D+ Blocking McAfee SiteAdvisor Update

Using V 3.8.65951.477
Twice in the last week D+ has logged that it has blocked a Create Process request initiated by
C:\Program Files\McAfee\SiteAdvisor\Download\SacSetup.exe The target is
C:\Windows\Temp\SiteAdvisor\saInst.exe

After the fact, I can find neither SacSetup.exe nor saInst.exe. I’m guessing that some McAfee component is downloading SacSetup and when it fails to create saInst that SacSetup is deleted too.

I have not seen the blocked Create Process happen so I guess it has happened at some random time when I was not using the machine.

“McAfee, Inc” is listed as a trusted vendor. Maybe SacSetup does not have a matching certificate?

I do use McAfee SiteAdvisor via Firefox. I’m not especially unhappy that D+ is blocking the update (sneaky McAfee updates make me unhappy) but I’m still interested in knowing why it is being blocked.

Is there other info I could gather to help figure it out?

Thanks,
Larry

I don’t have the answer to your question, but thought I’d mention that Site Advisor is likely not worth using.

I read a few articles recently that their site data can be as much as a full year out of date! Not very comforting if you are basing a sites ‘safety’ on what McAfee has to say about it.

Any suggestions for a similar app that can keep its database (more) up to date?
I need it to work in Firefox.
In the meantime I figure SiteAdvisor is better than nothing.
–Larry

Have you looked at Web Of Trust? A plus with this system over SiteAdvisor is that the user community can also add their input on sites. Instead of a single entity giving a bad/good rating, you have thousands of actual users as well.

If you want to read about the SiteAdvisor delay, here are a couple articles.
SiteAdvisor ratings may be 1 year out-of-date.

And this article is after McAfee responded and made public their testing methodology.
McAfee reveals SiteAdvisor’s retesting policy.

It’s interesting to note that even if a site is given a bad rating by mistake, the site will be on probation for a length of time depending on what the severity of the bad rating was. (Meaning, another scan won’t be made until the probationary period expires) 60-270 days for email considered spammy and 30-365 days for a web exploit. This probationary period even applies to those sites that pay $895 a year for McAfee to scan their sites daily. So even if you’re paying them almost $900 a year and they make a mistake on your site, you’re ■■■■■■■ for anywhere from a month to a year! :o

But the big problem is those sites that get a good rating and then change their site to a malicious nature. McAfee will show a site as being trusted even if it is serving malware! It can be several months before they bother to scan the site again. The second article mentions a web site owner pointing out that SiteAdvisor shows several green links in association with his site, but those links haven’t been on his site for over six months…

Like I mentioned in my first post, SiteAdvisor doesn’t sound like anything I could rely on to keep my computer safe.

I use finjan secure browsing not rating based prog more a site scanner I think

I also use Finjan. Hasn’t given me any issues with my firewall.

I got rid of McAfee SiteAdvisor and now have WOT. Seems to be working fine.
I took a quick look at Finjan. I agree that it looks like something that examines the site in real-time. I’ll take a better look at it in the next few days. I don’t think I know how to tell if a real-time look is any better than what WOT does.
Thanks for the input…
–Larry

You could also try callingid sort of phishing protector