McAfee identified Publisher as Malware

[CharlesMorris]

I did a McAfee Malware scan on my Windows laptop, and it identified publisher.exe as infected with malware and deleted the file. I did the scan after my Wi-Fi firewall reported a lot of blocked malware activity. Are there any know concerns about malware impacting the current version of Publisher?

[Ron P.]

Welcome to the forum @CharlesMorris,

If you purchased it from a reputable source, like Serif or MS Windows store, then no there's no malware.

JMHO, McAffee is a problem when it comes to falsely identifying software. I dumped McAffee back in early 2000.

[CharlesMorris]

I bought it direct from Serif a couple of days ago. I suspect this is a false positive from McAfee, but figured I should see if anyone else is seeing this.

[Ron P.]

If Affinity Publisher was comprised with malware, I think a lot more people would be experiencing this, and with a variety of anti-virus software. It seems that McAfee has been about the only one that's been flagging it.

@CharlesMorris,

• Did you have APub installed and running on your system prior to running the malware check?
• Did you install APub just prior to running the check?
• What caused you to run the malware check on your system?

You could try uninstalling APub, completely remove it from your system, including the downloaded install file. Then re-download it and see if McAfee still flags it. I'm going to say it will. Not that APub has malware, but just that's McAfee's nature.

One other thing you might try. Do you have another PC, that has a different anti-virus program? If so see if that AV program flags it as malware.

[CharlesMorris]

As I indicated, I ran the scan because my wifi firewall (not McAfee) was flagging malware. I installed publisher about a week ago. I am not asserting Publisher is infected, just reporting my experience and wondering if others are seeing similar (so far it appears not).

[walt.farrell]

It is of course also possible that you installed something else that's infected, and it in turn has infected other programs on your system.

[Ron P.]

2 hours ago, walt.farrell said:

It is of course also possible that you installed something else that's infected, and it in turn has infected other programs on your system.

That's not even a nice situation. Trying to chase that down can be a nightmare, which would lead one to just completely reformatting a drive... 😲

[thomaso]

12 hours ago, CharlesMorris said:

As I indicated, I ran the scan because my wifi firewall (not McAfee) was flagging malware.

In this case, it seems sensible to report such an experience or idea only together with an upload of the report or with verbose screenshots at least to allow a serious investigation of a possible infection. Also, a proper report would include installed software + version numbers.

Without clear information, it seems more like a panic cry that only blames Serif or Affinity, regardless of whether intentionally or unintentionally.

[IanSG]

27 minutes ago, Ron P. said:

That's not even a nice situation. Trying to chase that down can be a nightmare, which would lead one to just completely reformatting a drive... 😲

Maybe try to establish whether McAfee is reporting a false positive by running a 2nd AV program (but not simultaneously).

[carl123]

15 hours ago, CharlesMorris said:

and it identified publisher.exe as infected with malware and deleted the file

Did it delete it or quarantine it?

If quarantined you can always get it back for further analysis

[emmrecs01]

I have previously heard McAfee AV described as a virus!

Speaking personally, I wouldn't touch it with a bargepole.  When I had to buy a new laptop about 18 months ago, almost the first thing I did to it was to use McAfee's own software removal tool to completely remove ALL traces of it!

Jeff

[PaulEC]

8 minutes ago, emmrecs01 said:

I have previously heard McAfee AV described as a virus!

Speaking personally, I wouldn't touch it with a bargepole.  When I had to buy a new laptop about 18 months ago, almost the first thing I did to it was to use McAfee's own software removal tool to completely remove ALL traces of it!

Totally agree! I also had a laptop with it preinstalled a few years ago. It was forever giving false positives and deleting things I knew were OK. It was also a nightmare getting rid of it completely.

[Ali]

Just in the interest of balance, I have used McAfee for years and never had any issues with stuff getting through. I don't get worked up about the occasional (maybe once a year?) false positive: better that way than not at all. As far as I am concerned, it does what it's meant to do and does it very well.

[PaulEC]

In all fairness, I think it comes down to what you are used to. I use Norton, have done for years, and don't have (many) problems with it, There again, I know some people who wouldn't touch it with a bargepole! 😉

[thomaso]

Quote

"In all fairness, I think it comes down to what you are used to."

Confucius' Fortune Cookie?

Unfortune Cookie: I couldn't believe at first that this text is really published by McAfee ... It seems to make us believe to know bulletproof with an extra portion intensity that they know that you know that they never know for sure ... In all fairness, 50 pages "Risk Factors" ;•) … https://ir.mcafee.com/node/6386/html

[thomaso]

2 minutes ago, LondonSquirrel said:

Why can't you believe it? It seems like a very truthful explanation about the realities of their software (and software in general). 

I can but I did not expect it because of my scepticism. I would expect a shorter, less intense, less obvious, less flashing text, 1-2 sentences only, as e.g. …

"In very few cases it can happen that our software does not work as expected.
Use at your own risk, the McAfee company, the author and the contributors cannot be held liable
for corrupted files, loss of data, loss of work or any other issue that could arise by using our software."

Possibly my expectation is also influenced by not being familiar with US law, which is quite different to German in certain aspects.

[Ron P.]

Those are commonly referred to as Hold Harmless clauses. I think they're intentionally written by the lawyers to be confusing. I mean would you use a product that came outright and said, using our product may mess up your system, but we can't be liable for it. I used to have examples of some popular photo hosting websites' Hold Harmless clauses. In the writings, they would claim, they may do something like provide them to, or share them, and such action might cause harm to you. If it does, then we can not be liable for doing so.

[Old Bruce]

I recall a little utility that had as its EULA a short list of escalating misfortunes growing into mass destruction and multiple deaths. The author took no responsibility but did guarantee that all of the bad things would happen. In the final sentence he pointed out that these things would happen even if all you did was was think about looking at the sealed envelope with the disk in it.

It was a play on the then standard practice of stating that by breaking the seal you have agreed to all of the terms and conditions that are inside the envelope.

[thomaso]

8 minutes ago, Ron P. said:

I mean would you use a product that came outright and said, using our product may mess up your system, but we can't be liable for it.

Don't they literally express possible danger not only once but repeatedly in their text, again and again ? This is what feels odd to me. I am used if they want to confuse they use capital letters only, just to avoid users reading them. So they also confused me by not using capitals

[v_kyr]

Well there is probably an easy way to find out, use the online tool VirusTotal, the service checks the file with over 70 different scan engines and provides you with an overall results balance. It allows to upload a max file size of ~650 MB. -- An APub Win update exe has about 553,55 MB.

[CharlesMorris]

I was not familiar with VirusTotal -- a very helpful suggestion. I submitted both the installation file and the installed Publisher.exe (which McAfee had flagged) and both check out clean.

[v_kyr]

22 minutes ago, CharlesMorris said:

I was not familiar with VirusTotal --

Another such quite good service is "Jotti's malware scan", which also checks agains several antivirus scan engines, though this one has a 250MB limit per file.