cancel
Showing results for 
Search instead for 
Did you mean: 
njbenson
Level 7

False Artemis!813E4FF9B8D5

One plugin from some software we have used for years provided by a trusted developer.  This is being quarantined after a recent upgrade.  Please help!

0 Kudos
15 Replies
exbrit
Level 21

Re: False Artemis!813E4FF9B8D5

See if this helps: 

0 Kudos
njbenson
Level 7

Re: False Artemis!813E4FF9B8D5

Thanks Ex Brit.  I have already done that but the frustrating reply from avertlabs.com is below.  Obviously the solution I need is to get this listed as a trusted programme.  I've replied to that effect but I am not hopeful.  Any other suggestions?  PS.  I am not a techie, just a small business owner with 9 other staff who also have this problem and i need to sort it out for all of us.

 

McAfee Labs Sample Analysis

Thank you for submitting your suspicious file(s). We have determined that the following files are detected with our current DAT files.

Reference  : (Escalation) 9415940

---------------------------------

        

+---------------------------+----------------------------------+------------------+----------------------+-----------------+

| File Name                 | MD5                              | Findings         | Detection            | Type            |

+---------------------------+----------------------------------+------------------+----------------------+-----------------+

        | image001.gif              | 373b9569212a964df9ba43024ca5eaf5 | clean            |                      | clean           |

+---------------------------+----------------------------------+------------------+----------------------+-----------------+

       

        

Solution:

To ensure that you have the maximum capability of detecting and cleaning this malware, please make sure you have the latest McAfee scanning engine.

0 Kudos
exbrit
Level 21

Re: False Artemis!813E4FF9B8D5

Have the owner of the software contact the labs using this form:  Detection Dispute Submission | McAfee Labs

Also if you are using Enterprise software you could open a case through the Portal.

0 Kudos
njbenson
Level 7

Re: False Artemis!813E4FF9B8D5

ExBrit, you obviously know what you are talking about; I don't!  But I have now reached the stage where avertlabs aren't responding to my emails.  They sent me the email below with a .dat file.  But I don't have the folder "Engine".  I think it might have to be copied into C/Program Files/McAfee/MPF/data but when I try that it says access denied.  Any ideas?  Will this .dat file prevent McAfee from quarantining the file I need?

Thank you for submitting your suspicious file(s) for analysis. Attached is an EXTRA.DAT file for extra detection.

This update will be added to our daily production DATs as soon as possible. Usually this will be within the next 48 hours but may be longer in certain circumstances.

Solution:

The attached EXTRA.DAT file will detect the following submitted files:

Filename MD5 digest

-------- ----------

  1. sos.connect.4.17....813e4ff9b8d57b4c5af546ccbc3de6c0                                

The EXTRA.DAT file should be copied into the directory where the other DAT files reside (the default folder is: C:\Program Files\Common Files\McAfee\Engine).

0 Kudos
Peacekeeper
Level 20

Re: False Artemis!813E4FF9B8D5

Is this consumer version or enterprise version? Sounds as if they assume you have enterprise it uses dats consumer does not though not sure re extra dats

0 Kudos
njbenson
Level 7

Re: False Artemis!813E4FF9B8D5

It's the consumer version Peacekeeper.  The developers have also submitted information to McAfee but had no response.  I really am struggling here.  I don't understand why McAfee doesn't just let me mark the file as trusted....

0 Kudos
Peacekeeper
Level 20

Re: False Artemis!813E4FF9B8D5

Only if it detected as a PUP ie potentially Unwanted Program does it offer that option as to many users would click trust when it is really not a good idea to do so for other than PUPs.. The extra dat is as far as I remember corporate version only but it will be incorporated in a new dat/engine release soon.

See what Peter adds.Develops should use the link Peter gave in post 3

0 Kudos
njbenson
Level 7

Re: False Artemis!813E4FF9B8D5

Thanks again Peacekeeper.  Trouble is, 11 days ago they told me it would be added to their daily production DATs as soon as possible. Usually this will be within the next 48 hours but may be longer in certain circumstances.  And this morning when I tried again, the file is still being quarantined.  Any idea how frequently they really do release these things?

0 Kudos
exbrit
Level 21

Re: False Artemis!813E4FF9B8D5

Submit again then, the only possible way to a solution.

Edit: ignore, we my last response on page 2.

0 Kudos