cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 12

False Artemis!D25E94C2D378

Jump to solution

Hello,

Another one of our applications is incorrectly identified as the malicious Trojan Artemis!D25E94C2D378. I don't have the engine specifics or logs since the detections are only surfacing via VirusTotal. I’m not getting a comparable match when verifying with McAfee Total Protection but the getsup tool is flagging the file as suspicious too. The same flag is also surfacing with McAfee Gateway Web.

I've included a copy of the details from the gusup.exe submission. For privacy I've removed the machine name.

Some details about the application: The product is installed with the user’s full consent. At the time of install, the software is clearly disclosed as ad-supported. The product does not collect, share or sell any personally identifying information. Furthermore, the product provides a standard method to easily uninstall via the Windows Add/Remove program.

Please help in getting the flag removed and white-list the application to prevent this issue from reoccurring. Another one of our builds is being impacted but with a different signature. I’ll submit that in a separate thread.

Let me know if further details are required or if I canmerge requests into a single thread even if the detections vary.


E-mail Submission Synopsis

        SR Number               Creation Date                WorkItem ID        Machine Name           

       =========              ==============              ===========        ===========            

        None specified          5/1/2014 2:58:42 PM          1330036            REMOVED              

| File Name         | MD5                             | Findings                       |Detection          | Type    |

+--------------------+----------------------------------+--------------------------------+--------------------+---------+

| setup_84701-us.ex_ | d25e94c2d37845e3f8c95d4b5a1df2de |beta_heuristic_virus_detection | beav-new malware.x | Unknown |

Thanks,
Wes

1 Solution

Accepted Solutions
Former Member
Not applicable
Report Inappropriate Content
Message 10 of 12

Re: False Artemis!D25E94C2D378

Jump to solution

Thanks for reporting. The file has been whitelisted.

View solution in original post

11 Replies

Re: False Artemis!D25E94C2D378

Jump to solution

To expedite matters if something is identified, maybe wrongly as "Artemis" then McAfee already knows about it.  Merely send an email to virus_research@mcafee.com with the Artemis detection name and the words "False Artemis!++++++++++++" (where ++++++++++++ is the 12-digit code given to it) as the subject/header line. (Minus the "").

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 12

Re: False Artemis!D25E94C2D378

Jump to solution

Hello Ex_Brit

I've done that previously. Part of the prior submission process I came across advised to also create the forum post. 

The submission directions also need to be updated considering McAfee's mail system rejects all attachments. I might be reading your first sentence incorrectly. It seems counterintuitive to flag something if they're starting from the basis that they know its incorrectly flagged to start.

Thanks,
Wes

Re: False Artemis!D25E94C2D378

Jump to solution

The submission system accepts zipped and password-protected attachments as per the instructions.  But no need to submit an Artemis detection as they already have it.

Message was edited by: Ex_Brit on 02/05/14 3:06:50 EDT PM
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 12

Re: False Artemis!D25E94C2D378

Jump to solution

Hi Ex_Brit,

I don't mean to sound rude by any means but please give it a try and see what you encounter. In prior queries I've submitted attachments per the directions and its rejected 100% of the time. Luckily share links are also accepted. Hence the suggestion on updating the directions. Also McAfee doesn't remove Artemis flags unless they're reported as false positives. I've seen that flag hang on some files until a request is made to rectify it. It makes it rather moot if they're aware of it or not.

Thanks,
Wes

Re: False Artemis!D25E94C2D378

Jump to solution

If I have time later I will try but at the moment it's out of the question as I'm dealing with a complicated matter already.

You are using the instructions here? http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx

Former Member
Not applicable
Report Inappropriate Content
Message 7 of 12

Re: False Artemis!D25E94C2D378

Jump to solution

Yes. It's likely detecting the .exe within the archive. Thanks for your additional assistance.

Thanks,
Wes

Re: False Artemis!D25E94C2D378

Jump to solution

BTW if the email submission method wont work the GetSusp tool may succeed,  It's also mentioned in the link I just posted.

Re: False Artemis!D25E94C2D378

Jump to solution

I just heard from my contact at the labs.

I've escalated this internally. Given that we'll need to make a call whether to brand it as PUP/Adware or mark it clean, i thought it's best reviewed by  researcher.
Former Member
Not applicable
Report Inappropriate Content
Message 10 of 12

Re: False Artemis!D25E94C2D378

Jump to solution

Thanks for reporting. The file has been whitelisted.

View solution in original post

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community