I've watched the video, my thoughts:
- first an actual copy operation occurred from Desktop to a harddisk folder. That triggered artemis.
- secondly only directory manipulation of the whereabouts of the file happened, no file operation occurred so no detection.
- on first ODS I'm not sure (was not confirmed) if Detect Unwanted programs checkbox was set (and if any action for Unwanted Programs have been set)
- The guy did not have Antispyware module installed.
- He should have checked the ODS log to see anything after all.
(On other hand I always suppress estimate calculation, the guy did not, apparently he thought ODS is examining the file very thoroughly, hence the delay.)
Ok, so I decided to do my own testing. I setup a secure VM enviroment for my testing.
Captured an Adware program that Artemis detected.
WinXP, VSE 8.7 P4 with Anti-Spyware module installed, Current DAT.
1. Copying the file from one folder to another in explorer does not set off the Artemis detection.
2. Copying the file to the desktop DOES set off the Artemis detection.
3. Ran ODS against the file with Artemis set to "very high" and nothing was detected not matter where the file was located.
4. Ran all the same test with the eicar test file and it was detected as soon as I touched the file no matter where it was located.
5. Also noticed that Artemis does not work at all if there is no network connection.
No sure if this Artemis technology is everything they say it is.
Artemis requires heuristics to be enabled, perhaps that was not so in the ODS.
Eicar test file is a "virus" so Artemis may not apply to it (not a suspicious program, that is.)
Artemis is a reverse DNS lookup so you may be able to capture it in a netmon or get alerted of it from the firewall or other device.
I'd be interested in your test can you direct me to your test file location?
I downloaded this file and scanned with right click scan ods, where
- macro and program heuristics were enabled,
- artemis was set to medium
- scan for unwanted fiels was enabled
- had antispyware module installed
- dat 6235, engine 5400.1158
- no exclusions applied during the ods.
and VSE 8.7 Patch 3 did not detect it as spyware or anything.
OAS should have detect and make action on it, when I was trying to save the file, so I'm curious if in your environment you experienced otherwise (recently).
Yes, I also got the detection after I have set Artemis to Medium (or higher) and copied onto the Desktop (we usually have it on Low where no detection occurred).
I submitted again to Virustotal, and I could see that most AV engines categorize this as Adware. Only remaining question what causes recognition upon copying to the Desktop and why no detecion occurs when copying to other folder even on another partition.
Will see if I have time to ask this from support...
Correct me if I'm wrong, but Artemis is reputation-based software that goes out and looks (I'm guessing on some McAfee servers somewhere) to see if other users have found that file to be either good or bad, and then acts accordingly. If there isn't a network connection, then Artemis will not work.