GTI (Artemis) keeps flagging 'OneDrive.exe' as a Trojan. This happens randomly with no specific actions taken to cause VSE to flag the file. We have artemis sensitivity level set to Medium from our ePO server. I've placed the event notification details below. Has anyone encountered this same issue?
SYSTEM
Detected: 10/15/18 01:02:36 UTC
Received: 10/15/18 01:02:25 UTC
Agent GUID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Event Description: Infected file deleted.
Threat Event ID: 1027
Threat Type: Trojan
Severity: Alert
Threat Name: Artemis!12730C2F829E
Threat Handled: True
Threat Category: Malware detected
Action Taken: deleted
Target File Name: c:\Documents and Settings\XXXXXXXXXXX\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\OneDrive.exe
VirusScan Enterprise 8.8
Engine Version: 5900.7806
DAT Version: 9046.0000
Detection Method: (managed) Nightly Virus Scan (Workstations Only) OS Platform: Workstation OS Type: Windows 10
Solved! Go to Solution.
Hi @omar_tx
Please create a malware support case and submit this file as a false positive submission. Our labs team will be able to perform an analysis and mark the file as trusted if it is indeed a false positive.
Requirements for submission can be found here: https://kc.mcafee.com/corporate/index?page=content&id=KB85567
@omar_tx If you expect that you're experiencing a false positive detection, I would adivse that you follow the instructions in KB85567 to work with McAfee Labs on analysis, confirmation, and path to resolution.
Please keep in mind that if you proceed to submit against automation, you may still need to call Support referencing your case number in order to get the quickest information regarding false positives.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
@omar_tx I am not aware of this currently trending within Support calls as a concern. However, this does not mean that you are or aren't the only person potentially experiencing this.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Hi @omar_tx
Please create a malware support case and submit this file as a false positive submission. Our labs team will be able to perform an analysis and mark the file as trusted if it is indeed a false positive.
Requirements for submission can be found here: https://kc.mcafee.com/corporate/index?page=content&id=KB85567
@omar_tx If you expect that you're experiencing a false positive detection, I would adivse that you follow the instructions in KB85567 to work with McAfee Labs on analysis, confirmation, and path to resolution.
Please keep in mind that if you proceed to submit against automation, you may still need to call Support referencing your case number in order to get the quickest information regarding false positives.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
@omar_tx I am not aware of this currently trending within Support calls as a concern. However, this does not mean that you are or aren't the only person potentially experiencing this.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA