Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error
Trojan false positive in McAfee
Options
Previous Topic Next Topic
christoff85
#1 Posted : Thursday, May 11, 2023 2:03:49 PM(UTC)
Rank: Newbie

Groups: Registered
Joined: 3/11/2021(UTC)
Posts: 1
Location: Poland
Hi,

I've been using Your product for several years without any issues. Suddenly this week, NCrunch stopped working with very strange symptoms.
After several hours of investigation I found out, that McAffe antivirus flagged nCrunch.Core.dll as Trojan and deleted it from my hard drive.

As this is company PC I cannot alter McAfee in any way.
Is there any other option, to convince McAfee that Your product is 100% safe?

Best regards
Chris


These are the two scans with false positives:

First:
Analyzer / Detector
Analyzer content creation date 10.5.2023 9:24 AM
Product name McAfee Endpoint Security
Product version 10.7.0.2522
McAfee GTI query Yes
Task name On-Access Scan
Feature name On-Access Scan

Threat
Action taken Delete
Threat category Malware detected
Threat detected on creation No
Threat event ID 1027
Threat handled Yes
Threat name GenericRXVX-GX!D9B04E5C3803
Threat severity Critical
Threat timestamp 11.5.2023 3:36 PM
Threat type Trojan

Source
Source process name SYSTEM

Target
Target access time 11.5.2023 3:36 PM
Target create time 7.2.2023 3:52 PM
Target file size (bytes) 558080
Target hash d9b04e5c38034def22f07501566ef1cd

Target modify time 7.2.2023 3:52 PM
Target name nCrunch.Core.dll
Target path C:\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\Extensions\Remco Software\NCrunch for Visual Studio 2022
Target user name ZARZĄDZANIE NT\SYSTEM


Second:
Analyzer / Detector
Analyzer content creation date 9.5.2023 9:26 AM
Product name McAfee Endpoint Security
Product version 10.7.0.2522
McAfee GTI query Yes
Task name On-Access Scan
Feature name On-Access Scan

Threat
Action taken Delete
Threat category Malware detected
Threat detected on creation No
Threat event ID 1027
Threat handled Yes
Threat name GenericRXVX-GX!214BEC10815C
Threat severity Critical
Threat timestamp 10.5.2023 1:33 PM
Threat type Trojan

Source
Source process name SYSTEM

Target
Target access time 10.5.2023 1:33 PM
Target create time 3.11.2021 2:11 PM
Target file size (bytes) 504832
Target hash 214bec10815c260fc63fedb192238373
Target modify time 3.11.2021 2:11 PM
Target name nCrunch.Core.dll
Target path C:\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\Extensions\Remco Software\NCrunch for Visual Studio 2022
Target user name ZARZĄDZANIE NT\SYSTEM
Back to top
Remco
#2 Posted : Thursday, May 11, 2023 8:47:48 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 6,974

Thanks: 929 times
Was thanked: 1256 time(s) in 1169 post(s)
Hi, thanks for sharing this issue.

False positives do appear from time to time. There's a whole world full of AV products out there and occasionally they get things wrong.

The vendors of AV products pretty much always have a form you can submit to declare that the file is a false positive. Unfortunately, this isn't a service we can handle as the developers of the software, as in most cases it needs to be handled by a licensed user. I suggest checking with McAfee for options on reporting the false positive. If you need to collect evidence that it's not a trojan, you can try submitting the file to one of the numerous scanner aggregation services which should show clear scans from all the other vendors.
Back to top
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAF | YAF © 2003-2011, Yet Another Forum.NET
This page was generated in 0.045 seconds.
Trial NCrunch
Take NCrunch for a spin
Do your fingers a favour and supercharge your testing workflow
Free Download