Another AV False Positive – McAfee

Published on April 5, 2011 by Marcus Tettmar in Announcements

Several customers have written to us in the last couple of days reporting that the latest version of McAfee is detecting a “trojan” in the compiler (msrt.exe) that shipped with Macro Scheduler Pro v11. It also reports a virus in macros compiled with that version of the compiler.

The virus reported is “Generic.dx!xdn”.

The same version of McAfee does NOT report an issue with the Macro Scheduler 12 compiler. It seems to be particular to v11.

This is a FALSE POSITIVE. We have submitted the v11 compiler to virustotal.com and ALL other AV vendors report it as clean.

Unfortunately McAfee is quarantining this file and preventing our customers from using the software and their compiled macros.

I have submitted a false positive dispute to McAfee and I would ask all customers affected by this to do the same. Details on how to report a false positive can be found here:

https://community.mcafee.com/docs/DOC-1041

There is nothing that we at MJT Net can do to prevent this false positive apart from submit a claim to McAfee. We are at their mercy. My experience is that they usually fix these issues quickly and I would hope that the next definitions update solves the problem.

However, once McAfee has updated their database you may need to reinstall Macro Scheduler v11 and may need to recompile your macros unless it is possible to recover the quarantined files. We are happy to help with this but you may need to contact McAfee for assistance with recovering files from quarantine.

Given my last blog post it feels like AV vendors are out to get us at the moment! It is most frustrating.

But it’s not only us. Just the other day I read this report about a “keylogger” being wrongly reported on Samsung laptops by the “VIPRE Antivirus Software”. The false positive could be reproduced simply by creating a new folder called “SL” anywhere on the PC!