We also tested typing at the end of the path: "* .dot" to specify the file type. And even entering the full file name does not work. It is the support which carried out the operation itself ... during the remote handling which will have lasted 2 hours. 😐
The sample was sent last week. The 1st threat has been ruled out. The problem is that the file was detected by suspecting it to be another trojan.
The last response from the support is "if a second threat has been detected, a new case must be opened by sending back the sample".
=> So not only is it not our responsibility that this file is detected by McAfee as a threat (by mistake). But, in addition, with each new detection, it is necessary to open each time a new ticket by returning the sample ...
And during this time, our production is impacted.
The resolution process is far too slow. We do not understand why it is not enough to specify an exclusion path. We are thinking about changing the anti-viral solution.
You wouldn't exclude the dot as *.dot, but use the file type section to add it there. It makes a difference where you put it for performance issues. However, since that didn't resolve your issue, I will make sure your case owner knows this was for a false detection and not a malicious one.
As for having to open new sr's, that is normal with a malware submission (even if it is for a false detection), but you can upload multiple samples to the one submission. When you go to the support site to submit a sample, just the action of submitting a sample will open a new SR. Just be sure in the notes to advise that this is a false detection submission.
Artemis detections might not adhere to the exclusions, but not sure why they wouldn't. You can temporarily, as a workaround, either lower the artemis level or disable heuristic detections (which is where this is being detected).
I am also going to move this over to the malware team so they can better address this.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
I think I have found the reason for this sudden change (discovery of false positives): I think my colleague has increased the level of GTI / Artemis sensitivity to the maximum.
Other observations made during the same period: slowness felt by our users, processes linked to scripts that hang ...
Do you know if these phenomena can also be linked to an increased level of heuristic analysis (GTI)? If so, how can we be sure (apart from lowering the level ...)?
I withdraw what I said in the previous message: the GTI level is set to Medium.
The support indicated to me yesterday that the problem should be resolved after sending the second sample: I have tested and the problem still persists. Support asked me to send the same sample for the third time. 😐
We are tired of this situation, I plan to deactivate GTI