cancel
Showing results for 
Search instead for 
Did you mean: 
klukacs
Level 7

Artemis! detected threat detailed info

Jump to solution

How to get more info about Artemis! detections (e.g characteristic)

Thanks

0 Kudos
1 Solution

Accepted Solutions
rmetzger
Level 14

Re: Artemis! detected threat detailed info

Jump to solution

Hi klukacs,

Welcome to the forums.

klukacs wrote:

How to get more info about Artemis! detections (e.g characteristic)

The short answer: There are no publicly available 'characteristics' yet.

The Long answer:

Artemis!, or more formerly Global Threat Intelligence (GTI) File Reputation, detections are based on unknown 'threat behavior' where characteristics are not yet well known. So no information is available yet.

GTI File Reputation Best Practices Guide for McAfee VirusScan® Enterprise Software wrote:

see https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24043/en_US/...

With traditional protection, malware is discovered, verified by a security vendor, made available and ultimately deployed. This

process can take place over several hours (or even longer), creating a protection gap.

...

Rather than rely solely on signature-based detection of malware where the time from discovery to protection could be hours or

even longer, McAfee GTI File Reputation service provides near real-time protection by providing reputation scores for files as they

are accessed or when a system is scanned, compressing the protection gap.

The GTI detections are done in the cloud by McAfee. When enough info is available, a real threat is then given a formal name, added to the signature databases, and removed from GTI detections as the signature databases are distributed to end-nodes. (Detections determined to be 'Non-threats' are simply removed from Artemis!)

Until a threat has been analyzed and given a name, it's only characteristic is an Artemis!1234567890AB (12 digit hex number) based on heuristic behaviors.

Hope that helps.

Ron Metzger

Message was edited by: rmetzger (clarification) on 3/19/14 5:42:38 AM EDT

Message was edited by: rmetzger (spelling) on 3/19/14 5:46:56 AM EDT

on 3/19/14 5:52:50 AM EDT

on 3/19/14 5:55:08 AM EDT
0 Kudos
5 Replies
rmetzger
Level 14

Re: Artemis! detected threat detailed info

Jump to solution

Hi klukacs,

Welcome to the forums.

klukacs wrote:

How to get more info about Artemis! detections (e.g characteristic)

The short answer: There are no publicly available 'characteristics' yet.

The Long answer:

Artemis!, or more formerly Global Threat Intelligence (GTI) File Reputation, detections are based on unknown 'threat behavior' where characteristics are not yet well known. So no information is available yet.

GTI File Reputation Best Practices Guide for McAfee VirusScan® Enterprise Software wrote:

see https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24043/en_US/...

With traditional protection, malware is discovered, verified by a security vendor, made available and ultimately deployed. This

process can take place over several hours (or even longer), creating a protection gap.

...

Rather than rely solely on signature-based detection of malware where the time from discovery to protection could be hours or

even longer, McAfee GTI File Reputation service provides near real-time protection by providing reputation scores for files as they

are accessed or when a system is scanned, compressing the protection gap.

The GTI detections are done in the cloud by McAfee. When enough info is available, a real threat is then given a formal name, added to the signature databases, and removed from GTI detections as the signature databases are distributed to end-nodes. (Detections determined to be 'Non-threats' are simply removed from Artemis!)

Until a threat has been analyzed and given a name, it's only characteristic is an Artemis!1234567890AB (12 digit hex number) based on heuristic behaviors.

Hope that helps.

Ron Metzger

Message was edited by: rmetzger (clarification) on 3/19/14 5:42:38 AM EDT

Message was edited by: rmetzger (spelling) on 3/19/14 5:46:56 AM EDT

on 3/19/14 5:52:50 AM EDT

on 3/19/14 5:55:08 AM EDT
0 Kudos
klukacs
Level 7

Re: Artemis! detected threat detailed info

Jump to solution

Hi metzger,

Thanks for that!

Krisztián Lukács

0 Kudos
rmetzger
Level 14

Re: Artemis! detected threat detailed info

Jump to solution

Your welcome. Do you have a specific problem or detection?

Ron Metzger

0 Kudos
klukacs
Level 7

Re: Artemis! detected threat detailed info

Jump to solution

No specific problem.. . just wanted to know "who" I'm facing

..When Artemis detections researched and categorized (name given, etc...), do they put a reference for the artemis!code, the researched  threat derived from?

Thx,

Krisztián Lukács

0 Kudos
rmetzger
Level 14

Re: Artemis! detected threat detailed info

Jump to solution

Not to my knowledge. The naming sequence for Artemis! numbers is simply the MD5 hash of that file. Make's it almost impossible to replicate. However, it says nothing about the actual file in question.

If I wanted to know more about that threat, I would submit that file to VirusTotal.com and see what the 45 to 50 scan engines there say about that file. (Each company seems to like to give each threat their own name, so you have to go to each company's site to get details.)

Thanks,

Ron Metzger

0 Kudos