cancel
Showing results for 
Search instead for 
Did you mean: 
jn56
Level 7

Possible False Positive Artemis!934AA218BD58

As of this morning we are seeing VSE actively deleting a file QSR.EXE as being a potential threat (Artemis!934AA218BD58)

This EXE file is associated with Quest Toad for Data Analysts 2.5.1 and was actively in use in our environment.

Can you please research/revise your heuristic scan parameters for this file?

Thanks,

Jeff Namba

CalPERS

Enterprise Desktop Customer Services unit

10 Replies
jn56
Level 7

Re: Possible False Positive Artemis!934AA218BD58

Additional information from EPO log

"Threat" Target File Path: C:\Program Files (x86)\Quest Software\Toad for Data Analysts 2.5.1\QSR\qsr.exe

Event Category: Malware detected

Action taken: Deleted

Threat handled: True

0 Kudos
jin
Level 7

Re: Possible False Positive Artemis!934AA218BD58

Saw the same report in my environment. Looks like dat 6578 identified the file as a trojan.

0 Kudos
CampingKev
Level 7

Re: Possible False Positive Artemis!934AA218BD58

I have same false positive detectionsin popping up today in my environment.  McAfee 8.7, DAT 6577, Engine 5400.1158.

C:\Program Files\Quest Software\Toad for Data Analysts 2.5.1\QSR\qsr.exe

0 Kudos
PPH
Level 7

Re: Possible False Positive Artemis!934AA218BD58

I have just got this same alert today in our environment (VSE 8.8) on the same path as well. Hope McAfee responds to this post ASAP.

0 Kudos
twigsirl
Level 7

Re: Possible False Positive Artemis!934AA218BD58

Seen the same as well today in our environment.

0 Kudos
SMSAdmin
Level 7

Re: Possible False Positive Artemis!934AA218BD58

We are being affected by this issue as well.  I've opened a case with Platinum support and they state they have suppressed detection via Artemis.  They state it may also be detected as another threat.  They have provided us with an ExtraDAT for this detection. 

0 Kudos
fbilotta
Level 7

Re: Possible False Positive Artemis!934AA218BD58

We have the same issue and opened up a ticket with support.

Yesterday they had us exclude the path in the high risk, low risk and general on-access policies. That did not work.

Neither did the latest DATs. We just tried excluding just the qsr.exe file and that seems to work, but not a viable permanent solution.

I

Message was edited by: fbilotta on 1/6/12 8:17:33 AM GMT-06:00
0 Kudos
hrd
Level 7

Re: Possible False Positive Artemis!934AA218BD58

Similiar issue; the QSR.EXE file associated with Quest Toad for Data Analysts 2.5.1 has been identified as  detected as "Generic Malware.bj!c"  and detection type "Trojan". Please provide feedback or correct product for misidentified signature. 

0 Kudos
SMSAdmin
Level 7

Re: Possible False Positive Artemis!934AA218BD58

The extra.dat file that was issue to us yesterday is supposed to suppress detection for that threat as well.

0 Kudos