Solved: McAfee Support Community - Re: How the Artemis works?

notenuf · ‎08-14-2011

Explain to me why when I send a suspicious file for review in McAfee Lab, and the file is recognized as a "Generic.TRA" and i recive Extra.dat, it is not added to "Artemis" detection ? it would be so easy and so fast ! how the Artemis works?

SamSwift · ‎08-22-2011

Not all files would trigger an artemis lookup, we need to see certain suspicious criteria occurring before the lookup is done. Generic.tra is a different beast, it's a MD5 based driver for the specific file you submitted - that doesn't necessarily mean that detection would be automatically be added to artemis, although in many cases this does happen.

HTH

Sam

exbrit · ‎08-14-2011

I moved this to Artemis Discussion so one of their staff will notice it and hopefully help you.. Posting the Artemis number might help.

Message was edited by: Ex_Brit on 14/08/11 12:00:30 EDT PM

hemantk · ‎08-16-2011

Hello notenuf.

Please go through the below link this will help you............

https://kc.mcafee.com/content/tutorials/artemis/vse_rc_kb53732_enabling_artemis.htm

You can also refer the Attached Doc.for more details........

Message was edited by: hemantk on 8/16/11 4:19:54 AM CDT

nchattop · ‎08-17-2011

Hi

Please refer our KB Article for mor info: https://kc.mcafee.com/corporate/index?page=content&id=KB53735

Basically Artemis looks for any suspicious files and detect as Artemis!xxxxx, it could be both accuarte detection or false too. If you come across please send us the sample

http://www.av-comparatives.org/seiten/ergebnisse/mcafee_artemis.pdf

thanks

Neha C

McAfee SME

notenuf · ‎08-20-2011

Try not to read only the title, do not waste your time on useless "answers" ... Did I write that Artemis is not working? I mean that Artemis works strange and illogical.

SamSwift · ‎08-22-2011

Not all files would trigger an artemis lookup, we need to see certain suspicious criteria occurring before the lookup is done. Generic.tra is a different beast, it's a MD5 based driver for the specific file you submitted - that doesn't necessarily mean that detection would be automatically be added to artemis, although in many cases this does happen.

HTH

Sam

notenuf · ‎09-03-2011

I think that Artemis is exactly a particular MD5 file, turns out that Artemis lookup is based on certain criteria heuristic technology? then what kind of criteria? you tell me more about this?

pammirab · ‎09-21-2011

Hello,

The McAfee Artemis is considered a file reputation, which makes part of our GTI or Global Threat Intelligence. Once customers have the McAfee Artemis Technology enabled on their endpoint products, Artemis Is responsible to send fingerprints of the files to the cloud, which also receives data from other vectors, like Web, Email and Network.

Once the fingerprints are submitted to the cloud, they are compared with the database existent in the cloud as well as analyzed based on its characteristics, MD5, by our threat research team dedicated solely to GTI, etc. After that, we correlate data from all threat vectors. The GTI cloud after matching the incoming streams with known or suspected threats, returns to the supported products a unique perspective on what is happening at each touch point.

Best Regards,

Patty