Just received the SNS alert suggesting customers disable artemis/GTI file detection as there are false positives due to a server outage?
Can someone help my brain wrap around that? How can a server issue cause GTI falses? My best guess would be that absent a lot of checksums/known good entries somehow being available to be looked up, some default rule which rates things unnecessarily higher risk perhaps takes over?
I've only seen 2 complaints or issues all day today so I plan to sit tight for the moment in the primary customer environment. But I wanted to make sure folks who follow this forum but who aren't signed up for SNS know about it.
McAfee has determined that Artemis/GTI File Reputation is producing some false-positive detections in North America due to a server issue.
This is not a DAT issue.
We recommend that customers temporarily disable GTI. Please go to KB78993 (https://kc.mcafee.com/corporate/index?page=content&id=KB78993) for continuing updates.
We will provide further updates on the KB site and via SNS.
We are currently see issues with WebEx Communicator, McKesson PACS, and Opera. I have seen others reporting Oracle Client, FTP Clients, etc.
I got more than three Artemis detected messages today afternoon. McAfee quarantined Firecl.dll and firetray.exe first and then went on with internal IM app and Yahoo Messenger. When I tried to VPN to my work, I got a message that I don't remember now. I did find cbr*.* filee in windows\ temp folder.
Right now, running a virus scan in Safe Mode. Waiting for company's helpdesk support.
Based on the SNS alert, I should not have restarted my computer. One of my colleague's laptop also got infected but he did not restart his machine yet and looks like everything is working fine for him.
We got hit by this pretty hard. Over 1600 machines impacted and 1000+ unique detections. Restoring via current method is not an option (one detection name at a time). We are waiting for some sort of batch restore from McAfee. I hope they ar able to produce something...
>I hope they ar able to produce something...
We have people working on it.
Keep an eye on KB78993. It will be updated once we have something solid.
Does anyone from McAfee have a time estimate for a release of some sort of tool? I'm trying to decide if I should try to get some sleep or not.