cancel
Showing results for 
Search instead for 
Did you mean: 
wkwthree
Level 7

False Artemis!D25E94C2D378

Jump to solution

Hello,

Another one of our applications is incorrectly identified as the malicious Trojan Artemis!D25E94C2D378. I don't have the engine specifics or logs since the detections are only surfacing via VirusTotal. I’m not getting a comparable match when verifying with McAfee Total Protection but the getsup tool is flagging the file as suspicious too. The same flag is also surfacing with McAfee Gateway Web.

I've included a copy of the details from the gusup.exe submission. For privacy I've removed the machine name.

Some details about the application: The product is installed with the user’s full consent. At the time of install, the software is clearly disclosed as ad-supported. The product does not collect, share or sell any personally identifying information. Furthermore, the product provides a standard method to easily uninstall via the Windows Add/Remove program.

Please help in getting the flag removed and white-list the application to prevent this issue from reoccurring. Another one of our builds is being impacted but with a different signature. I’ll submit that in a separate thread.

Let me know if further details are required or if I canmerge requests into a single thread even if the detections vary.


E-mail Submission Synopsis

        SR Number               Creation Date                WorkItem ID        Machine Name           

       =========              ==============              ===========        ===========            

        None specified          5/1/2014 2:58:42 PM          1330036            REMOVED              

| File Name         | MD5                             | Findings                       |Detection          | Type    |

+--------------------+----------------------------------+--------------------------------+--------------------+---------+

| setup_84701-us.ex_ | d25e94c2d37845e3f8c95d4b5a1df2de |beta_heuristic_virus_detection | beav-new malware.x | Unknown |

Thanks,
Wes

0 Kudos
1 Solution

Accepted Solutions
vinoo
Level 13

Re: False Artemis!D25E94C2D378

Jump to solution

Thanks for reporting. The file has been whitelisted.

0 Kudos
11 Replies
exbrit
Level 21

Re: False Artemis!D25E94C2D378

Jump to solution

To expedite matters if something is identified, maybe wrongly as "Artemis" then McAfee already knows about it.  Merely send an email to virus_research@mcafee.com with the Artemis detection name and the words "False Artemis!++++++++++++" (where ++++++++++++ is the 12-digit code given to it) as the subject/header line. (Minus the "").

0 Kudos
wkwthree
Level 7

Re: False Artemis!D25E94C2D378

Jump to solution

Hello Ex_Brit

I've done that previously. Part of the prior submission process I came across advised to also create the forum post. 

The submission directions also need to be updated considering McAfee's mail system rejects all attachments. I might be reading your first sentence incorrectly. It seems counterintuitive to flag something if they're starting from the basis that they know its incorrectly flagged to start.

Thanks,
Wes

0 Kudos
exbrit
Level 21

Re: False Artemis!D25E94C2D378

Jump to solution

The submission system accepts zipped and password-protected attachments as per the instructions.  But no need to submit an Artemis detection as they already have it.

Message was edited by: Ex_Brit on 02/05/14 3:06:50 EDT PM
0 Kudos
wkwthree
Level 7

Re: False Artemis!D25E94C2D378

Jump to solution

Hi Ex_Brit,

I don't mean to sound rude by any means but please give it a try and see what you encounter. In prior queries I've submitted attachments per the directions and its rejected 100% of the time. Luckily share links are also accepted. Hence the suggestion on updating the directions. Also McAfee doesn't remove Artemis flags unless they're reported as false positives. I've seen that flag hang on some files until a request is made to rectify it. It makes it rather moot if they're aware of it or not.

Thanks,
Wes

0 Kudos
exbrit
Level 21

Re: False Artemis!D25E94C2D378

Jump to solution

If I have time later I will try but at the moment it's out of the question as I'm dealing with a complicated matter already.

You are using the instructions here? http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx

0 Kudos
wkwthree
Level 7

Re: False Artemis!D25E94C2D378

Jump to solution

Yes. It's likely detecting the .exe within the archive. Thanks for your additional assistance.

Thanks,
Wes

0 Kudos
exbrit
Level 21

Re: False Artemis!D25E94C2D378

Jump to solution

BTW if the email submission method wont work the GetSusp tool may succeed,  It's also mentioned in the link I just posted.

0 Kudos
exbrit
Level 21

Re: False Artemis!D25E94C2D378

Jump to solution

I just heard from my contact at the labs.

I've escalated this internally. Given that we'll need to make a call whether to brand it as PUP/Adware or mark it clean, i thought it's best reviewed by  researcher.
0 Kudos
vinoo
Level 13

Re: False Artemis!D25E94C2D378

Jump to solution

Thanks for reporting. The file has been whitelisted.

0 Kudos