We've detected a trojan "Artemis!56DC15737866" and events show the following action
- Threat Action Taken: IDS_ALERT_ACT_TAK_WBD
- Event ID: 1428
- Second Attempted Action: IDS_ALERT_THACT_ATT_DEL
- Second Action Status: True
Could you please assist in determining the Artemis number and how can we mitigate this?
Please refer to below article:
Artemis detections could be false-positive detections of legit applications but you can submit a sample with mcafee directly:
Could you please expand on that? Specifically what does IDS_ALERT_ACT_TAK_WBD mean? I have difficulty interpreting WBD. Is there a list of acronyms and their meaning you can refer me to? what about a list of ThreatEventIDs and what they mean? 1428 is not very explicit.
This is what WBD means:
Regarding the acronyms that could be helpful:
You can find ENS event IDs here:
Additionally these are ePO events: