cancel
Showing results for 
Search instead for 
Did you mean: 
mdarcy
Level 7

False Artemis!73B5F9A75280

Jump to solution

This is a file that has been part of our software for roughly 4 years now, buy Mcaffee has started detecting it as a virus. it is exactly the same file as was part of our software released 4 years ago.

0 Kudos
1 Solution

Accepted Solutions
dmeier
Level 13

Re: False Artemis!73B5F9A75280

Jump to solution

I've been able to whitelist the file. Yes, it will be whitelisted from both detection's.

- David

10 Replies
Peacekeeper
Level 20

Re: False Artemis!73B5F9A75280

Jump to solution

To help resolve your issue, please follow these Guidelines/Instructions What To Do When McAfee Detects Legitimate Software As An Infection - How to Submit To McAfee Labs & ...

You will get an immediate reply with an analysis ID number post this here and if no fix in 3-4 days post back and I will escalate the detection.

0 Kudos
mdarcy
Level 7

Re: False Artemis!73B5F9A75280

Jump to solution

Unfortunately g-mail blocks sending zipped exes even if they are password protected, already tried that one so i moved onto the next options which  on that page it says to come here and post...."Also post  in the Artemis forum with the Artemis number as the header and put an explanation in the body of the post. " so i did that, the next option was to use the getsusp application, which I'm not exactly sure what that did as it just told me it was a virus, but then emailed me with the following which seems to say it is not a virus.

  

        +--------------+----------------------------------+--------------+-----------+----------------+

| File Name    | MD5                              | Findings     | Detection | Type           |

+--------------+----------------------------------+--------------+-----------+----------------+

        | instmenu.ex_ | 73b5f9a752800aa2e8f238e2153ea565 | not_detected |           | assumed_dirty4 |

+--------------+----------------------------------+--------------+-----------+----------------+

It seems Mcaffee has a terrible process of reporting false positives compared to most AV vendors which just have a simple online submissions form.

0 Kudos
Peacekeeper
Level 20

Re: False Artemis!73B5F9A75280

Jump to solution

The submission zipped file works well unless your email client has issues. Seems getsusp has reported it I assume you added your email address to the preferences and you got a reference number or work Item id number?

If no action in 3 days post and I will escalate the detection.Usually the submission process works fine depends on tech's work load i suppose.

There is another way of posting the zipped file in a dropbox and I grab it and submit on your behalf it referencing this thread. Works well for large files.

0 Kudos
mdarcy
Level 7

Re: False Artemis!73B5F9A75280

Jump to solution

Hi, here is the info from the getsusp email

Submission through GetSusp (Reference WorkItemID: 2072762)


We really need this done ASAP as we have customers hassling us about it and waiting 2 more days just to have it escalated it isn't really a great option, most of the other AV companies reporting this as a virus have already updated their definitions, the only ones that haven't are the ones that don't have an online form.

One thing I am curious about will both the below engines be updated once it is confirmed as a false positive?

McAfee
McAfee-GW-Edition
0 Kudos
Peacekeeper
Level 20

Re: False Artemis!73B5F9A75280

Jump to solution

Yes all detections I understand.

So now I am contacting escalation bod then it depends on his workload re response but should not be long

mdarcy
Level 7

Re: False Artemis!73B5F9A75280

Jump to solution

Thanks for your help!

0 Kudos
dmeier
Level 13

Re: False Artemis!73B5F9A75280

Jump to solution

I've been able to whitelist the file. Yes, it will be whitelisted from both detection's.

- David

Peacekeeper
Level 20

Re: False Artemis!73B5F9A75280

Jump to solution

Thanks David mdarcy can you please confirm issue fixed in a couple hrs please

0 Kudos
mdarcy
Level 7

Re: False Artemis!73B5F9A75280

Jump to solution

thanks guys, looks like it is all good now!

0 Kudos