I have made a simple program using NSIS that opens a window just to demonstrate that Mcafee picks it up as Artemis!870717C635DC and BehavesLike.Win32.Dropper.nh
Below is the coding I used
MessageBox MB_YESNO "are you sure you want to install this application?" IDYES true IDNO false
DetailPrint "it's true!"
DetailPrint "it's false"
I am submitting this for false positive again since the problem was never solved when it comes to NSIS
Please don't submit junk like this - it just wastes everyones time. Are you seriously asking us to whitelist this program for 130million users?
We are not going to whitelist NSIS packages generally. Unfortunately it's used to install malware as well as legitimate software.
IF you have genuine software being flagged then by all means submit it - this example is just pointless.
This program is pointless, that is true and I have already mentioned that this is a test program just to demonstrate many programs that use nsis get flagged as threats by mcafee but no problem with other AVs. Also you should mind your language since you are a moderator here in this forum. This program might be pointless but as an example this is perfect, I never ask anyone to white list this particular program but asked why each and every program made with nsis detects as a threat mainly by mcafee.
What is the point of this program, clearly it does nothing however if you could post the virustotal analysis, this can be viewed easily. I have had the same problems with many programs made with NSIS. File a false positive and let them know about Safeboot's response as well since the way he talks.
II'm sorry if you are offended by my blunt response, but understand that by submitting this you stopped a researcher looking at a genuine Artemis response problem. Some real person stopped doing useful research and did something that added no value to anyone. Perhaps you can understand my frustration?
Here is the Virus Total Analysis - https://www.virustotal.com/en/file/1ff01ccb67e48384bb2c0a5540c9acbfc7277c60a7fa8b350b28dae4d654f111/...
Again both of you missing the point I am making here, This program is completely pointless, I am just saying no matter how pointless or worthwhile a program could be, still getting flagged as a threat by Mcafee. Why other AVs do not detect this as a threat, simply because they have a more sophisticated algorithm to scans files through, most importantly they are very alerted with false positives.
I repeat I am not talking about this particular program but programs made using NSIS as a whole. However I am glad that I cannot see Artemis detection any more yet Behaveslikewin32 persists
Yeah when you submit attach the virus total analysis as well, I am quiet sure if anything they will white list this program too but won't look at the big picture where all the programs getting detected.
You are saying NSIS programs are not useful? This is a detection that means no sense whatsoever. Either mcafee should be able to response to false submissions or stop detecting everything, period.
Of course not - I am telling you that creating pointless NSIS packages and submitting them because they are detected as behaving and acting like malware is not helping in any way to prove your point.
Artemis and and the behavioral engines are looking at the package and determining that it looks suspicious. Submitting more of the same isn't going to change that - in fact it's probably strengthening the argument.
But why only mcafee? Why not Symantec? Why not Bitdefender ?
Why all other AVs scans programs through and say it is harmless yet only mcafee detects'em all. I don't know weather to compliment or complaint