Showing results for 
Search instead for 
Did you mean: 
Level 7


I have been using the program DVD95Copy since 2006 with no problems from Mcafee this whole time until this weekend. I downloaded a routine periodic update to the program and for the first time McAfee keeps popping up saying that a file has been quarantined automatically. I have consulted online with experts on the program who have told me that the file is not a threat and their advice was to "whitelist" it (which McAfee will not allow me to do) or to add it to the trusted file list (which McAfee will also not let me do.) If I go to the quarantine list and select the quarantined file and attempt to restore the file, it will restore the file but then about 5-10 minutes later, I get another pop-up saying that McAfee has once again quarantined it whether I used the program or not. (I would imagine maybe real-time scanning is doing this?) This file is a vital part of the program and it will not work with this file absent from its proper location in the folder. This is very annoying. The file either needs to be re-classified as a non-threat, or I need to be able to add it as a trusted file so this wrongful quarantine stops, but McAfee will not allow me to. Please help.

P.S. - Just so we can save time, I have already also sent this as a false positive to the virus_research email address as recommended here:

I also posted this here as the other recommendation the page gives.

False Artemis screen.jpg

on 3/17/14 1:13:22 AM CDT
0 Kudos
7 Replies
Level 20

Re: Artemis!AEAAD6418270

Ok did the submit work ie did you get an immediate reply back with an analysis id included if not you submitted it incorrectly.

If yes can you post the id number here and if you do not have a fix in 4 days post here and I will ping a lab tech to fix/investigate it.

I assume you replied to teh reply as Peter suggested with false +ve in the subject?

Message was edited by: Peacekeeper on 17/03/14 4:47:24 PM
0 Kudos
Level 7

Re: Artemis!AEAAD6418270

Thank you for the quick reply!

I received a delivery receipt but not a reply.

If I did it wrong, what should've been in the subject line and what (if anything) should've been in the body of the email??

0 Kudos
Level 20

Re: Artemis!AEAAD6418270

You first submit the file zipped up with password infected.

That gets you a reply an automatic hey we found xyz and sending it off to be checked with this is an analysis id that I need.

You then reply to that email you got changing teh subject to False+ve and name of detection and say whay you feel it is a false detection. To this email you will not get any reply usually ill they sort it out.

0 Kudos
Level 7

Re: Artemis!AEAAD6418270

I just sent another email with the file in question attached in a zip file. (I did not create a password for it, is this required for some reason?)

It has been about 15 minutes and I have once again received a delivery receipt but no reply.

I know that 15 minutes is not  a long time but you are saying I should've received some kind of immediate reply, which I haven't.

What am I doing wrong??

For the initial first email, please tell me:

1. What EXACTLY should I put in the subject line?

2. What EXACTLY should be attached?

3. What EXACTLY should be in the body of the email? (If anything)

I am assuming that is the correct email address since I'm getting an almost immediate delivery receipt.

Thanks again for all your help. My frustration is all with McAfee, not you. They make this harder than it has to be, it seems.

0 Kudos
Level 20

Re: Artemis!AEAAD6418270

No you must do it as this faq says in the link in your original post

See....How to Submit a file to the Labs for analysis:

Zip the file up after disabling Real time protection and password protect it with infected as teh password no other email will be opened by them.

I prefer waiting for the reply then sending the fasle detection in the subject email that works  the other way will as well but I prefer suggesting adding false only to the reply email.

0 Kudos
Level 7

Re: Artemis!AEAAD6418270

I used GetSusp to send the file to them, I got this reply back in my email just now:

Is this what you were asking for?

Thanks again for your guidance.


From: []
Sent: Monday, March 17, 2014 12:14 PM

Subject: 8035144 - gsusp_04CA760097C7_031714_115841 False Artemis!AEAAD6418270

McAfee Labs - Beaverton                                                               

Current Scan Engine Version:5600.1067                                                 

Current DAT Version:7379.0000                                                         

Thank you for your submission.                                                        

Analysis ID: 8035144

File Name            Findings                       Detection                    Type         Extra


files.xml           |inconclusive                  |                            |            |no  

files.xsl           |inconclusive                  |                            |            |no  

getsusp.log         |inconclusive                  |                            |            |no  

getsusp.xml         |inconclusive                  |                            |            |no  

getsusp.xsl         |inconclusive                  |                            |            |no  

mcafee-product.txt  |inconclusive                  |                            |            |no  

network.xml         |inconclusive                  |                            |            |no  

network.xsl         |inconclusive                  |                            |            |no  

upddl.ex_           |inconclusive                  |                            |            |no  

inconclusive [files.xml files.xsl getsusp.log getsusp.xml getsusp.xsl mcafee-product.txt          

network.xml network.xsl upddl.ex_]                                                    

   Automated analysis was not able to determine that this file is malware. This file is  

being sent for further processing and the DAT files will potentially be updated if    

detection of this sample is warranted.                                                

Note –                                                                                

Due to the prevalence of network gateway AV products, it is important that all        

submissions be zipped and the zip file password-protected (password - infected). Some 

products will reject an email that contains a virus that is not sent in this way. In  

addition, often we receive a file that appears not to have been infected, to find     

later that the file was infected when it left the sender, and was cleaned somewhere   

along the line.                                                                       


McAfee Labs                                                                           

0 Kudos
Level 20

Re: Artemis!AEAAD6418270

Yes if no fix in 4 days post back and I will expediate it

0 Kudos