cancel
Showing results for 
Search instead for 
Did you mean: 
Regis
Level 12
Report Inappropriate Content
Message 1 of 38

SNS alert re: Artemis / GTI / heuristics.... in North America

Just received the SNS alert suggesting customers disable artemis/GTI file detection as there are false positives due to a server outage?

Can someone help my brain wrap around that?  How can a server issue cause GTI falses?   My best guess would be that absent a lot of checksums/known good entries somehow being available to be looked up,  some default rule which rates things unnecessarily higher risk perhaps takes over?    

I've only seen 2 complaints or issues all day today so I plan to sit tight for the moment in the primary customer environment.    But I wanted to make sure folks who follow this forum but who aren't signed up for SNS know about it.

"

McAfee has determined that Artemis/GTI File  Reputation is producing some false-positive detections in North America due  to a server issue. 

This is not a DAT issue.

We recommend that customers temporarily disable GTI. Please go  to KB78993 (https://kc.mcafee.com/corporate/index?page=content&id=KB78993)  for continuing updates.

We will provide further updates on the KB site and via SNS.

 

"

37 Replies
itnotes
Level 7
Report Inappropriate Content
Message 2 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

We are currently see issues with WebEx Communicator, McKesson PACS, and Opera. I have seen others reporting Oracle Client, FTP Clients, etc.

lamishi
Level 7
Report Inappropriate Content
Message 3 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

I got more than three Artemis detected messages today afternoon. McAfee quarantined Firecl.dll and firetray.exe first and then went on with internal IM app and Yahoo Messenger. When I tried to VPN to my work, I got a message that I don't remember now. I did find cbr*.* filee in windows\ temp folder.

Right now, running a virus scan in Safe Mode. Waiting for company's helpdesk support.

lamishi
Level 7
Report Inappropriate Content
Message 4 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

Based on the SNS alert, I should not have restarted my computer. One of my colleague's laptop also got infected but he did not restart his machine yet and looks like everything is working fine for him.

cdobol
Level 10
Report Inappropriate Content
Message 5 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

We got hit by this pretty hard.  Over 1600 machines impacted and 1000+ unique detections.  Restoring via current method is not an option (one detection name at a time).  We are waiting for some sort of batch restore from McAfee.  I hope they ar able to produce something...

wwarren
Level 15
Report Inappropriate Content
Message 6 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

>I hope they ar able to produce something...

We have people working on it.

Keep an eye on KB78993. It will be updated once we have something solid.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
cdobol
Level 10
Report Inappropriate Content
Message 7 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

Thank you.. appreciate the response wwarren.

itnotes
Level 7
Report Inappropriate Content
Message 8 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

Good to hear. We are over 15,000 devices with over 9000+ unique detections.

Additional applications RightFax and DSS Player.

cdobol
Level 10
Report Inappropriate Content
Message 9 of 38

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

Does anyone from McAfee have a time estimate for a release of some sort of tool?  I'm trying to decide if I should try to get some sleep or not. 

Re: SNS alert re: Artemis / GTI / heuristics.... in North America

Yes. Expect it in the next hour.