cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
omar_tx
omar_tx
Level 9
Report Inappropriate Content
Message 1 of 5
‎10-16-2018 07:58 AM

OneDrive.exe flagged as Trojan by Artemis (Artemis!12730C2F829E)

Jump to solution

GTI (Artemis) keeps flagging 'OneDrive.exe' as a Trojan.  This happens randomly with no specific actions taken to cause VSE to flag the file.  We have artemis sensitivity level set to Medium from our ePO server.  I've placed  the event notification details below.  Has anyone encountered this same issue? 

 

SYSTEM
Detected: 10/15/18 01:02:36 UTC
Received: 10/15/18 01:02:25 UTC
Agent GUID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Event Description: Infected file deleted.
Threat Event ID: 1027
Threat Type: Trojan
Severity: Alert
Threat Name: Artemis!12730C2F829E
Threat Handled: True
Threat Category: Malware detected
Action Taken: deleted
Target File Name: c:\Documents and Settings\XXXXXXXXXXX\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\OneDrive.exe

VirusScan Enterprise 8.8
Engine Version: 5900.7806
DAT Version: 9046.0000
Detection Method: (managed) Nightly Virus Scan (Workstations Only) OS Platform: Workstation OS Type: Windows 10

0 Kudos
Reply
3 Solutions

Accepted Solutions
chealey
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 5
‎10-16-2018 08:01 AM

Re: OneDrive.exe flagged as Trojan by Artemis (Artemis!12730C2F829E)

Jump to solution

Hi @omar_tx

Please create a malware support case and submit this file as a false positive submission. Our labs team will be able to perform an analysis and mark the file as trusted if it is indeed a false positive.

Requirements for submission can be found here: https://kc.mcafee.com/corporate/index?page=content&id=KB85567

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Reply
jess_arman
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 3 of 5
‎10-16-2018 08:02 AM

Re: OneDrive.exe flagged as Trojan by Artemis (Artemis!12730C2F829E)

Jump to solution

@omar_tx If you expect that you're experiencing a false positive detection, I would adivse that you follow the instructions in KB85567 to work with McAfee Labs on analysis, confirmation, and path to resolution. 

Please keep in mind that if you proceed to submit against automation, you may still need to call Support referencing your case number in order to get the quickest information regarding false positives.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Reply
Highlighted
jess_arman
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 5 of 5
‎10-16-2018 08:07 AM

Re: OneDrive.exe flagged as Trojan by Artemis (Artemis!12730C2F829E)

Jump to solution

@omar_tx I am not aware of this currently trending within Support calls as a concern. However, this does not mean that you are or aren't the only person potentially experiencing this.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Reply
4 Replies
chealey
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 5
‎10-16-2018 08:01 AM

Re: OneDrive.exe flagged as Trojan by Artemis (Artemis!12730C2F829E)

Jump to solution

Hi @omar_tx

Please create a malware support case and submit this file as a false positive submission. Our labs team will be able to perform an analysis and mark the file as trusted if it is indeed a false positive.

Requirements for submission can be found here: https://kc.mcafee.com/corporate/index?page=content&id=KB85567

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Reply
jess_arman
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 3 of 5
‎10-16-2018 08:02 AM

Re: OneDrive.exe flagged as Trojan by Artemis (Artemis!12730C2F829E)

Jump to solution

@omar_tx If you expect that you're experiencing a false positive detection, I would adivse that you follow the instructions in KB85567 to work with McAfee Labs on analysis, confirmation, and path to resolution. 

Please keep in mind that if you proceed to submit against automation, you may still need to call Support referencing your case number in order to get the quickest information regarding false positives.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Reply
omar_tx
omar_tx
Level 9
Report Inappropriate Content
Message 4 of 5
‎10-16-2018 08:04 AM

Re: OneDrive.exe flagged as Trojan by Artemis (Artemis!12730C2F829E)

Jump to solution
I am planning on doing so but i would like to know if this is not just isolated in our network. I have not seen any posts so far about onedrive.exe being flagged by artemis.
0 Kudos
Reply
Highlighted
jess_arman
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 5 of 5
‎10-16-2018 08:07 AM

Re: OneDrive.exe flagged as Trojan by Artemis (Artemis!12730C2F829E)

Jump to solution

@omar_tx I am not aware of this currently trending within Support calls as a concern. However, this does not mean that you are or aren't the only person potentially experiencing this.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Reply
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

      • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center