WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: McAffee-Intel AV (Windows) vs TC 32-bit vmlinuz (4.2.9)  (Read 1812 times)

Offline Rudock1

  • Jr. Member
  • **
  • Posts: 62
McAffee-Intel AV (Windows) vs TC 32-bit vmlinuz (4.2.9)
« on: April 13, 2016, 02:55:00 PM »
BLUF: McAfee and VBA32 anti-virus tools are getting a false positive on 4.2.9 vmlinuz 32-bit

Hi all,

Recently, I encountered some random boot failures with my 32-bit TC bootable USB. The cause turned out to be from my Windows McAfee AV software which is set to automatically quarantine any suspicious files.  In particular, vmlinuz (32-bit, v4.2.9) was deleted from my USB.

vmlinuz details:
MD5: 7b9b116d0ea5d142706b626224a4381b
SHA256: 6decda27b36d0fed61ccf73a79bbe3fe1153327fb69be3d4963e69e48ece0d2b

You can test any file for virus issues at virustoal dot com.  This service shows three AV packages currently are triggering a false positive on the latest 32-bit kernel.

McAfee has this knowledge base article:
How to submit virus samples and false positives to McAfee Labs (Document ID: TS102053)

I've followed the procedure to submit a file for review.  Hopefully, it will get cleared up soon.

thx
Billy

Offline NewUser

  • Full Member
  • ***
  • Posts: 169
Re: McAffee-Intel AV (Windows) vs TC 32-bit vmlinuz (4.2.9)
« Reply #1 on: April 13, 2016, 05:05:43 PM »
I encountered the same thing recently when using core2usb.  Fortunately I do not have McAfee at home, so that's where my testing will be done.

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11049
Re: McAffee-Intel AV (Windows) vs TC 32-bit vmlinuz (4.2.9)
« Reply #2 on: April 14, 2016, 03:22:23 AM »
Thanks for reporting it to them.

Your checksums match those from my original build, so I can confirm nothing has been compromised.

However, it's not really up to us to test random Windows anti-virus products, many of us do not even have Windows. Even a web service is cumbersome, when we'd have to upload lots of files, then help the AV makers fix their products. So, for issues like this, we'll need to rely on users like you to take action.
The only barriers that can stop you are the ones you create yourself.