You are here

[Fixed] False-positive in LibreOffice Portable 3.5.0 by McAfee

17 posts / 0 new
Last post
docda
Offline
Last seen: 5 years 5 months ago
Joined: 2008-06-15 16:46
[Fixed] False-positive in LibreOffice Portable 3.5.0 by McAfee

Have just attempted download of LibreOffice 3.5.0.
McAfee Antivirus is flagging a virus and is shutting down
the download/install. May pay to check your installs folks.
Is anybody else experiencing the same problem???

Additional info:
Name: 325.nsis
Detection type: trojan
Detected as: Ransom-G.a

Gord Caswell
Gord Caswell's picture
Offline
Last seen: 1 month 1 week ago
DeveloperModerator
Joined: 2008-07-24 18:46
False Positive

This is a false positive. For further information, check here: https://portableapps.com/support#false_positive

mrgou
Offline
Last seen: 2 years 11 months ago
Joined: 2011-03-15 06:33
Only in VirusScan

https://www.virustotal.com/file/3b6a7690561a3d844ca546b280215ac21939718d...

I ran the file from the original release, and it doesn't trigger any positive. I'll try and replace the file from the portable edition from the one in the original release.

vf2nsr
vf2nsr's picture
Offline
Last seen: 8 years 1 month ago
Developer
Joined: 2010-02-13 17:10
Vipre Internet Security 2012

2 machines no issues

“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss

pgd
Offline
Last seen: 10 years 10 months ago
Joined: 2012-02-19 15:40
Same problem here (VirusScan Enterprise 8.8)

Don't really care if false positive, address McAfee or tweak the compression parameters...

... Daniel

Gord Caswell
Gord Caswell's picture
Offline
Last seen: 1 month 1 week ago
DeveloperModerator
Joined: 2008-07-24 18:46
Please contact your AV provider

As an enduser, you need to contact your AV provider to report the false positive.

mrgou
Offline
Last seen: 2 years 11 months ago
Joined: 2011-03-15 06:33
Easier said than done

As far as I can tell, McAfee offer no easy mechanism to report false positives. Portableapps developpers may have better luck doing it:

https://secure.mcafee.com/apps/mcafee-labs/dispute-form.aspx?region=us

depp.jones
Offline
Last seen: 7 hours 6 min ago
DeveloperTranslator
Joined: 2010-06-05 17:19
OT

And that's exactly why I hate anti virus solutions (although they are indispensable).
There is a big company that releases a software that is defective (virus definitions with false positive). Because of that, its users have hassle to run the (hopefully clean) software they want to use; the creator of the suspected software is bound to loose reputation (and money especially if its commercial software).
It's simply intolerable that there is no big button somewhere on their (McAfee's) site to at least report that fault to be easily corrected.
To pass this responsibility to the developer of the suspected app are bad business practices... Especially as they give a processing time of four to six weeks!
It's like "We're sorry that our detection system flagged your software as bad. There has to be something fishy in it but we could possibly have a look sometimes..."

J Neutron
Offline
Last seen: 6 months 3 weeks ago
Joined: 2008-06-10 19:26
False-positive reporting

Refer to this discussion for tips on reporting false-positives:

https://portableapps.com/node/21968

neutron1132 (at) usa (dot) com

mrgou
Offline
Last seen: 2 years 11 months ago
Joined: 2011-03-15 06:33
I looked at that page indeed,

I looked at that page indeed, but it shows how inefficient McAfee is at that. The instructions are two and a half years old, the webimmune system being referred to was discontinued last year, and I have doubts that a simple e-mail would be enough.

The only dedicated gateway for these reports is the dispute form for developers.

As depp.jones wrote, there should be a clear, easy-to-access report form, but there is none...

By the way, I tried replacing the PortableApps dll file with the one from the "regular" distribution, but it doesn't work either.

J Neutron
Offline
Last seen: 6 months 3 weeks ago
Joined: 2008-06-10 19:26
Sorry

I tried pointing you to some help. Yeah, false positives has been a problem since there was anti-virus software.

But bemoaning the fact that the anti-virus software you happen to use doesn't work well and that anti-virus company isn't as cooperative as you demand is best addressed to that company, right?

And besides, it is your money they have/want. They want to influence your choice of anti-virus software, and it appears that they have made their attitudes clear.

neutron1132 (at) usa (dot) com

mrgou
Offline
Last seen: 2 years 11 months ago
Joined: 2011-03-15 06:33
Yes agreed

Thanks for providing help. I completely agree with what you said. I just meant that, beside the general problem, there appears to be very we, LibreOffice Portable end-users, can do for McAfee to fix the false positive on this dll file. I'll just keep trying once in a while in the hope that a virus definition update fixes that, or wait for a later release.

barky
Offline
Last seen: 1 year 2 weeks ago
Joined: 2008-12-20 09:09
McAfee pain continues then ....

I gave up on McAfee years ago, back when it had just/was just switching away from the network associates banner .... too many FP's etc for my liking then ... always seems to have been more tuned to corporate locked down business environment with end/small users an afterthought

Gord Caswell
Gord Caswell's picture
Offline
Last seen: 1 month 1 week ago
DeveloperModerator
Joined: 2008-07-24 18:46
report it using these instructions

Follow these instructions: https://community.mcafee.com/thread/2016

mrgou
Offline
Last seen: 2 years 11 months ago
Joined: 2011-03-15 06:33
Thanks!

These are much more recent instructions. I submitted the file via e-mail. We'll just have to hope they process this efficiently...

jrjoyce
Offline
Last seen: 3 years 7 months ago
Joined: 2009-03-08 20:52
False Positive Issue Apparently Resolved.

It appears that this false positive issue may be resolved, at least for now. When I'd first tried updating LibreOffice to version 3.5.0 McAfee VirusScan Enterprise v8.5.0.781 using Virus Definitions file v6624.0000 flagged the extracted file 'filterconfiglo.dll' as being infected with the Ransom-G.a trojan, and deletes it, along with blowing away a variety of registry settings. When I attempted to upgrade LibreOffice again this weekend, using Virus Definitions file v6639.0000 the upgrade appeared to complete normally. It did take quite a while for the update to complete and, for whatever reason, I had to explicitly re-trigger the 'Refresh App Icons' function before I was able to launch it from the PortableApps menu (the menu initially still showed the old version number), but once done it has so far been running fine.

John

barky
Offline
Last seen: 1 year 2 weeks ago
Joined: 2008-12-20 09:09
hopefully there won't be any

hopefully there won't be any FP troubles in 3.5.1 ... due as full release within next couple of weeks?

Log in or register to post comments