cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cpc464
Level 8
Report Inappropriate Content
Message 1 of 4
‎02-21-2020 06:12 AM

Re: VirusScan/EPO : Force DAT update ?

We also tested typing at the end of the path: "* .dot" to specify the file type. And even entering the full file name does not work. It is the support which carried out the operation itself ... during the remote handling which will have lasted 2 hours. 😐

The sample was sent last week. The 1st threat has been ruled out. The problem is that the file was detected by suspecting it to be another trojan.
The last response from the support is "if a second threat has been detected, a new case must be opened by sending back the sample".
=> So not only is it not our responsibility that this file is detected by McAfee as a threat (by mistake). But, in addition, with each new detection, it is necessary to open each time a new ticket by returning the sample ...
And during this time, our production is impacted.

The resolution process is far too slow. We do not understand why it is not enough to specify an exclusion path. We are thinking about changing the anti-viral solution.

0 Kudos
Reply
3 Replies
Highlighted
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4
‎02-24-2020 04:21 AM

Re: VirusScan/EPO : Force DAT update ?

You wouldn't exclude the dot as *.dot, but use the file type section to add it there.  It makes a difference where you put it for performance issues.  However, since that didn't resolve your issue, I will make sure your case owner knows this was for a false detection and not a malicious one.  

As for having to open new sr's, that is normal with a malware submission (even if it is for a false detection), but you can upload multiple samples to the one submission.  When you go to the support site to submit a sample, just the action of submitting a sample will open a new SR.  Just be sure in the notes to advise that this is a false detection submission.

Artemis detections might not adhere to the exclusions, but not sure why they wouldn't.  You can temporarily, as a workaround, either lower the artemis level or disable heuristic detections (which is where this is being detected).

I am also going to move this over to the malware team so they can better address this.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Highlighted
cpc464
Level 8
Report Inappropriate Content
Message 3 of 4
a month ago

Re: VirusScan/EPO : Force DAT update ?

Hello everybody,

I think I have found the reason for this sudden change (discovery of false positives): I think my colleague has increased the level of GTI / Artemis sensitivity to the maximum.

Other observations made during the same period: slowness felt by our users, processes linked to scripts that hang ...
Do you know if these phenomena can also be linked to an increased level of heuristic analysis (GTI)? If so, how can we be sure (apart from lowering the level ...)?

Thanks

 

Reply
Highlighted
cpc464
Level 8
Report Inappropriate Content
Message 4 of 4
a month ago

Re: VirusScan/EPO : Force DAT update ?

Hi

I withdraw what I said in the previous message: the GTI level is set to Medium.
The support indicated to me yesterday that the problem should be resolved after sending the second sample: I have tested and the problem still persists. Support asked me to send the same sample for the third time. 😐
We are tired of this situation, I plan to deactivate GTI

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC