Another one of our applications is incorrectly identified as the malicious Trojan Artemis!D25E94C2D378. I don't have the engine specifics or logs since the detections are only surfacing via VirusTotal. I’m not getting a comparable match when verifying with McAfee Total Protection but the getsup tool is flagging the file as suspicious too. The same flag is also surfacing with McAfee Gateway Web.
I've included a copy of the details from the gusup.exe submission. For privacy I've removed the machine name.
Some details about the application: The product is installed with the user’s full consent. At the time of install, the software is clearly disclosed as ad-supported. The product does not collect, share or sell any personally identifying information. Furthermore, the product provides a standard method to easily uninstall via the Windows Add/Remove program.
Please help in getting the flag removed and white-list the application to prevent this issue from reoccurring. Another one of our builds is being impacted but with a different signature. I’ll submit that in a separate thread.
Let me know if further details are required or if I canmerge requests into a single thread even if the detections vary.
E-mail Submission Synopsis
SR Number Creation Date WorkItem ID Machine Name
========= ============== =========== ===========
None specified 5/1/2014 2:58:42 PM 1330036 REMOVED
| File Name | MD5 | Findings |Detection | Type |
| setup_84701-us.ex_ | d25e94c2d37845e3f8c95d4b5a1df2de |beta_heuristic_virus_detection | beav-new malware.x | Unknown |
Solved! Go to Solution.
To expedite matters if something is identified, maybe wrongly as "Artemis" then McAfee already knows about it. Merely send an email to firstname.lastname@example.org with the Artemis detection name and the words "False Artemis!++++++++++++" (where ++++++++++++ is the 12-digit code given to it) as the subject/header line. (Minus the "").
I've done that previously. Part of the prior submission process I came across advised to also create the forum post.
The submission directions also need to be updated considering McAfee's mail system rejects all attachments. I might be reading your first sentence incorrectly. It seems counterintuitive to flag something if they're starting from the basis that they know its incorrectly flagged to start.
The submission system accepts zipped and password-protected attachments as per the instructions. But no need to submit an Artemis detection as they already have it.Message was edited by: Ex_Brit on 02/05/14 3:06:50 EDT PM
I don't mean to sound rude by any means but please give it a try and see what you encounter. In prior queries I've submitted attachments per the directions and its rejected 100% of the time. Luckily share links are also accepted. Hence the suggestion on updating the directions. Also McAfee doesn't remove Artemis flags unless they're reported as false positives. I've seen that flag hang on some files until a request is made to rectify it. It makes it rather moot if they're aware of it or not.
If I have time later I will try but at the moment it's out of the question as I'm dealing with a complicated matter already.
You are using the instructions here? http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx
I just heard from my contact at the labs.
I've escalated this internally. Given that we'll need to make a call whether to brand it as PUP/Adware or mark it clean, i thought it's best reviewed by researcher.