Hi, Dear Sir
We are Elex do Brasil Participa es Ltda，the file submitted is a product we produce and publish. It is a online-downloader for Yac.
However, they have encountered a false positive problem with McAfee Artemis recently.
The reported threat name is "Artemis!C8034D590686" .
Please do have a check immediately, and clear the false alarm, I have sent an email to email@example.com
But, currently I do not get reply so far.
And I also use GutSup to submit, but it popup an error say the zip file is not valid, so I am now unable to use it to submit the false positive, the pop up "Invalid GetSusp zip fie" could you give me some suggestion about this problem, I have made it a valid zip for sure, since I have submit successully before.
Looking forward to your kindly attetion and effective solution.
It seems you followed the proper protocol. You should recieve a Automated reply back from McAfee Labs,with a Work analysis ID#. Confirmation that it recieved your submission and is under analysis. Generally give it 4-5 (Buisness days). As you can imagine the enormous amount of detections collected on a daily basis.
After allowing the appropiate amount of time, please post back the Analysis ID #, and quite possibly we can stir up someone at McAfee Labs to expedite matters.
I,m concerned about you stating that you had issues running the Getsusp Tool? You may want to Download/Install "Malwarebytes (Free) only. Do not accept the (Free Trial) or activate the (Paid Version) For the RTS Module may conflict with McAfee.
The (Free) Version will suffice. You can locate this Tool and Getsusp below my Signature (First Link)
Should Malwarebytes detect anything, Remove/Delete all and restart to entirely remove all/any remnants. I would run another scan to check for sure,then attempt to run the Getsusp Tool afterwards.
All the best,Message was edited by: catdaddy on 6/17/14 5:58:42 AM EDT
If GetSusp is not recognizing a zip file then there is something wrong with how you are zipping. What software are you using to zip it and have you tried another method? With GetSusp anyway I though files don't need to be zipped.
Are you an Enterprise customer? If so the portal support should be able to assist you.
If something is identified, maybe wrongly as "Artemis" then McAfee already knows about it. Merely send an email to firstname.lastname@example.org with the Artemis detection name and the words "False Artemis!++++++++++++" (where ++++++++++++ is the 12-digit code given to it) as the subject line. (Minus the "").
In this case the header should read: False Artemis!C8034D590686
No need to re-submit the file as Artemis by definition means the labs already have it and are working on it.
Let me correct everyone here - McAfee does not capture files through the Artemis system - that would be a huge privacy problem.
The artemis code is a unique identifier for the file, which we MAY have had submitted through another system, or may have captured through our honeypots and other systems, but when your computer generates an artemis warning, it does not mean that your computer sent the file to us.
Hi, Dear Ex
Thank you so much for your kindly explanation, and I am very appreciate your patient.
I have successfully upload the file by GetSusp using "rar" format, I do not know what was going on my "winzip", maybe I should uninstall it and reinstall again.
I am now in a stage that waiting for the answer from your lab, I have sent sent email subjected False Artemis!C8034D590686 as well as submit by getSusp.
And I have a liitle question, after I upload the file as well as sending email, would I get a auto-reply after I type my email on the software or make the email subject right ?
Cause so far I still do not get an auto-answer which make me a little suspect if I have made the correct work flow.
Thank you again for your kindly attention.
Hope you enjoy a great day!