Hi
I'm more and more confused about the last link i've tested...
http://dl2.vip0installer.com/download/Base/450233/candide/java.exe
4 hours ago virus total detected with the MWG Engine the File as Artemis.
Using MWG 7.5.1 it was also detected once as Artemis.
10 minutes later the engine claims the Download as safe....
A few minutes ago virus total told me also the link is safe with the Webgateway engine....
AVG | Generic.742 | 20150211 |
AVware | InstallIQ Installer (fs) | 20150211 |
AhnLab-V3 | PUP/Win32.SoftPulse | 20150211 |
Antiy-AVL | RiskWare[Downloader:not-a-virus]/NSIS.Agent | 20150211 |
Avast | Win32:Adware-gen [Adw] | 20150211 |
Avira | APPL/InstallIQ.Gen4 | 20150211 |
Bkav | W32.HfsAdware.D906 | 20150211 |
Comodo | Application.Win32.InstallIQ.B | 20150211 |
DrWeb | Adware.Downware.9715 | 20150211 |
ESET-NOD32 | a variant of Win32/InstallIQ.A potentially unwanted | 20150211 |
Fortinet | Riskware/Agent | 20150211 |
GData | Win32.Application.InstallIQ.F | 20150211 |
K7AntiVirus | Unwanted-Program ( 0040f9a91 ) | 20150211 |
K7GW | Unwanted-Program ( 0040f9a91 ) | 20150211 |
Kaspersky | not-a-virus:Downloader.NSIS.Agent.ij | 20150211 |
Malwarebytes | PUP.Optional.SafeInstall.A | 20150211 |
NANO-Antivirus | Riskware.Win32.Searcher.csnymk | 20150211 |
Qihoo-360 | HEUR/QVM41.1.Malware.Gen | 20150211 |
Sophos | InstallQ | 20150211 |
TrendMicro-HouseCall | Suspicious_GEN.F47V0209 | 20150211 |
VBA32 | suspected of Trojan.Downloader.gen.h | 20150211 |
VIPRE | InstallIQ Installer (fs) | 20150211 |
ALYac | 20150211 | |
... | ||
1 | ||
McAfee | 20150211 | |
McAfee-GW-Edition | 20150211 | |
MicroWorld-eScan | 20150211 |
This is very strange to me..... (The link was also rated as malicious for about 1 hour... now it's uncategories again.)
@dstraube: yes the rule Set URL Filter Internal Settings is configured in our ruleset.
Hello,
detections with the name "Artemis" in it are based on a cloud lookup and based on the result of this. It's not a signature or heuristic based detection from the local engine.
The cloud database can change frequently, so consistency checks are a bit difficult, but I'll try to setup a test scenario with different MWG versions and engines to see if results vary a lot here. I'll keep you updated with my findings.
It might also be helpful if you can send a feedback from the machine to support, so we can check the rules to verify that there isn't a configuration problem somewhere.
Regards,
Dirk
The same with this link
AVG | Generic.23D | 20150210 |
Ad-Aware | Application.Generic.1105675 | 20150210 |
Avast | Win32:Adware-BRM [PUP] | 20150210 |
ESET-NOD32 | Win32/Toolbar.Conduit.AE potentially unwanted | 20150210 |
F-Secure | Application.Generic.1105675 | 20150210 |
GData | Win32.Application.Agent.YTLEKV | 20150210 |
K7AntiVirus | Unwanted-Program ( 004b1df11 ) | 20150210 |
K7GW | Unwanted-Program ( 004b1df11 ) | 20150210 |
Kaspersky | not-a-virus:WebToolbar.Win32.Agent.avw | 20150210 |
Malwarebytes | PUP.Optional.ClientConnect | 20150210 |
MicroWorld-eScan | Application.Generic.1105675 | 20150210 |
NANO-Antivirus | Trojan.Win32.ClientConnect.deinfe | 20150210 |
Qihoo-360 | HEUR/QVM30.1.Malware.Gen | 20150210 |
I would expect at least an answer like Kapersky....
Next One? http://down.trade010.com/software/kddsoft_@192@_68_51111.exe
AVG | Generic.23D | 20150210 |
Ad-Aware | Application.Generic.1105675 | 20150210 |
Avast | Win32:Adware-BRM [PUP] | 20150210 |
ESET-NOD32 | Win32/Toolbar.Conduit.AE potentially unwanted | 20150210 |
F-Secure | Application.Generic.1105675 | 20150210 |
GData | Win32.Application.Agent.YTLEKV | 20150210 |
K7AntiVirus | Unwanted-Program ( 004b1df11 ) | 20150210 |
K7GW | Unwanted-Program ( 004b1df11 ) | 20150210 |
Kaspersky | not-a-virus:WebToolbar.Win32.Agent.avw | 20150210 |
Malwarebytes | PUP.Optional.ClientConnect | 20150210 |
MicroWorld-eScan | Application.Generic.1105675 | 20150210 |
NANO-Antivirus | Trojan.Win32.ClientConnect.deinfe | 20150210 |
Qihoo-360 | HEUR/QVM30.1.Malware.Gen | 20150210 |
How can I get the same results with the new engine....
The transferred file contained a virus and was therefore blocked. URL:
http://down.trade010.com/software/kddsoft_@192@_68_51111.exe Media Type: application/executable Virus Name: McAfeeGW: BehavesLike.Win32.Pasta.tm |
We have a GAM detection.
Minecraft is debatable...I think.
Hi all,
in my environment:
software/kddsoft_@192@_68_51111.exe is detected as malware (McAfeeGW: BehavesLike.Win32.Pasta.tm)
SweetPlayer_TSV3GJMIY.exe -> not detected by GAM
SweetPlayer_TSV3GJMIY.exe -> on ATD the detection:
Android as default image, automatically select OS for 32/64bit systems: Gateway Anti-Malware detects Artemis!C42ECFF6163B, ATD no malicious behavior.
Cheers
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA