cancel
Showing results for 
Search instead for 
Did you mean: 
kwylidd
Level 7

False Artemis!4BE13898D043

Apparently this is a false positive. I wish to make sure of it and to request McAfee for stop auto deleting this file.

15 Replies
catdaddy
Level 20

Re: False Artemis!4BE13898D043

,

               Please try following these Guidelines/Instructions to resolve your issue:

All the Best,

-CD

Cliff
McAfee Volunteer
0 Kudos
exbrit
Level 21

Re: False Artemis!4BE13898D043


kwylidd wrote:



Apparently this is a false positive. I wish to make sure of it and to request McAfee for stop auto deleting this file.


Please never attach samples here.  Have removed.

Peter

Moderator

0 Kudos
kwylidd
Level 7

Re: False Artemis!4BE13898D043

The sample was zipped and encrypted with the "infected" password as instructred. I thought that was what I was meant to do

0 Kudos
catdaddy
Level 20

Re: False Artemis!4BE13898D043

That is the correct thing to do. Colleage Ex_Brit was just saying, until it gets Analyzed/Cleared by McAfee Labs, he removed the attatchment you inserted for the safety of others.

Regards,

-CD

Cliff
McAfee Volunteer
0 Kudos
exbrit
Level 21

Re: False Artemis!4BE13898D043


kwylidd wrote:



The sample was zipped and encrypted with the "infected" password as instructred. I thought that was what I was meant to do



Yes but you have to email it as per the instructions in that link.  There's nothing that we can do with it here.

0 Kudos
kwylidd
Level 7

Re: False Artemis!4BE13898D043

So I got this reply:


McAfee Labs - Beaverton 


Current Scan Engine Version:5800.7501 


Current DAT Version:8142.0000 


Thank you for your submission. 



Analysis ID: 9965681



File Name Findings Detection Type Extra


--------------------|------------------------------|----------------------------|------------|-----


cloudrop.exe |inconclusive | | |no 



inconclusive [cloudrop.exe] 



  Automated analysis was not able to determine that this file is malware. This file is 


being sent for further processing and the DAT files will potentially be updated if 


detection of this sample is warranted.


Does it mean I'll get the results of the further analysis or that's all I'll ever know about this file?

0 Kudos
exbrit
Level 21

Re: False Artemis!4BE13898D043

It means, hopefully, that one day soon, the file will magically be OK'd by the software...or not, but by the sounds of it I would say OK is more likely.

It's difficult to say.

They may email you saying it will be cleared in the next update and enclose an "Extra.DAT".   That means next day it should be OK, if not later that day.

Ignore the attached file they may send as that is meant for Enterprise/Business software consumption only.

0 Kudos
kwylidd
Level 7

Re: False Artemis!4BE13898D043

Oh thank you very much for the support. one last question: this file is automatically downloaded to %appdata% and McAfee instantly deletes it (quarantines it). What should I do to prevent this behaviour? If I go to the quarantine and select "restore" the file still gets quarantined when accessed. How to I manually "trust'" it then?

0 Kudos
exbrit
Level 21

Re: False Artemis!4BE13898D043

In the Consumer software you can only Trust a file that has been identified as a "PUP", or Possibly Unwanted Programme, so no you wont be able to do that unless that is the case.

It should tell you that information in the Quarantine folder - whether or not it's a PUP..

0 Kudos