cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New detections starting with SUSPECT-

Today I received a number of notifications in ePO that a number of files on remote computers had a detection. All began with Suspect-AH! and I have never seen these before. A closer examination revealed that many of them were Word documents that had used multiple "." to break up the name of the document. I know that naming items in that fashion can be a flag but not a sole reason for deleting a file.

The product is VirusScan 8.8.0.849 with DAT 7063.0000. The scan engine is 5400.1158. I have not applied Patch 3 due to the fact that I do not have Windows 8 machines present. Artemis Sensitivity level: Medium.

The systems in question are Windows XPSP3 and Windows 7SP1 computers. All workstations, no servers.

An example:

\Documents and Settings\(%USERNAME%)\Local Settings\Temporary Internet Files\Content.Outlook\(%RANDOM%)\An.eaxmple.doc2010.doc

I replaced parts of the path with appropriate items to relay their import but hide personal details.

In ePO:

Threat Name:Suspect-AH!299E2451731C
Threat Type:Trojan
Action Taken:Deleted
Threat Handled:true

I did a search for Suspect-AH and did not find anything. Is this how Artemis files are being named now?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community