cancel
Showing results for 
Search instead for 
Did you mean: 

Re: GAM 2014.2 BETA

Hi

I'm more and more confused about the last link i've tested...

http://dl2.vip0installer.com/download/Base/450233/candide/java.exe

4 hours ago virus total detected with the MWG Engine the File as Artemis.

Using MWG 7.5.1 it was also detected once as Artemis.

10 minutes later the engine claims the Download as safe....

A few minutes ago virus total told me also the link is safe with the Webgateway engine....

AVGGeneric.74220150211
AVwareInstallIQ Installer (fs)20150211
AhnLab-V3PUP/Win32.SoftPulse20150211
Antiy-AVLRiskWare[Downloader:not-a-virus]/NSIS.Agent20150211
AvastWin32:Adware-gen [Adw]20150211
AviraAPPL/InstallIQ.Gen420150211
BkavW32.HfsAdware.D90620150211
ComodoApplication.Win32.InstallIQ.B20150211
DrWebAdware.Downware.971520150211
ESET-NOD32a variant of Win32/InstallIQ.A potentially unwanted20150211
FortinetRiskware/Agent20150211
GDataWin32.Application.InstallIQ.F20150211
K7AntiVirusUnwanted-Program ( 0040f9a91 )20150211
K7GWUnwanted-Program ( 0040f9a91 )20150211
Kasperskynot-a-virus:Downloader.NSIS.Agent.ij20150211
MalwarebytesPUP.Optional.SafeInstall.A20150211
NANO-AntivirusRiskware.Win32.Searcher.csnymk20150211
Qihoo-360HEUR/QVM41.1.Malware.Gen20150211
SophosInstallQ20150211
TrendMicro-HouseCallSuspicious_GEN.F47V020920150211
VBA32suspected of Trojan.Downloader.gen.h20150211
VIPREInstallIQ Installer (fs)20150211
ALYac20150211
...
1
McAfee20150211
McAfee-GW-Edition20150211
MicroWorld-eScan20150211

This is very strange to me..... (The link was also rated as malicious for about 1 hour... now it's uncategories again.)

@dstraube: yes the rule Set URL Filter Internal Settings is configured in our ruleset.

dstraube
Level 11
Report Inappropriate Content
Message 22 of 25

Re: GAM 2014.2 BETA

Hello,

detections with the name "Artemis" in it are based on a cloud lookup and based on the result of this. It's not a signature or heuristic based detection from the local engine.

The cloud database can change frequently, so consistency checks are a bit difficult, but I'll try to setup a test scenario with different MWG versions and engines to see if results vary a lot here. I'll keep you updated with my findings.

It might also be helpful if you can send a feedback from the machine to support, so we can check the rules to verify that there isn't a configuration problem somewhere.

Regards,

Dirk

Highlighted

Re: GAM 2014.2 BETA

The same with this link

http://dde.s.bdirectdownload-about.com/18/234/ct2346018/77b3db35525848c2b85103d2fc0c051a/Downloads/P...

AVGGeneric.23D20150210
Ad-AwareApplication.Generic.110567520150210
AvastWin32:Adware-BRM [PUP]20150210
ESET-NOD32Win32/Toolbar.Conduit.AE potentially unwanted20150210
F-SecureApplication.Generic.110567520150210
GDataWin32.Application.Agent.YTLEKV20150210
K7AntiVirusUnwanted-Program ( 004b1df11 )20150210
K7GWUnwanted-Program ( 004b1df11 )20150210
Kasperskynot-a-virus:WebToolbar.Win32.Agent.avw20150210
MalwarebytesPUP.Optional.ClientConnect20150210
MicroWorld-eScanApplication.Generic.110567520150210
NANO-AntivirusTrojan.Win32.ClientConnect.deinfe20150210
Qihoo-360HEUR/QVM30.1.Malware.Gen20150210

I would expect at least an answer like Kapersky....

Next One? http://down.trade010.com/software/kddsoft_@192@_68_51111.exe

AVGGeneric.23D20150210
Ad-AwareApplication.Generic.110567520150210
AvastWin32:Adware-BRM [PUP]20150210
ESET-NOD32Win32/Toolbar.Conduit.AE potentially unwanted20150210
F-SecureApplication.Generic.110567520150210
GDataWin32.Application.Agent.YTLEKV20150210
K7AntiVirusUnwanted-Program ( 004b1df11 )20150210
K7GWUnwanted-Program ( 004b1df11 )20150210
Kasperskynot-a-virus:WebToolbar.Win32.Agent.avw20150210
MalwarebytesPUP.Optional.ClientConnect20150210
MicroWorld-eScanApplication.Generic.110567520150210
NANO-AntivirusTrojan.Win32.ClientConnect.deinfe20150210
Qihoo-360HEUR/QVM30.1.Malware.Gen20150210

How can I get the same results with the new engine.... 

McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 24 of 25

Re: GAM 2014.2 BETA

The transferred file contained a virus and was therefore blocked.  URL:

http://down.trade010.com/software/kddsoft_@192@_68_51111.exe
Media Type: application/executable
Virus Name: McAfeeGW: BehavesLike.Win32.Pasta.tm

We have a GAM detection.

Minecraft is debatable...I think.

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 25 of 25

Re: GAM 2014.2 BETA

Hi all,

in my environment:

software/kddsoft_@192@_68_51111.exe is detected as malware (McAfeeGW: BehavesLike.Win32.Pasta.tm)

SweetPlayer_TSV3GJMIY.exe -> not detected by GAM

SweetPlayer_TSV3GJMIY.exe -> on ATD the detection:

Android as default image, automatically select OS for 32/64bit systems: Gateway Anti-Malware detects Artemis!C42ECFF6163B, ATD no malicious behavior.

Cheers

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community