cancel
Showing results for 
Search instead for 
Did you mean: 

Why the local scanning result is different from the report given by the Mcafee engine of Virus Total?

Recently, I downloaded a malware pack of 13 samples from Malware Tips.

After scanning with McAfee Antivirus Plus, 6 samples are missed.

However, I found that some missed samples are reported as malwares by the McAfee engine employed by Virus Total

Here is the screenshot of the virus total report for one of the samples, you can see that this sample is detected as malware by Artemis:

Lookup Result in Virustotal.png

And here is the link of the full report: https://www.virustotal.com/en/file/b9894606a6cd2b6732b4d7642f21961916042db7078602400575b3837900d805/...

The engine of my McAfee is successfully updated every day, and I have not changed any default settings.

So, I cannot understand that why the local scanning result is different from the virus total report.

By the way, I have submitted this sample via getsusp, but getsusp also says that "no suspicious file is found"...

I do not know that whether this forum allows to upload the malware sample, so I cannot upload it here.

4 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 5

Re: Why the local scanning result is different from the report given by the Mcafee engine of Virus Total?

Pending a more explanatory reply from a support person, if they are around, I can only hazard a guess that as that detection was labelled "Artemis" then it's new and as yet unclassified.  I say that because the McAfee engine gives any unknown detection the name Artemis.

Re: Why the local scanning result is different from the report given by the Mcafee engine of Virus Total?

Thanks for your reply.

The problem is that, since the consumer edition of McAfee can also access GTI and Artemis, the expected result here is that the local scanner also reports this sample as "Artemis!XXXXX", but it treats this sample as a safe file.

Re: Why the local scanning result is different from the report given by the Mcafee engine of Virus Total?

VirusTotal uses a different detection engine to the endpoint products - they are not equivalent.

Re: Why the local scanning result is different from the report given by the Mcafee engine of Virus Total?

Thanks for your reply.

Does VirusTotal use the engine of McAfee VSE (the enterprise edition)?