cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
feickholt
Level 10
Report Inappropriate Content
Message 21 of 25
‎02-11-2015 06:04 AM

Re: GAM 2014.2 BETA

Hi

I'm more and more confused about the last link i've tested...

http://dl2.vip0installer.com/download/Base/450233/candide/java.exe

4 hours ago virus total detected with the MWG Engine the File as Artemis.

Using MWG 7.5.1 it was also detected once as Artemis.

10 minutes later the engine claims the Download as safe....

A few minutes ago virus total told me also the link is safe with the Webgateway engine....

AVGGeneric.74220150211
AVwareInstallIQ Installer (fs)20150211
AhnLab-V3PUP/Win32.SoftPulse20150211
Antiy-AVLRiskWare[Downloader:not-a-virus]/NSIS.Agent20150211
AvastWin32:Adware-gen [Adw]20150211
AviraAPPL/InstallIQ.Gen420150211
BkavW32.HfsAdware.D90620150211
ComodoApplication.Win32.InstallIQ.B20150211
DrWebAdware.Downware.971520150211
ESET-NOD32a variant of Win32/InstallIQ.A potentially unwanted20150211
FortinetRiskware/Agent20150211
GDataWin32.Application.InstallIQ.F20150211
K7AntiVirusUnwanted-Program ( 0040f9a91 )20150211
K7GWUnwanted-Program ( 0040f9a91 )20150211
Kasperskynot-a-virus:Downloader.NSIS.Agent.ij20150211
MalwarebytesPUP.Optional.SafeInstall.A20150211
NANO-AntivirusRiskware.Win32.Searcher.csnymk20150211
Qihoo-360HEUR/QVM41.1.Malware.Gen20150211
SophosInstallQ20150211
TrendMicro-HouseCallSuspicious_GEN.F47V020920150211
VBA32suspected of Trojan.Downloader.gen.h20150211
VIPREInstallIQ Installer (fs)20150211
ALYac20150211
...
1
McAfee20150211
McAfee-GW-Edition20150211
MicroWorld-eScan20150211

This is very strange to me..... (The link was also rated as malicious for about 1 hour... now it's uncategories again.)

@dstraube: yes the rule Set URL Filter Internal Settings is configured in our ruleset.

0 Kudos
Reply
dstraube
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 22 of 25
‎03-03-2015 07:52 AM

Re: GAM 2014.2 BETA

Hello,

detections with the name "Artemis" in it are based on a cloud lookup and based on the result of this. It's not a signature or heuristic based detection from the local engine.

The cloud database can change frequently, so consistency checks are a bit difficult, but I'll try to setup a test scenario with different MWG versions and engines to see if results vary a lot here. I'll keep you updated with my findings.

It might also be helpful if you can send a feedback from the machine to support, so we can check the rules to verify that there isn't a configuration problem somewhere.

Regards,

Dirk

0 Kudos
Reply
feickholt
Level 10
Report Inappropriate Content
Message 23 of 25
‎02-09-2015 11:26 PM

Re: GAM 2014.2 BETA

The same with this link

http://dde.s.bdirectdownload-about.com/18/234/ct2346018/77b3db35525848c2b85103d2fc0c051a/Downloads/P...

AVGGeneric.23D20150210
Ad-AwareApplication.Generic.110567520150210
AvastWin32:Adware-BRM [PUP]20150210
ESET-NOD32Win32/Toolbar.Conduit.AE potentially unwanted20150210
F-SecureApplication.Generic.110567520150210
GDataWin32.Application.Agent.YTLEKV20150210
K7AntiVirusUnwanted-Program ( 004b1df11 )20150210
K7GWUnwanted-Program ( 004b1df11 )20150210
Kasperskynot-a-virus:WebToolbar.Win32.Agent.avw20150210
MalwarebytesPUP.Optional.ClientConnect20150210
MicroWorld-eScanApplication.Generic.110567520150210
NANO-AntivirusTrojan.Win32.ClientConnect.deinfe20150210
Qihoo-360HEUR/QVM30.1.Malware.Gen20150210

I would expect at least an answer like Kapersky....

Next One? http://down.trade010.com/software/kddsoft_@192@_68_51111.exe

AVGGeneric.23D20150210
Ad-AwareApplication.Generic.110567520150210
AvastWin32:Adware-BRM [PUP]20150210
ESET-NOD32Win32/Toolbar.Conduit.AE potentially unwanted20150210
F-SecureApplication.Generic.110567520150210
GDataWin32.Application.Agent.YTLEKV20150210
K7AntiVirusUnwanted-Program ( 004b1df11 )20150210
K7GWUnwanted-Program ( 004b1df11 )20150210
Kasperskynot-a-virus:WebToolbar.Win32.Agent.avw20150210
MalwarebytesPUP.Optional.ClientConnect20150210
MicroWorld-eScanApplication.Generic.110567520150210
NANO-AntivirusTrojan.Win32.ClientConnect.deinfe20150210
Qihoo-360HEUR/QVM30.1.Malware.Gen20150210

How can I get the same results with the new engine.... 

0 Kudos
Reply
MSchneider
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 24 of 25
‎02-10-2015 02:33 AM

Re: GAM 2014.2 BETA

The transferred file contained a virus and was therefore blocked.  URL:

http://down.trade010.com/software/kddsoft_@192@_68_51111.exe
Media Type: application/executable
Virus Name: McAfeeGW: BehavesLike.Win32.Pasta.tm

We have a GAM detection.

Minecraft is debatable...I think.

Michael Schneider
Senior Manager of PM
for Web Protection and UCE
(•‿•)
0 Kudos
Reply
Troja
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 25 of 25
‎02-10-2015 02:57 AM

Re: GAM 2014.2 BETA

Hi all,

in my environment:

software/kddsoft_@192@_68_51111.exe is detected as malware (McAfeeGW: BehavesLike.Win32.Pasta.tm)

SweetPlayer_TSV3GJMIY.exe -> not detected by GAM

SweetPlayer_TSV3GJMIY.exe -> on ATD the detection:

Android as default image, automatically select OS for 32/64bit systems: Gateway Anti-Malware detects Artemis!C42ECFF6163B, ATD no malicious behavior.

Cheers

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC