And a bonus question:
How can a file remain in the Artemis detection list and not make it into the production dats? All Artemis detections should be rolled up into the dats on a daily basis shouldn't they?
For example, a file that has been Artemis detected on a machine months ago, continually triggers on the artemis detection, and doesn't appear to ever make it into the dats.
McAfee Artemis Technology is the first always-on, real-time protection that secures enterprises and consumers from threats as they strike. It dramatically shortens the time to detection and resolution, keeping your systems safe and your business up and running.
Want to find out more?
For further analysis, It is best in this case to submit the file in question to <http://www.webimmune.net>
My understanding is that there is a hueristics process that looks at abstract qualities of the file. The combination of how suspicious the file looks and what sensitivity level is configured determines whether or not an Artemis query heppens.
My hunch, (based on your FILE.E example) is that seeing a file that is not named as an executable when it in fact is, would raise the suspicion for the file to a point where it sends a request. However, when extracted and properly renamed, it is no longer that suspicious.
Just my two cents.