cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Our software is getting a False Artemis detection on McAfee

Hi,

I am trying to get our software white listed as it is getting an Artemis detection that we are sure is a false positive.

I have submitted the software with all relevant details and I got the response pasted below.

Well - I know it is being detected already - what I want is to get it checked manually and white listed because it is not a Trojan.

Who do I talk to and how do I get it looked at manually so I can have a sensible discussion about what the software does, and why it is a false positive?

I've read a number of knowledgebase articles and have followed the instructions to the letter - just not sure what to do to escalate it from here?

---

McAfee Labs - Beaverton                                                               

Current Scan Engine Version:5900.7806                                                 

Current DAT Version:8738.0000                                                         

Thank you for your submission.                                                        

Analysis ID: 10491134

File Name            Findings                       Detection                    Type         Extra

--------------------|------------------------------|----------------------------|------------|-----

app.ini             |inconclusive                  |                            |            |no  

dsp.bin             |inconclusive                  |                            |            |no  

dspboot.bin         |inconclusive                  |                            |            |no  

host.bin            |inconclusive                  |                            |            |no  

mpmprog.exe         |current detection             |rdn/generic.hbg             |Trojan      |no  

inconclusive [app.ini dsp.bin dspboot.bin host.bin]                                               

   Automated analysis was not able to determine that this file is malware. This file is  

being sent for further processing and the DAT files will potentially be updated if    

detection of this sample is warranted.                                                

current detection [mpmprog.exe]                                                                        

   The file submitted is malware that can be detected with current DAT files. It is      

recommended that you update your DAT and engine files and scan your computer again.   

---------------------------

Other information that may assist:

Product: VirusScan Enterprise 8.8
DAT version:
8734.0000
Engine:
5900.7806

Description of issue:

The software is a small executable that opens a command window and loads a binary file into an embedded controller across an RS232 serial port. It is used to load firmware updates into the controller. It also logs any responses from the controller across the RS232 serial link into a text file for debugging if the firmware update has a problem.

A customer of ours has been using an earlier revision of this software for more than 10 years without a problem. We provided a newer version that is required to load later firmware updates into the controller. This newer program has been detected by their McAfee system as "GTI Reputation - Known Malicious".  We have checked against other brand virus systems and the result is that there is no virus detected.

Latest Applied Rule

4 v2 - Use GTI file reputation to identify trusted or malicious files

SHA-1 Hash

1C90B84418D414843F81B3E1827B1B26537B1044

MD5 Hash

B4A8849FA25381C27E53A8CCACE20952

SHA-256 Hash

60DEC79EEE70F6460C958B3DE9DDEFACA0A7A6088BB923ECCC6BABB20C0F2D91

Certificate SHA-1 Hash

Not Available

Enterprise count

7

First contact

6/7/17 1:21:59 PM

Any assistance would be very much appreciated.

Regards,

Brian O'Sullivan

Service Manager

NOJA Power Switchgear

0 Kudos
3 Replies
Peacekeeper
Level 20

Re: Our software is getting a False Artemis detection on McAfee

You did the correct way to submit it and also the VirusTotal MD5 hash helps. We mods have to wait 3 days after submission before we can escalate the detection. We have to allow the labs to do a manual check following your submission and to try to let them fix it.

These are the rules we have been told to follow so if there is no fix in 3 days post back and 1 of we mods will immediately escalate the detection. The fix is usually 1 day or less after we escalate.

0 Kudos
catdaddy
Level 20

Re: Our software is getting a False Artemis detection on McAfee

I have escalated your issue on your behalf,hopefully we will hear something in short order. Your escalated Ticket number is as follows;   Ticket #: AM001344 - False Artemis !

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: Our software is getting a False Artemis detection on McAfee

Hi Brian,

                 I just received back the following correspondence;

Hello Cliff,

Detection suppressed and sample is classified to clean.

Regards

Ravishankar

Could you please confirm that your issue is resolved?

Thank you,

Cliff

Moderator

Consumer Products (Artemis!)

Cliff
McAfee Volunteer
0 Kudos