In the security industry it’s especially nice that many companies get along and often help each other. WinPatrol may not be considered competition but I still have great relationships with folks at SunBelt Software(now part of GFI Software), MalwareBytes, Kaspersky, ESET, Microsoft and even Symantec. One company who apparently has no interest in working together is McAfee
now owned by Intel.
Two weeks ago McAfee changed one of their signature files and it started to tell all their customers our WinPatrol setup programs was a dangerous Trojan named Artemis!4FAE1D776481. A week ago I finally found the correct procedure to submit my file and report their “false-positive” error. I was told by an automated Email that their test was inconclusive and the file was being sent to Bangalore India for more research.
October 4th McAfee Labs – Beaverton
Current Scan Engine: Version:5400.1158
Current DAT Version:6120.0000
Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected.
October 6th McAfee Labs Sample Analysis
Issue Number: 6239937 Virus Researcher: Vivekanandan C
McAfee Labs, McAfee Labs, Bangalore, India
Synopsis - File Name - wpsetup.exe
We are forwarding the inconclusive samples to our Senior Research Engineers for further review. We will get back to you once the researcher has completed the evaluation.
It’s not unusual for Anti-Virus companies to report “false positives”. This has happen a few times in the past but other companies had quick responses and were anxious to fix their errors. The same is not true with McAfee
which is now owned by Intel.
This mistake by McAfee came at a time when a brand new version of WinPatrol was released and widely promoted. I can’t begin to imagine how many customers I’ve lost because McAfee wouldn’t allow them to install WinPatrol. I’m sad to say many believed McAfee and will never trust WinPatrol. This is a great insult to their users and the entire WinPatrol community. Even now hundreds of copies of the falsely identified versions are still available on websites like CNET’s Download.com.
Recent Reviews on CNET Download.com
The reviews above prove how McAfee has damaged WinPatrol and it’s reputation. Even the folks who know that McAfee is wrong, have been giving us low ratings on CNET hurting our review status. Click here to post your own review.
Thankfully CNET editors don’t use McAfee
Instead of waiting for McAfee and losing more customers I have re-created our setup program by purchasing a new install package called Tarma InstallMate 7. McAfee does not report a false problem with this new setup. If you’re still a McAfee user or you have a copy of wpsetup.exe on your website, you can download this new file from http://www.winpatrol.com/download.html. If you have already successfully installed WinPatrol 19, the Cloud Edition, no action is required. All the installed files are the same as our previous setup.
It’s always nice to have friends like Steven Burn who manages the website www.it-mate.co.uk. Steve was helpful in getting a response from McAfee.
Just checked our database. That particular file was whitelisted today, Oct 10 2010 (Sunday, BTW :)) , by a McAfee researcher in Bangalore, India. So, the detection should go away soon as the "news" spread through the cloud
(Artemis is our "in the cloud" detection technology).
I have confirmed using VirusTotal that we test clean. Dmitry and a few other corrected me when I said McAfee was owned by Intel. This transaction has not been completed so Intel is not currently involved with any operations at McAfee.