cancel
Showing results for 
Search instead for 
Did you mean: 
roybarda
Level 7

False Artemis!ADF72A53FE56

Check Point Document Security (cpds.exe ) is being detected Artemis!ADF72A53FE56, obviously it's a false positive.

Expecting your efficinet support to fix this one asap, thanks.

Roy.

0 Kudos
6 Replies
catdaddy
Level 20

Re: False Artemis!ADF72A53FE56

Actually cpds.exe is not required to run on Windows XP/7/8.1. I have not ran it through the various submission sites, however there is an article from Bleeping Computer on it HERE

If you feel that it is a false detection, you can follow the Guidelines/Instructions below my Signature (Last Link)

Upon submittal you should receive a confirmation email that it is being analyzed. Allow the appropiate time for the process (4-5) days.

If not resolved by then,Kindly post back the Analysis ID #, and we can quite possibly expedite the process.

All the very best,

Regards,

Cliff
McAfee Volunteer
0 Kudos
roybarda
Level 7

Re: False Artemis!ADF72A53FE56

Dear Sir,

cpds.exe is an installation of an official IT product signed using a valid software signature certificate provided to software publishers:

cpds signature.png

1. We did try to follow the instructions, and didn't get any confirmation email. Could you, please, re-verify (as you can see, your signature has been removed by the forum).

2. What was the reason the software was identified as malicious in the first place? Article in Bleeping Computer forum? But again, the software is signed by a valid publisher ceritificate - why would a forum article be enough of a reason to declare it as malicious?

3. BTW, the article behind the link you have provided was removed from Bleeping Computer.

I am asking the above questions, since, this false identification is damaging the product reputation and preventing valid users from using it. I would like to understand how this happened and how to avoid this in the future.

0 Kudos
catdaddy
Level 20

Re: False Artemis!ADF72A53FE56

Hi roybarda,

           Thank you for your response/Questions. I can appreciate your thoughts and comments. As for the article being removed from Bleeping Computer, it has not. You could have typed in the Search field (cpds.exe) and it would have taken you HERE

             As for why it gets detected as a Suspicious file is why I recommended you submitting the file to Avert Labs/McAfee. For sometimes the cpds.exe File/program masqurades as the valid file/program. Please follow the Guidelines/Instructions as I suggested before. Especially the instructions regarding (Restoring the File) and zipping it to send to Avert.

              Please make certain that you (Re-enable) RTS afterwards. As for why my Signature not being visible,our Forum is undergoing maintenance and could possibly be the case. It should appear visible now.

               In addition, in Version (13.6) file exclusion has been re-introduced. Please only utilize this,if you are absolutely certain the file is safe. Hence, is the reason I suggested submitting to McAfee to make sure. It is quite possible after analysis it could be Whitelisted.

               Upon successful submittal, you should receive a confirmation that it is under Analysis associated with an Analysis ID #. Please allow the appropiate time to be processed (4-5) buisness days. If not resolved by then,please post back the Analysis ID # and quite possibly we can expedite the process.

                Please know that other Vendors detect this file as well on occasion.

             Again, the Instructions can be found below my Signature (Last Link)

             How to submit False Artemis!/samples to McAfee Labs/ here

Wishing you all the very best,

Regards,

Message was edited by: catdaddy on 7/24/14 7:53:07 AM EDT
Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: False Artemis!ADF72A53FE56


Hi Roy,

                I was wondering if you were successful at getting your issue resolved? If you got confirmation that the (cpds.exe) was indeed submitted for analysis? You should have received a Analysis ID #. It would go a long way in determining if we can consider/assume this thread answered?

All the Best,

Regards,

Message was edited by: catdaddy on 7/28/14 11:20:19 AM EDT
Cliff
McAfee Volunteer
0 Kudos
roybarda
Level 7

Re: False Artemis!ADF72A53FE56

Hi,

First of all, Thanks for guiding me through.

I have sent the file for analysis and recieved the attached reply :

"

McAfee Labs Sample Analysis

Thank you for submitting your suspicious file(s). We havedetermined that the following files are detected with our current DAT files.

       Reference  : (Escalation) 9054629

        ---------------------------------

        

       +---------------------------+----------------------------------+------------------+----------------------+-----------------+

| File Name                 | MD5                              | Findings         | Detection            | Type            |

+---------------------------+----------------------------------+------------------+----------------------+-----------------+

        |cpds.exe                  |adf72a53fe56c44952fe388e5104a280 | clean            |                     | clean           |

       +---------------------------+----------------------------------+------------------+----------------------+-----------------+

       

        

Solution:

To ensure that you have the maximum capability ofdetecting and cleaning this malware, please make sure you have the latestMcAfee scanning engine.

DAT and scanning engine updates are available at thefollowing location: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Support:

McAfee Labs accepts file samples for analysis andpossible inclusion into AV signature DAT updates.

Additional information for submitting samples to McAfeeis available in the following location: https://kc.mcafee.com/corporate/index?page=content&id=KB68030

Product related questions and comments can be addressedvia McAfee Technical Support and Customer Services, including:

* Assistance with detection and cleaning or removal ofmalware

* Product installation and update questions

* Product usage questions

Please use the following links to reach our TechnicalSupport group:

Business Customers: http://www.mcafee.com/us/support.aspx

Home Customers: http://home.mcafee.com/root/support.aspx

Regards,

McAfee Labs

McAfee Labs: http://www.mcafee.com/us/threat-center.aspx

McAfee Labs Blog: http://blogs.mcafee.com/mcafee-labs

"

Does that mean McAfee removed CPDS.EXE from their blacklist ?

Thanks,

Roy.

0 Kudos
catdaddy
Level 20

Re: False Artemis!ADF72A53FE56

Hi Roy,

          Thank you for the reply back. The question now being is, does McAfee still detect it as Artemis! when attempting to access it? Please attempt to do so,and apprise us of your results.

Regards,

Cliff
McAfee Volunteer
0 Kudos