McAfee has just placed a PDF file, on their knowledgebase, that explains the changes being made in the upcoming McAfee VirusScan 8.7 Patch 2 repost.
One significant change is that they are enabling Artemis. It is being enabled for a "very low" setting. In the EPO environment is there anyone using this setting in their VirusScan 8.7i or 8.5i policies? I am concerned that it will generate more false positives.
On standalone VirusScan 8.7i packages it will be turned on by default. You can disable it via installation designer. Under EPO, the repost of Patch 2 will temporarily enable it until the next EPO policy enforcement.
Is Artemis a good or bad thing to enable for managed VirusScan 8.7i?
We just enabled it a few days ago at the default "Very Low" setting in a network of aprox 750 clients after testing it in a small branch of about 10 clients. So far, we've seen no real change or instances of false positives. One condition to our environment is that we also have a web appliance that does 1st line spyware/av filtering.
Disabled: Artemis Technology is turned off Very Low: Equivalent to next days DATs. Get tomorrow's protection today. Recommended initial configuration Low: Protection in addition to DATs. Medium: Used when the risk of regular exposure to malware is greater than the risk of a false positive. High: Recommended for deployment to systems or areas which are regulary infected. Very High: Recommended for use in email and On-Demand Scans on non-operating system volumes.