Bug? Basic4Android.exe quarantined by McAfee antivirus

[avalle]

Hi,
I'm facing an odd and annoying issue after installing B4A on my new laptop running Windows 7.
A few days later I wasn't able to launch the B4A IDE and the cause was that the exe file disappeared from the Program Files directory.
I reinstalled it at but after a few days it disappeared again.
Then I realized that the McAfee Quarantined folder contained a file, and it was exactly the missing B4A exe renamed as .bup.
I'm wondering if anyone has ever faced the same issue, and in case if there are any reasons for that.
I should be able to whitelist it and avoid the issue again, but I'm asking before a better solution exists.

System details:
- Lenovo W540 running Windows 7 Enterprise
- B4A 3.82
- McAfee Viruscan Enterprise + Antispam Enterprise 8.8.0.975

Thanks
Andrea

 

[DonManfred]

Seems to be a false positive.
I have comodo and b4a is not alerted here

 

[Erel]

I've just tested it in VirusTotal (online detector). None of the 54 engines found anything.

 

[nikolaus]

Hmm, that bug has a name:
McAffee

 

[MaFu]

If i heared from false positives from users about one of my programs it's almost always McAfee. This scanner is a pain in the a...

 

[avalle]

Guys, I understand your comments but using McAfee is my employer's decision so I cannot workaround it, so be patient...

I have investigated this issue in details and I have identified the cause. McAfee Antivirus/Malware detects B4A executable (3.82) as a "potentially infected" file, even if it does not associate it with known virus or threat definitions.
According to McAfee the fact that it keeps being detected means that it has already been detected on other systems, so it makes sense to fix this for anyone facing the issue and for any future B4A customer.

Here is the procedure that the owner of a detected software should follow in case their files are being quarantined as false positive:
https://community.mcafee.com/thread/2016
And this is the DetectionName as found on my computer (required by McAfee to submit the claim): Artemis!10BAC82FC3BB

I would be very glad if someone from B4A support could apply for the procedure at:
https://secure.mcafee.com/apps/mcafee-labs/dispute-form.aspx
to solve this issue completely.

Thanks
Andrea

 

[avalle]

And just to make it clear: I have checked that the quarantined file is exactly the same as the original Basic4Android.exe file as installed.
Here's the SHA1 hash: 535F073B5484726BA776134E6B3E9391BCD43FB7

This means that the detected file was not infected on my pc, but it's the original executable distributed with the installer.

Andrea

 

[Erel]

I will fill it. What should I fill in the Mcafee product information fields/

 

[avalle]

Thanks Erel, I will send you by PM the full Details file for reference in case.
Shortly, it's McAfee Viruscan Enterprise + Antispam Enterprise 8.8.0.975

 

[Peter Simpson]

The virus is McAfee.
McAfee is and always has been terrible for false positives. Me, I personally use Avast