told about by the utils you mentioned or why else would you have posted asking about them. Unless of course you were just trying to stir up some type of scandel about them when none existed, which I doubt.
            Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
            0

            #6 User is offline   PHO7 Icon

            • Newbie
            • Pip
              • Group: Members
              • Posts: 3
              • Joined: 22-May 09

              Posted 23 May 2009 - 07:26 AM

              Ok then. Thank you for the help.

              This post has been edited by PHO7: 23 May 2009 - 07:35 AM

              0

              #7 User is offline   Gedrean Icon

              • Advanced Member
              • PipPipPipPip
                • Group: BETA Tester
                • Posts: 274
                • Joined: 02-February 07
                • Gender:Male

                Posted 23 May 2009 - 11:14 AM

                The VNC packages will probably need repacked in the next version as R7Z plugins.
                Here since February 2007, and just now got 7 demerits. I love me some Troll thread.
                0

                Page 1 of 1
                • You cannot start a new topic
                • You cannot reply to this topic

                1 User(s) are reading this topic
                0 members, 1 guests, 0 anonymous users