cancel
Showing results for 
Search instead for 
Did you mean: 
emtjoe
Level 7

False Detection - Artemis!59AAEDB31386

McAfee keeps indentifying a game helper .exe file (HCNSUFZASLB.exe) and quarantines it.  Now I have read how to submit the file to McAfee for review and understand how to do it.  Here's the problem.  Even after I turn off Real Time Scanning, Scheduled Scanning, the Firewall, and Anti-Spam, McAfee still identifies and quarantines the file so that I cannot send it.  Short of unistalling McAfee, how in the heck do I get this file to you?  And the even bigger question, why won't McAfee give back the ability to ignore any file?  I have seen this mentioned in posts going back to late last year and yet nothing has been done. 

0 Kudos
8 Replies
vinod_r2
Level 11

Re: False Detection - Artemis!59AAEDB31386

Unlikely that the product will detect and remove a file if the protection is turned off correctly --

The detection that you see is from McAfee Global Threat Intelligence and is based on detection seen across the globe and as a precation the file gets picked up-- detection will be updated in real time here(no need to wait for a full daily update) ...

Could you please try to boot the machine is safe mode with networking ( protection and most non -microsoft) application would be disabled there anyway and submit the file and reference the analysis id here.

0 Kudos
emtjoe
Level 7

Re: False Detection - Artemis!59AAEDB31386

I was able to zip the file and send it in Safe Mode.  Thanks for the suggestion.  

Analysis ID is : 6602550.  Got an immediate answer which stated as follows:

File Name            Findings                       Detection                    Type         Extra

--------------------|------------------------------|----------------------------|------------|-----

hcnsufzaslb.exe     |current detection             |generic pws.y!det           |Trojan      |no  

current detection [hcnsufzaslb.exe]                                                                    

   The file received is infected and can be detected and removed with our current DAT    

files and engine. It is recommended that you update your DAT and engine files and scan

your computer again.                                                                  

If you are not seeing this with the product you are using, please speak with technical

support so that they can help you determine the cause of this discrepancy.            

To find detailed information about viruses and other malware, please review McAfee    

Labs' Virus Information Library:

I have had the program for years and never had a problem until recently.  As far as turning off the protection and still having McAfee identify and quarantine the file I can post screen shots here.

Thanks again for your help.

0 Kudos
vinod_r2
Level 11

Re: False Detection - Artemis!59AAEDB31386

I would love to see those screen shots but currently am held up with some thing else pressing....

The detection is based on Threat Intelligence and is very dynamic and could change very rapidly based on the current threat landscape.

In the mean time could you upload that file on to some common free online scan service such as www.virustotal.com to share the URL for the analysis page?

0 Kudos
emtjoe
Level 7

Re: False Detection - Artemis!59AAEDB31386

Sumitted it to virustotal...it had already been submitted....here is the url: http://www.virustotal.com/file-scan/report.html?id=3c32dcc5970532aedecf296835e0c9e3e7200a8edd1e967d9...

Also submitted to your own Avert lab, here is that URL:  https://www.webimmune.net/ViewAnalysis.asp?AnalysisID=6602577

Replied to the automated mail.  Guess there isn't much else I can do.

0 Kudos
vinod_r2
Level 11

Re: False Detection - Artemis!59AAEDB31386

thanks for the virustotal link..... I checked the link and it seems that many anti-virus vendors are detecting that as a threat-- perhaps you might want to report that to the software vendor --- show them reference on Virus total----

0 Kudos
emtjoe
Level 7

Re: False Detection - Artemis!59AAEDB31386

Their reponse was an auto-email that told me how to turn off the firewalll in McAfee, like I didn't know how to do that already.  Unfortunately, most of these software vendors whose products are the "recipient" of the false positive are going to point right back at McAfee (and others) and say it is their responsibility to fix it and I somewhat agree with them.  McAfee needs to step up NOW and give users the ability to trust any file.   Otherwise. people will be moving on to other products that will give them that option.

0 Kudos
emtjoe
Level 7

Re: False Detection - Artemis!59AAEDB31386

I have to laugh.  Now instead of showing the threat as Artemis!59AAEDB31386 is says it is Generic PWS.y!det.  A rose by any other name.  I have downloaded a competitor's BETA IS program.  Hopefully this will get straightened out so that I can return to using McAfee....I HATE this competitor's product but it does let you choose any file that you want to trust.

0 Kudos
vinod_r2
Level 11

Re: False Detection - Artemis!59AAEDB31386

forgot to mention---

Please reply to the automated mail after adding a FALSE before the current subject line

0 Kudos