Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

somename

macrumors newbie
Original poster
Aug 12, 2018
5
0
Please Note: I was not sure whether this question belongs to “windows, linux on mac” or here. Seeing as this is more of a troubleshooting I decided to post it here, but I wouldn’t mind if the mods decide to move it if necessary.


Hi there,


I have an active subscription for McAfee internet security on my 2014 MacBook Air (13”). Recently, on the 09/10 of August I updated the scan engine and ran a full system scan, as I usually do with my system. To my surprise it has told me that it has found a “problem” with the system and urged me to see it. It has put a file into quarantine (it was one single file, for those wondering). In McAfee’s notifications I have read that it has “found suspicious files: 1. Suspicious items were placed into quarantine”.


I of course was not sure whether the file was a virus, since McAfee has not said anywhere that it was. The file in question was also fitting for such a case: “wine-mono-4.5.6.msi” from the so popular service wine. For those who don't know: wine is essentially an emulator that allows you to run windows programs on a mac (and linux). I did not have the file directly from winehq.org (their site), but from an AppStore app (WinOnX 2), of which the free trial version was recently conveniently deleted from the store (paid version still visible). What I also noted from a quick google search is the fact that MacOs cannot open a .msi file directly.


As I was fairly sceptical of the file in question actually being a virus or malware I decided to call McAfee’s support. They told me that this case could indeed be a false positive (aka non-infected file) and that under “suspicious file” McAfee could classify viruses. Yet I also found out some other questions about emulators were asked by other clients.


Fairly confused, I have checked the web and have not found a similar case online. Yet in McAfee’s Knowledge Base I have read that their engine flags “viruses, spyware and uses heuristic scanning”. Heuristic scanning is basically McAfee seeing whether a file has too much power (can overwrite other files, replicate itself, is trying to hide itself) and flagging that. This lead me to believe that it could have indeed been a false positive, since wine (being an emulator) might have some kind of weird rights or requirements.


I can safely say that, to my knowledge ,I have not downloaded any files (that appear in the downloads folder) between the last scan and the one before. Since McAfee’s support was helpful, yet not assuring I decided to reach out to fellow geeks and or Mac users. Please tell me whether you had the same or a similar problem recently or whether you have any solution for this problem.


Thanks,

somename
 
Yeah, in my experience working over 18 years in enterprise computing environments, McAfee is almost universally despised, and your issue here is one of the reasons. I’d highly recommend Intego instead.
Just my opinion folks, please don’t flame me too harshly.... ;)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.