Over the past two days Ad-Aware has beginning flagging McAfee SiteAdvisor Enterprise (v. 2.0.0.328) as WinAD.
The filename is McSACore.exe.
I believe this is a false-positive. SiteAdvisor is a tool from McAfee that plugs in to the web browser to warn or restrict the user from visiting sites that have been identified as distributed malware, spamming, phishing, etc.
I've included the .exe in the attached zip file.
Full Version: McAfee SiteAdvisor - False Positive
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
Hi pctec100,
Thanks for your post. Could I ask you to upload the log file of the scan that detected this file? Thanks!
Regards,
Andy
Lavasoft Malware Labs
Thanks for your post. Could I ask you to upload the log file of the scan that detected this file? Thanks!
Regards,
Andy
Lavasoft Malware Labs
Log file provided.
In case you are wondering why we are still on SE, we are in the process of upgrading but the project is in the early phases.
In case you are wondering why we are still on SE, we are in the process of upgrading but the project is in the early phases.
Hi pctec100,
Thanks for the log file - the detected McAfee file contained some information that was common to the WinAD family - I have removed the signature that would have flagged the McAfee file from the database. This will be included in the next definition file update.
Regards,
Andy
Lavasoft Malware Labs
Thanks for the log file - the detected McAfee file contained some information that was common to the WinAD family - I have removed the signature that would have flagged the McAfee file from the database. This will be included in the next definition file update.
Regards,
Andy
Lavasoft Malware Labs
This was fixed for a while but is occurring again after a recent definition file update.
Hi pctec100,
Could you please post the most recent log file for our Malware Labs team to have a look at to see what is being identified so they can track it down?
Many thanks for your patience!
Could you please post the most recent log file for our Malware Labs team to have a look at to see what is being identified so they can track it down?
Many thanks for your patience!
Is this good enough or do you need the full file?
WinAD Object Recognized!
Type : Process
Data : McSACore.exe
TAC Rating : 7
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\McAfee\SiteAdvisor Enterprise\
Warning! WinAD Object found in memory(C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe)
"C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe"Process terminated successfully
"C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe"Process terminated successfully
WinAD Object Recognized!
Type : Process
Data : McSACore.exe
TAC Rating : 7
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\McAfee\SiteAdvisor Enterprise\
Warning! WinAD Object found in memory(C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe)
"C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe"Process terminated successfully
"C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe"Process terminated successfully
Hi, if you could copy and post the entire log that would enable them to see the date, version of Ad-Aware, definition file used, etc. that may be helpful, although what you have posted there looks nearly identical to the last one. I'll certainly call their attention to this topic again.
You are using the enterprise (or a commercial) verison of Ad-Aware SE, right? Definition updates for SE will be discontinued at the end of this month. Are you still in the process of upgrading?
You are using the enterprise (or a commercial) verison of Ad-Aware SE, right? Definition updates for SE will be discontinued at the end of this month. Are you still in the process of upgrading?
*Bump*
Waiting for a response pctec100
Waiting for a response pctec100
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.