cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 31 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

We kept it enabled on our NSM and Firewall as well.  From the type of issue that was happening I didn't feel it impacted those devices in a way that would harm traffic flows.

Highlighted
Level 9
Report Inappropriate Content
Message 32 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

brentil, have you enabled Artemis on VirusScan again? Also, how many nodes if you don't mind answering? I am trying to make the case to enable Artemis again as it a line of defense that we rely on for preventing newer types of malware.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 33 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

jperry wrote:

brentil, have you enabled Artemis on VirusScan again? Also, how many nodes if you don't mind answering? I am trying to make the case to enable Artemis again as it a line of defense that we rely on for preventing newer types of malware.

We have 400 user nodes and 50 server nodes.

I've told McAfee support that I do not intend to enable Artemis/GTI again until they've answered several questions relating to this issue as well as what they're doing to ensure this never happens again.  Support informed me they could not provide details at this time but that there was an official response being drafted.  Once that response is drafted then I'll consider enabling it again.  Until then though it's staying in the disabled state.

Highlighted
Level 9
Report Inappropriate Content
Message 34 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

Thanks for the details. I will also post here that McAfee released an updated version of the restore from quarantine tool overnight. Based on intially testing it is still not working on all systems even though it is reporting it ran successfully.

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

I saw the alerts streaming in and disabled Artemis right away. 1445 files across 2,000 workstations. I pushed pretty hard to have Artemis used in the workplace so I suspect that I will be defending that a lot over the next couple of days.

Highlighted
Level 12
Report Inappropriate Content
Message 36 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

Valkyrja wrote:

I saw the alerts streaming in and disabled Artemis right away. 1445 files across 2,000 workstations. I pushed pretty hard to have Artemis used in the workplace so I suspect that I will be defending that a lot over the next couple of days.

In security, no good deed goes unpunished at some point ... especially when your vendor's software conspires against you. 

I really hate when the risk of security controls tips to be worse than not having the control. 

But alas, it seems an endemic risk to the game we all have to play in this industry.     Bad times.  

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 37 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

Did anyone get issues even if the files got restored?

I'm specifically talking about HIPS files.

We got close to 2000 machines where HIPS had files deleted

We've used the tool to restore them, and it did restore on the machines where the quarantine isn't empty or not corrupted but even with the files restored, HIPS is still not running correctly on the machine depending on what was removed.

We're still involved with Platinum support to fix this but I was just wondering if others have validated that on the systems where HIPS files got removed if HIPS is actually running fine.

Here we had hipsvc.exe(HIPS 7) and other files that when deleted the service that goes with it got deleted too automatically so when recovering the file, the service isn't recovered in most cases therefore the HIPSCore service isn't running on those machines anymore.

So this might be something that you guys can check on your side and let me know if you're in the same boat.

So far I'm still dealing with this error with GTI since it happenned and don't have a solution that works 100% of the time.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 38 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

We luckily had a smaller number of HIPS machines impacted.  We ended up using ePO to uninstall HIPS8 from the machines impacted and then pushed it back out to them.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community