cancel
Showing results for 
Search instead for 
Did you mean: 
kcooke
Level 7

False Artemis!8F67726F377C

Jump to solution

To whom can assist in removing this false positive….

I submitted the below text 5 business days through the process outlined...

"The .MSI install file for the Liquidware Labs Stratusphere Connector ID Key (a Windows-based agent) is used for both in both desktop PC assessment as well as desktop monitoring in our customer’s enterprise computing environments. We have recently learned that we are being falsely caught by the McAfee Artemis detection as an Artmis!8F67726F377C Trojan. Can you please advise us how to have this whitelisted?

Regards,"

Further, I've attached and password protected our MSI file, however it continues to be bounced with the message below...  Can someone please let me know how to get this addressed.  It is causing challenges with the customers of our product.  Thank you.


McAfee Labs - Beaverton

Current Scan Engine Version:5700.7163

Current DAT Version:7784.0000

Thank you for your submission.

Analysis ID: 9395077

File Name Findings Detection Type         Extra

--------------------|------------------------------|----------------------------|------------|-----

image001.jpg |no password |                            |            |no 

no password [image001.jpg]

   A file you submitted did not arrive in a password-protected ZIP file. Please see     

http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx for         

instructionson how to submit a sample to McAfee Labs.                                

0 Kudos
1 Solution

Accepted Solutions
dmeier
Level 13

Re: False Artemis!8F67726F377C

Jump to solution

Hello, looks like the version that actually has the false detection is 5.5.0.1, while you have submitted version 5.7.2.  However, we already had the other installer in our possession, and I've whitelisted it for you.

13 Replies
exbrit
Level 21

Re: False Artemis!8F67726F377C

Jump to solution

Moved this to Artemis Discussion for faster support.

There's some reading on the subject here, mainly for consumers but it may help: 

Please don't attach samples here, it's against forum rules.

0 Kudos
sol
Level 9

Re: False Artemis!8F67726F377C

Jump to solution

You need to submit the sample in a passsword protected zip file  both the password and the zip file must be the word "infected"

0 Kudos
kcooke
Level 7

Re: False Artemis!8F67726F377C

Jump to solution

I have submitted a file, password protected as noted...  As noted in my original post...  The automated sstems seems to kick-bacck mu message (even with the file zipped and locked with the password "infected." I'm hoping there is a live person at McAfee that I might interact with as this is going over a week with no response.

0 Kudos
sol
Level 9

Re: False Artemis!8F67726F377C

Jump to solution

That is very very odd....  I prefer the email route   use this address and a password protected ZIP file. Try to open the zip file to see that it asks for a password before you send it. Maybe it isn't encrypting correctly.

Virus_Research@avertlabs.com   in the subject line enter the Artemis False Positive and provide some detail in the email

0 Kudos
kcooke
Level 7

Re: False Artemis!8F67726F377C

Jump to solution

Email sent with ZIP attached

0 Kudos
kcooke
Level 7

Re: False Artemis!8F67726F377C

Jump to solution

Just received the following:

###

McAfee Labs - Beaverton

Current Scan Engine Version:5700.7163

Current DAT Version:7787.0000

Thank you for your submission.

Analysis ID: 9399481

File Name Findings Detection Type         Extra

--------------------|------------------------------|----------------------------|------------|-----

install-connectorid-|inconclusive                  |                            |            |no  

inconclusive [install-connectorid-key-5_7_2-winstandard.msi]                                      

Automated analysis was not able to determine that this file is malware. This file is  

being sent for further processing and the DAT files will potentially be updated if    

detection of this sample is warranted.                                                

0 Kudos
sol
Level 9

Re: False Artemis!8F67726F377C

Jump to solution

That is a good start... that is what you should get

You may not hear back from them again. When it comes to whitelisting the false positives... it just seems to happen and things work again. I never seem to get a notice back from them but I am able to carry on like nothing ever happened

0 Kudos
kcooke
Level 7

Re: False Artemis!8F67726F377C

Jump to solution

I would really LOVE to get some type of formal response as this affects many, many of my customers....  Is there any mechanism ny which I can obtain some formal feedback?

0 Kudos
catdaddy
Level 20

Re: False Artemis!8F67726F377C

Jump to solution

,

               Actually when you immediately receive a confirmation with a Analysis ID #,is a formal response. It indeed indicates that your submission was successful. Please know that I am contacting someone on your behalf at McAfee Labs, and hopefully expedite your submission.

Thank you for your patience.

Catdaddy

McAfee Community Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos