I am trying to get our software white listed as it is getting an Artemis detection that we are sure is a false positive.
I have submitted the software with all relevant details and I got the response pasted below.
Well - I know it is being detected already - what I want is to get it checked manually and white listed because it is not a Trojan.
Who do I talk to and how do I get it looked at manually so I can have a sensible discussion about what the software does, and why it is a false positive?
I've read a number of knowledgebase articles and have followed the instructions to the letter - just not sure what to do to escalate it from here?
McAfee Labs - Beaverton
Current Scan Engine Version:5900.7806
Current DAT Version:8738.0000
Thank you for your submission.
Analysis ID: 10491134
File Name Findings Detection Type Extra
app.ini |inconclusive | | |no
dsp.bin |inconclusive | | |no
dspboot.bin |inconclusive | | |no
host.bin |inconclusive | | |no
mpmprog.exe |current detection |rdn/generic.hbg |Trojan |no
inconclusive [app.ini dsp.bin dspboot.bin host.bin]
Automated analysis was not able to determine that this file is malware. This file is
being sent for further processing and the DAT files will potentially be updated if
detection of this sample is warranted.
current detection [mpmprog.exe]
The file submitted is malware that can be detected with current DAT files. It is
recommended that you update your DAT and engine files and scan your computer again.
Other information that may assist:
Product: VirusScan Enterprise 8.8
DAT version: 8734.0000
Description of issue:
The software is a small executable that opens a command window and loads a binary file into an embedded controller across an RS232 serial port. It is used to load firmware updates into the controller. It also logs any responses from the controller across the RS232 serial link into a text file for debugging if the firmware update has a problem.
A customer of ours has been using an earlier revision of this software for more than 10 years without a problem. We provided a newer version that is required to load later firmware updates into the controller. This newer program has been detected by their McAfee system as "GTI Reputation - Known Malicious". We have checked against other brand virus systems and the result is that there is no virus detected.
Latest Applied Rule
4 v2 - Use GTI file reputation to identify trusted or malicious files
Certificate SHA-1 Hash
6/7/17 1:21:59 PM
Any assistance would be very much appreciated.
NOJA Power Switchgear
You did the correct way to submit it and also the VirusTotal MD5 hash helps. We mods have to wait 3 days after submission before we can escalate the detection. We have to allow the labs to do a manual check following your submission and to try to let them fix it.
These are the rules we have been told to follow so if there is no fix in 3 days post back and 1 of we mods will immediately escalate the detection. The fix is usually 1 day or less after we escalate.
I have escalated your issue on your behalf,hopefully we will hear something in short order. Your escalated Ticket number is as follows; Ticket #: AM001344 - False Artemis !
I just received back the following correspondence;
Detection suppressed and sample is classified to clean.
Could you please confirm that your issue is resolved?
Consumer Products (Artemis!)