Clean software submissions for whitelisting (false prevention)
McAfee Labs (formerly McAfee Avert Labs) Core Security Updates Team uses a False Positive Test Rig as part of our extensive pre-release testing. This test rig is a large array of catalogued data, used by the Core Security Updates team to guard against false positives occurring in released DATs. It consists of a collection of known clean data, acquired from commercial software vendors, including Intel®, Microsoft, and IBM. Additionally, the McAfee False Prevention team also actively targets data from the Internet for download to the rig.
McAfee Labs also offers customers, partners, and other third-party software manufacturers the opportunity to submit their own proprietary software for inclusion in this rig. This significantly reduces the chances of a DAT causing false positives on unique customer applications or data. The False Positive Test Rig is located on an isolated network, and the data it contains is used only for false-positive identification testing.
Before every DAT release, the data on the false rig is scanned to identify false positive detections. Any identifications are passed to McAfee Labs researchers for analysis. The McAfee Labs Research team have final sign off on every release of a DAT.
Data submission process
- If you submit data for inclusion to the False Positive Test Rig, ensure that you are legally entitled to distribute the software outside of your organization. McAfee cannot be held responsible for unauthorized software distribution.
- Customers, partners, and other users should resolve any existing detection or interoperability issues prior to contacting the McAfee False Prevention (Data Submissions) team using the guidelines in Solution 2.
- Notify McAfee Labs of a download location by contacting: firstname.lastname@example.org
- Upload files to the False Submission FTP site. To request an FTP account, contact: email@example.com
After the data is processed and moved to the scanning rig, a confirmation email will be sent to you. The expected time between McAfee Labs receiving the data and it being processed will vary depending upon the size of the submission and current workloads, but should not exceed two working days from receipt of the submission.
What happens to the submitted data?
Where possible, the data is extracted and hashes are created to uniquely identify each file. These hashes are compared against a database of existing data, and those we already have are discarded. Any new data not currently held on the False Rig will be included on the rig and scanned with each DAT release.
Include as much information as possible with any submission, including (but not limited to), the following:
- Company name
- Contact name
- Contact phone number (including country code)
- Contact email address
- SAM or Account Manager name
- Products used (including product version and patch level)
- Any Scan or product settings used
- If posting by traditional mail, confirm the count of media enclosed, including the number of files
- Description of submission contents (for example: bespoke product, internal data, software functionality and purpose)
- Any other relevant information (such as frequency of updates)