Today I received a number of notifications in ePO that a number of files on remote computers had a detection. All began with Suspect-AH! and I have never seen these before. A closer examination revealed that many of them were Word documents that had used multiple "." to break up the name of the document. I know that naming items in that fashion can be a flag but not a sole reason for deleting a file.
The product is VirusScan 18.104.22.1689 with DAT 7063.0000. The scan engine is 5400.1158. I have not applied Patch 3 due to the fact that I do not have Windows 8 machines present. Artemis Sensitivity level: Medium.
The systems in question are Windows XPSP3 and Windows 7SP1 computers. All workstations, no servers.
\Documents and Settings\(%USERNAME%)\Local Settings\Temporary Internet Files\Content.Outlook\(%RANDOM%)\An.eaxmple.doc2010.doc
I replaced parts of the path with appropriate items to relay their import but hide personal details.
I did a search for Suspect-AH and did not find anything. Is this how Artemis files are being named now?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.