3 Replies Latest reply on Feb 17, 2011 1:59 PM by vinoo

    Artemis False Positive - Artemis!851D3A4AA8A5

      Name of detection:  Artemis!851D3A4AA8A5

      Mcafee version:   5.400.0.1158

      Software location (URL):  http://www.connecta2000.com/descarga/InstalaConnecta.exe            

      MD5 hash of file:  851d3a4aa8a583b6f97d02a236a0ceab


      This is a online installer. It launch the Windows Installer Package (MSI) downloading this file: http://idd0084x.en.eresmas.net/descarga/Connecta.2000.v7.50.3.msi

      Both files are digitally signed ensuring that they have not been altered.




        • 1. Re: Artemis False Positive - Artemis!851D3A4AA8A5

          I sent the sample to McAfee Labs but have not yet received a reply:



          6446087 - *FALSE POSITIVE*  InstalaConnecta.exe


          McAfee Labs - Beaverton                                                              

          Current Scan Engine Version:5400.1158                                                

          Current DAT Version:6211.0000                                                        

          Thank you for your submission.                                                       


          Analysis ID: 6446087


          File Name           Findings                      Detection                   Type         Extra

          --------------------|------------------------------|---------------------------- |------------|-----

          instalaconnecta.exe |inconclusive                  |                            |            |no  


          inconclusive [instalaconnecta.exe]                                                                


             Upon analysis the file submitted does not appear to contain one of the 200,000 known  

          threats in the AutoImmune database. The file may contain a new threat, or no code     

          capable of being infected. Your submission is being forwarded to an McAfee Labs       

          Researcher for further analysis. You will be contacted by McAfee through e-mail with  

          the results of that analysis.                                                         





          Today is still a false positive:   (all are negative except McAfee antivirus)

          http://www.virustotal.com/file-scan/report.html?id=8b635997bf634f9347f498b2b4e38 0c3301587db0287c63256b18ae0c850229f-1296497255


          Is there any solution?





          El mensaje fue editado por: jogal on 31/01/11 12:39:36 CST
          • 2. Re: Artemis False Positive - Artemis!851D3A4AA8A5

            What else should I do to add it to the whitelist?


            I'm having trouble with a bad reputation in the domain connecta2000.com because of his "Artemis" and not even get any answer... is frustrating



            • 3. Re: Artemis False Positive - Artemis!851D3A4AA8A5

              Apologies for the delay. The file has been whitelisted - give it ~25 mins for the Artemis detection to go away.