Explain to me why when I send a suspicious file for review in McAfee Lab, and the file is recognized as a "Generic.TRA" and i recive Extra.dat, it is not added to "Artemis" detection ? it would be so easy and so fast ! how the Artemis works?
Solved! Go to Solution.
Not all files would trigger an artemis lookup, we need to see certain suspicious criteria occurring before the lookup is done. Generic.tra is a different beast, it's a MD5 based driver for the specific file you submitted - that doesn't necessarily mean that detection would be automatically be added to artemis, although in many cases this does happen.
HTH
Sam
I moved this to Artemis Discussion so one of their staff will notice it and hopefully help you.. Posting the Artemis number might help.
Message was edited by: Ex_Brit on 14/08/11 12:00:30 EDT PMHello notenuf.
Please go through the below link this will help you............
https://kc.mcafee.com/content/tutorials/artemis/vse_rc_kb53732_enabling_artemis.htm
You can also refer the Attached Doc.for more details........
Message was edited by: hemantk on 8/16/11 4:19:54 AM CDTHi
Please refer our KB Article for mor info: https://kc.mcafee.com/corporate/index?page=content&id=KB53735
Basically Artemis looks for any suspicious files and detect as Artemis!xxxxx, it could be both accuarte detection or false too. If you come across please send us the sample
http://www.av-comparatives.org/seiten/ergebnisse/mcafee_artemis.pdf
thanks
Neha C
McAfee SME
Try not to read only the title, do not waste your time on useless "answers" ... Did I write that Artemis is not working? I mean that Artemis works strange and illogical.
Not all files would trigger an artemis lookup, we need to see certain suspicious criteria occurring before the lookup is done. Generic.tra is a different beast, it's a MD5 based driver for the specific file you submitted - that doesn't necessarily mean that detection would be automatically be added to artemis, although in many cases this does happen.
HTH
Sam
I think that Artemis is exactly a particular MD5 file, turns out that Artemis lookup is based on certain criteria heuristic technology? then what kind of criteria? you tell me more about this?
Hello,
The McAfee Artemis is considered a file reputation, which makes part of our GTI or Global Threat Intelligence. Once customers have the McAfee Artemis Technology enabled on their endpoint products, Artemis Is responsible to send fingerprints of the files to the cloud, which also receives data from other vectors, like Web, Email and Network.
Once the fingerprints are submitted to the cloud, they are compared with the database existent in the cloud as well as analyzed based on its characteristics, MD5, by our threat research team dedicated solely to GTI, etc. After that, we correlate data from all threat vectors. The GTI cloud after matching the incoming streams with known or suspected threats, returns to the supported products a unique perspective on what is happening at each touch point.
Best Regards,
Patty
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA