Loading...

Knowledge Center


Potentially Unwanted Program (PUP) detection specific to software is usually not a false positive
Technical Articles ID:   KB90682
Last Modified:  6/19/2018

Environment

McAfee Endpoint Security (ENS) Threat Prevention 10.x
McAfee VirusScan Enterprise (VSE) 8.8

Summary

This article contains an overview of considerations to review before submitting a Potentially Unwanted Program (PUP) detection as a false positive. PUP detection specific to software usually is not a false positive.

Problem

A software package that you want to have in your environment is categorized as a PUP. You would like to have the software in your environment, and do not consider it suspicious, based on your required use and understanding of its functionality. The assumption could be made that this categorization is a false positive and needs to be addressed by McAfee Labs.

For example: 
An administrator has installed the ActivTrak software to observe what their users are doing on their systems. The administrator also has ENS or VSE installed, and the scanner detects the .msi and other related files for the software as a PUP:
  • ActivTrak
  • ActivTrak-GQD
  • ActiveTrak-GOV

Cause

The software falls into one of the following PUP categories:
  • Spyware
  • Adware
  • Remote Administration Tools
  • Dialers
  • Password crackers
  • Jokes
  • Keyloggers
  • Other Potentially Unwanted Programs
In our example above, the ActivTrak software violates the following aspects of the PUP policy: 
  • The software must not employ hiding, cloaking, or stealth features.
  • The software must provide a runtime notice that the software is active (for example, login message, a system tray icon with controls, or an always-on-top notice window).
  • The software contains fake or misnamed installation paths, file names, registry keys, and so on, intended to mask the true nature or identity of the technology.

Solution

If you determine that the software is operating as intended, you can exclude the PUP detection by name, in the Unwanted Programs Policy.

For our example PUP, ActivTrak, you would exclude the following, to allow the software to be used in the environment:
  • ActivTrak
  • ActivTrak-GQD
  • ActiveTrak-GOV

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Spanish Spain
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.