DL Data Submission

Clean software submissions for whitelisting (false prevention)
McAfee Labs (formerly McAfee Avert Labs) Core Security Updates Team uses a False Positive Test Rig as part of our extensive pre-release testing. This test rig is a large array of catalogued data, used by the Core Security Updates team to guard against false positives occurring in released DATs. It consists of a collection of known clean data, acquired from commercial software vendors, including IntelĀ®, Microsoft, and IBM. Additionally, the McAfee False Prevention team also actively targets data from the Internet for download to the rig.

McAfee Labs also offers customers, partners, and other third-party software manufacturers the opportunity to submit their own proprietary software for inclusion in this rig. This significantly reduces the chances of a DAT causing false positives on unique customer applications or data. The False Positive Test Rig is located on an isolated network, and the data it contains is used only for false-positive identification testing.

Before every DAT release, the data on the false rig is scanned to identify false positive detections. Any identifications are passed to McAfee Labs researchers for analysis. The McAfee Labs Research team have final sign off on every release of a DAT.

Data submission process

IMPORTANT:

  • If you submit data for inclusion to the False Positive Test Rig, ensure that you are legally entitled to distribute the software outside of your organization. McAfee cannot be held responsible for unauthorized software distribution.
  • Customers, partners, and other users should resolve any existing detection or interoperability issues prior to contacting the McAfee False Prevention (Data Submissions) team using the guidelines in Solution 2.
If you want files to be included, they can be submitted using the following methods:
 
The supported submission formats are ZIP, RAR, or pre-extracted. Presently, McAfee Labs is unable to process Norton Ghost, ISO, VMware, or other proprietary image formats. If you are submitting specific applications or data, please submit the extracted contents of the installation package in addition to the installer to ensure all components are whitelisted.

After the data is processed and moved to the scanning rig, a confirmation email will be sent to you. The expected time between McAfee Labs receiving the data and it being processed will vary depending upon the size of the submission and current workloads, but should not exceed two working days from receipt of the submission.


What happens to the submitted data?
Where possible, the data is extracted and hashes are created to uniquely identify each file. These hashes are compared against a database of existing data, and those we already have are discarded. Any new data not currently held on the False Rig will be included on the rig and scanned with each DAT release.


Submission details
Include as much information as possible with any submission, including (but not limited to), the following:
  • Company name
  • Contact name
  • Address
  • Contact phone number (including country code)
  • Contact email address
  • SAM or Account Manager name
  • Products used (including product version and patch level)
  • Any Scan or product settings used
  • If posting by traditional mail, confirm the count of media enclosed, including the number of files
  • Description of submission contents (for example: bespoke product, internal data, software functionality and purpose)
  • Any other relevant information (such as frequency of updates)
For further information or questions, contact the False Prevention team at: datasubmission@mcafee.com


If you want to upload a submission and if you are not a registered submitter, contact datasubmission@mcafee.com