cancel
Showing results for 
Search instead for 
Did you mean: 
doMinationp
Level 7

Possible False Positive - Artemis!90F2B20435A0

Newest patch update for Starcraft II comes up as an Artemis trojan in McAfee and is immediately quarantined. Patching freezes at 98% and automatically retries until the user cancels the process.

File: BLIZZARDDOWNLOADER.EXE.0E5639DF.TEMP

Path: I:\STARCRAFT II\SUPPORT

Error message displayed when trying to install the patch:

The update could not be applied.
  The file "I:\StarCraft II\Support\BlizzardDownloader.exe.4672bec7.temp" could not be renamed to "I:\StarCraft II\Support\BlizzardDownloader.exe". If this problem persists, you may be able to solve it by uninstalling and then reinstalling the game. If you are unable to correct this problem, please contact Blizzard Technical Support. (ConflictManager::ResolveConflicts/2)
  The file "I:\StarCraft II\Support\BlizzardDownloader.exe.4672bec7.temp" could not be deleted. (ConflictManager::UncreateObjects)

Many other Starcraft II users with McAfee are reporting the same issue. Disabling McAfee and uinstalling/reinstalling Starcraft II does not do anything.

Thanks for any help.

0 Kudos
6 Replies
vinoo
Level 13

Re: Possible False Positive - Artemis!90F2B20435A0

Thanks for reporting.

The file has been whitelisted in our backend. Give it ~30 mins for the Artemis false detection to go away.

0 Kudos
RogerMester
Level 7

Re: Possible False Positive - Artemis!90F2B20435A0

Dear Vinoo,

I have discovered several false positives.

Here is a list of the Artemis numbers:

Artemis!41B465EED3C8
Artemis!66A297D0B4FF
Artemis!D1D08E9AE382
Artemis!A9EE10CD9a5D
Artemis!99C0778F6DE9
Artemis!F55F4CF8F0B0
Artemis!5232DC2D7C5D
Artemis!F7CB766E7ADD
Artemis!55BBF96567A5
Artemis!7C44A97AED8C
Artemis!F64794E2012F
Artemis!2C21E8CC391B
Artemis!1CA8324EB89D
Artemis!831C2F63ED92
Artemis!C3EECD26C784
Artemis!BA3BFAD53515
Artemis!E6396794F38F
Artemis!FDF32B862997
Artemis!9B1881BB5192
Artemis!96C5E6FC8BBE

Is this sufficient, or will you need the actual files in order to whitelist them?

If so, how should I send them?

Best regards,

Roger

0 Kudos
vinoo
Level 13

Re: Possible False Positive - Artemis!90F2B20435A0

Hi Roger,

Thanks for reporting.

Do these files belong to a particular software company/package or are random suspected falses?

The detection names will suffice. I'll escalate these to our virus analyst to take a look.

Best,
Vinoo

0 Kudos
RogerMester
Level 7

Re: Possible False Positive - Artemis!90F2B20435A0

Dear Vinoo,

Thanks very much for your quick response.

Yes, all of these files are in use on various CDs and DVDs distributed by Macmillan Education.

They are dictionaries and various educational tools used by students of English.

Best,

Roger

0 Kudos
vinoo
Level 13

Re: Possible False Positive - Artemis!90F2B20435A0

Macmillan is using a custom packer to protect their files. This is causing antivirus vendors to heuristically trigger on these applications.

Most of them have been located and added to our whitelist. I'll send you offline the list of files for which we will require the actual file.

Best,
Vinoo

on 27/9/10 9:02:21 PM IST
0 Kudos
RogerMester
Level 7

Re: Possible False Positive - Artemis!90F2B20435A0

Vinoo,

Thanks.

Glad to hear that you could whitelist most of them right way.

I will send any files you request.

Best,

Roger

0 Kudos