cancel
Showing results for 
Search instead for 
Did you mean: 
iranjith
Level 7

New thread-Artemis!79F444EE291F

Jump to solution

I have received new thread Artemis!79F444EE291F and its detected in Client side cache folder in Windows........

How is the thread vulnerability

0 Kudos
1 Solution

Accepted Solutions
Tristan
Level 15

Re: New thread-Artemis!79F444EE291F

Jump to solution

The files in C:\Windows\CSC are to do with the caching of offline network files. This is done automatically by Windows a therefore the filenames bare no relation to what or where the original file may have come from.

You have a number of options

1. Switch of 'Offline files' and see if Artemis detects anything in a real file.

2. Turn down the sensitivity of the Artemis scanner.

3. Try a full system scan to see if anything is picked up.

4. Hope it's a false positive and leave it for now. If it keeps re-occuring then investigate it more throughly. Possible submit the file to an on-line virus checker. A quick Google found this https://www.virustotal.com/en/ and this http://virusscan.jotti.org/en

0 Kudos
4 Replies
Tristan
Level 15

Re: New thread-Artemis!79F444EE291F

Jump to solution

The detection is an Artemis Threat not thread.

Basically you have the heuristic scanner switched on in ePO (possibly set to 'high'). The heuristic scanner has detected an action being performed by a process then resembles the action of a virus.

There are basically two possibilities it is a brand new virus (and therefore not detected by the DAT) or it is a false positive where a legitimate process is performing a legitimate action but VSE has incorrectly identified it as suspicious.

What file is listed in the event log?

0 Kudos
iranjith
Level 7

Re: New thread-Artemis!79F444EE291F

Jump to solution

The file is c:\Windows\Csc\d5\8000150C . No file extns ......

0 Kudos
Tristan
Level 15

Re: New thread-Artemis!79F444EE291F

Jump to solution

The files in C:\Windows\CSC are to do with the caching of offline network files. This is done automatically by Windows a therefore the filenames bare no relation to what or where the original file may have come from.

You have a number of options

1. Switch of 'Offline files' and see if Artemis detects anything in a real file.

2. Turn down the sensitivity of the Artemis scanner.

3. Try a full system scan to see if anything is picked up.

4. Hope it's a false positive and leave it for now. If it keeps re-occuring then investigate it more throughly. Possible submit the file to an on-line virus checker. A quick Google found this https://www.virustotal.com/en/ and this http://virusscan.jotti.org/en

0 Kudos
iranjith
Level 7

Re: New thread-Artemis!79F444EE291F

Jump to solution

Thanks Tritan.... This information is helpful to me ....

0 Kudos