cancel
Showing results for 
Search instead for 
Did you mean: 

False Artemis!33AFE2F3942E

Jump to solution

Hi, Dear Sir

    We are Elex do Brasil Participa es Ltda,the file submitted is a product we produce and publish.  It is a online-downloader for Yac.

    However, they have encountered a false positive problem with McAfee Artemis recently. 

    The reported threat name is "Artemis!33AFE2F3942E" .

    Please do have a check immediately, and clear the false alarm,  I have attached the file in the attachment, the zip file's password is "infected", minus "".

    Thank you for your attention.

    Looking forward to your kindly reply.

    Best regards. 

Message was edited by: Peacekeeper on 27/05/14 3:36:12 PM
0 Kudos
1 Solution

Accepted Solutions

Re: False Artemis!33AFE2F3942E

Jump to solution

Hi, Dear Peacekeeper

I have found that the false postitve alarm just remove today, really appreciate  your patience and your great support!

Thank you!

Best regards!

0 Kudos
20 Replies
catdaddy
Level 20

Re: False Artemis!33AFE2F3942E

Jump to solution

There are method,s to submit possible infections to McAfee labs. Please refrain from posting "Possible Malicious" attachments, for the safety of others. One method to use, is  run the McAfee Getsusp Tool,which can be found below my Signature (Second Link)

Add your Email address under "Preferences",before scanning.

Posting Samples is against Forum policies...

Regards,

The other method to submit samples,can be found HERE

Message was edited by: catdaddy on 5/27/14 12:02:48 AM EDT
Cliff
McAfee Volunteer
0 Kudos
Peacekeeper
Level 20

Re: False Artemis!33AFE2F3942E

Jump to solution

As CD says try getsusp and submit the file with subject line False +ve and name of detection. Post analysis id number or work item number here when you get a reply and if no fix in 5 days post back and I will ping a tech.

0 Kudos

Re: False Artemis!33AFE2F3942E

Jump to solution

Hi, Dear Sir

Thank you for your kindly reply, I have downloaded "getsusp" and have upload the YAC downoader, and the result is "No suspicious files found", but I could not find the "analysis id number" or "work item number" anywhere in the getusp software, could you let me know where to find that number? or I just misunderstand the work flow?

I have add some screenshot regards to my operation in this post, since the policy is not allow the attachment, I do not sure if I can send a screenshot picture here, sorry for the trouble in advance.

Looking forward to your kindly reply!


upload.jpgresult.jpg

Message was edited by: Peacekeeper I deleted the Pic that showed your email address not a good idea to flash that. on 27/05/14 6:52:14 PM
0 Kudos
exbrit
Level 21

Re: False Artemis!33AFE2F3942E

Jump to solution

An Artemis designation means the labs already have to sample anyway.  FYI.

False Artemis findings should be disputed as follows:

If something is identified, maybe wrongly as "Artemis" then McAfee already knows about it.  Merely send an email to virus_research@mcafee.com with the Artemis detection name and the words "False Artemis!++++++++++++" (where ++++++++++++ is the 12-digit code given to it) as the subject line. (Minus the "").

0 Kudos

Re: False Artemis!33AFE2F3942E

Jump to solution

Hi, Dear Sir

Thank you for your kindly solution,

I have just sent  an emailresearch@mcafee.com  which subject is "False Artemis!33AFE2F3942E"  as your suggestion and also follow the other submiton rule,

could you also kindly let me know when I may get an answer from your lab?

Thank you for your kindly support!

0 Kudos
exbrit
Level 21

Re: False Artemis!33AFE2F3942E

Jump to solution

sunnyhongyang wrote:

Hi, Dear Sir

Thank you for your kindly solution,

I have just sent  an emailresearch@mcafee.com  which subject is "False Artemis!33AFE2F3942E"  as your suggestion and also follow the other submiton rule,

could you also kindly let me know when I may get an answer from your lab?

Thank you for your kindly support!

It's virus_research@mcafee.com  They should auto-acknowledge almost immediately but a manual response takes a few days,

Message was edited by: Ex_Brit on 27/05/14 5:59:11 EDT AM
0 Kudos

Re: False Artemis!33AFE2F3942E

Jump to solution

Hi, Dear Sir

Thank you for your kindly support,

I have resent an email to virus_research@mcafee.com, and I am waiting to the answer.

Thank you again for your support.

Best regards

0 Kudos
Peacekeeper
Level 20

Re: False Artemis!33AFE2F3942E

Jump to solution

You should have got an immediate reply if sent correctly ie passworded and zipped. If not retry maybe.

0 Kudos

Re: False Artemis!33AFE2F3942E

Jump to solution

Hi, Dear Peacekeeper

Thank you for your kindly support.

I have try to upload the YAC file(do not compress to zip files) by getsusp, and the result is “no suspicious files found”, and I have already typed my email in the preference, which I have sent the screenshot in my last post,

but currently I still did not get any email after this work flow.

And according to your guideline, "ie passworded and zipped" , I have made the YAC files into a ziped one and passward is "infected", to upload again, but then I get an error message "Invalid getSusp zip file for upload"

which is a little confuse me.

So, regards to getsusp, I have two questions.

1. What files statues that getsusp allow to upload?

I have successully uploaded "without" zipped status, but when I try to upload zip one, it pop up en error.

2. If I upload successfully, should I auto-reply an email?

I currenltly do not get any reply after upload.

I kindly ask you if you can show me an example or work step such as:

install getsusp -> add email in preference -> upload file with zip(password: infected) -> accept policy and start scan -> see the result -> get auto-reply from Macfee

If it would be great if you can show me the correct work flow, since I currently do not get any response by email from your side, so I am very worried whether my offer is accepted or not.

Please kindly share me some guidline about it.

Thank you for your great patience.

Regards.

0 Kudos