cancel
Showing results for 
Search instead for 
Did you mean: 

Artemis Bug in VSE 8.7

I ran across this YouTube video showing a bug with Artemis.

I'm seeing the same issue.

Has anyone else ran across this?

http://www.youtube.com/watch?v=aLCGAKOBy28

Thanks,

12 Replies
apoling
Level 14
Report Inappropriate Content
Message 2 of 13

Re: Artemis Bug in VSE 8.7

I've watched the video, my thoughts:

- first an actual copy operation occurred from Desktop to a harddisk folder. That triggered artemis.

- secondly only directory manipulation of the whereabouts of the file happened, no file operation occurred so no detection.

- on first ODS I'm not sure (was not confirmed) if Detect Unwanted programs checkbox was set (and if any action for Unwanted Programs have been set)

- The guy did not have Antispyware module installed.

- He should have checked the ODS log to see anything after all.

(On other hand I always suppress estimate calculation, the guy did not, apparently he thought ODS is examining the file very thoroughly, hence the delay.)

Attila

Re: Artemis Bug in VSE 8.7

Ok, so I decided to do my own testing.  I setup a secure VM enviroment for my testing.

Captured an Adware program that Artemis detected.

WinXP, VSE 8.7 P4 with Anti-Spyware module installed, Current DAT.

1. Copying the file from one folder to another in explorer does not set off the Artemis detection.

2. Copying the file to the desktop DOES set off the Artemis detection.

3. Ran ODS against the file with Artemis set to "very high" and nothing was detected not matter where the file was located.

4. Ran all the same test with the eicar test file and it was detected as soon as I touched the file no matter where it was located.

5. Also noticed that Artemis does not work at all if there is no network connection.

No sure if this Artemis technology is everything they say it is.

apoling
Level 14
Report Inappropriate Content
Message 4 of 13

Re: Artemis Bug in VSE 8.7

Artemis requires heuristics to be enabled, perhaps that was not so in the ODS.

Eicar test file is a "virus" so Artemis may not apply to it (not a suspicious program, that is.)

Artemis is a reverse DNS lookup so you may be able to capture it in a netmon or get alerted of it from the firewall or other device.

I'd be interested in your test can you direct me to your test file location?

Re: Artemis Bug in VSE 8.7

Here is the file that I have tested with.

http://download.cnet.com/SideStep-Toolbar/3000-12512_4-10285497.html

Has the same Atemis sig as in video.

apoling
Level 14
Report Inappropriate Content
Message 6 of 13

Re: Artemis Bug in VSE 8.7

I downloaded this file and scanned with right click scan ods, where

- macro and program heuristics were enabled,

- artemis was set to medium

- scan for unwanted fiels was enabled

- had antispyware module installed

- dat 6235, engine 5400.1158

- no exclusions applied during the ods.

and VSE 8.7 Patch 3 did not detect it as spyware or anything.

OAS should have detect and make action on it, when I was trying to save the file, so I'm curious if in your environment you experienced otherwise (recently).

Re: Artemis Bug in VSE 8.7

I wonder how many other files go undetected like this...

Re: Artemis Bug in VSE 8.7

I only got the detection when I copy it to my desktop.

Hope this helps,

Highlighted
apoling
Level 14
Report Inappropriate Content
Message 9 of 13

Re: Artemis Bug in VSE 8.7

Yes, I also got the detection after I have set Artemis to Medium (or higher) and copied onto the Desktop (we usually have it on Low where no detection occurred).

I submitted again to Virustotal, and I could see that most AV engines categorize this as Adware. Only remaining question what causes recognition upon copying to the Desktop and why no detecion occurs when copying to other folder even on another partition.

Hmmmm......

Will see if I have time to ask this from support...

Re: Artemis Bug in VSE 8.7

Correct me if I'm wrong, but Artemis is reputation-based software that goes out and looks (I'm guessing on some McAfee servers somewhere) to see if other users have found that file to be either good or bad, and then acts accordingly. If there isn't a network connection, then Artemis will not work.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community