cancel
Showing results for 
Search instead for 
Did you mean: 

Re: GAM 2014.2 BETA

Hi

I'm more and more confused about the last link i've tested...

http://dl2.vip0installer.com/download/Base/450233/candide/java.exe

4 hours ago virus total detected with the MWG Engine the File as Artemis.

Using MWG 7.5.1 it was also detected once as Artemis.

10 minutes later the engine claims the Download as safe....

A few minutes ago virus total told me also the link is safe with the Webgateway engine....

AVGGeneric.74220150211
AVwareInstallIQ Installer (fs)20150211
AhnLab-V3PUP/Win32.SoftPulse20150211
Antiy-AVLRiskWare[Downloader:not-a-virus]/NSIS.Agent20150211
AvastWin32:Adware-gen [Adw]20150211
AviraAPPL/InstallIQ.Gen420150211
BkavW32.HfsAdware.D90620150211
ComodoApplication.Win32.InstallIQ.B20150211
DrWebAdware.Downware.971520150211
ESET-NOD32a variant of Win32/InstallIQ.A potentially unwanted20150211
FortinetRiskware/Agent20150211
GDataWin32.Application.InstallIQ.F20150211
K7AntiVirusUnwanted-Program ( 0040f9a91 )20150211
K7GWUnwanted-Program ( 0040f9a91 )20150211
Kasperskynot-a-virus:Downloader.NSIS.Agent.ij20150211
MalwarebytesPUP.Optional.SafeInstall.A20150211
NANO-AntivirusRiskware.Win32.Searcher.csnymk20150211
Qihoo-360HEUR/QVM41.1.Malware.Gen20150211
SophosInstallQ20150211
TrendMicro-HouseCallSuspicious_GEN.F47V020920150211
VBA32suspected of Trojan.Downloader.gen.h20150211
VIPREInstallIQ Installer (fs)20150211
ALYac20150211
...
1
McAfee20150211
McAfee-GW-Edition20150211
MicroWorld-eScan20150211

This is very strange to me..... (The link was also rated as malicious for about 1 hour... now it's uncategories again.)

@dstraube: yes the rule Set URL Filter Internal Settings is configured in our ruleset.

Highlighted
dstraube
Level 11
Report Inappropriate Content
Message 22 of 25

Re: GAM 2014.2 BETA

Hello,

detections with the name "Artemis" in it are based on a cloud lookup and based on the result of this. It's not a signature or heuristic based detection from the local engine.

The cloud database can change frequently, so consistency checks are a bit difficult, but I'll try to setup a test scenario with different MWG versions and engines to see if results vary a lot here. I'll keep you updated with my findings.

It might also be helpful if you can send a feedback from the machine to support, so we can check the rules to verify that there isn't a configuration problem somewhere.

Regards,

Dirk

Re: GAM 2014.2 BETA

The same with this link

http://dde.s.bdirectdownload-about.com/18/234/ct2346018/77b3db35525848c2b85103d2fc0c051a/Downloads/P...

AVGGeneric.23D20150210
Ad-AwareApplication.Generic.110567520150210
AvastWin32:Adware-BRM [PUP]20150210
ESET-NOD32Win32/Toolbar.Conduit.AE potentially unwanted20150210
F-SecureApplication.Generic.110567520150210
GDataWin32.Application.Agent.YTLEKV20150210
K7AntiVirusUnwanted-Program ( 004b1df11 )20150210
K7GWUnwanted-Program ( 004b1df11 )20150210
Kasperskynot-a-virus:WebToolbar.Win32.Agent.avw20150210
MalwarebytesPUP.Optional.ClientConnect20150210
MicroWorld-eScanApplication.Generic.110567520150210
NANO-AntivirusTrojan.Win32.ClientConnect.deinfe20150210
Qihoo-360HEUR/QVM30.1.Malware.Gen20150210

I would expect at least an answer like Kapersky....

Next One? http://down.trade010.com/software/kddsoft_@192@_68_51111.exe

AVGGeneric.23D20150210
Ad-AwareApplication.Generic.110567520150210
AvastWin32:Adware-BRM [PUP]20150210
ESET-NOD32Win32/Toolbar.Conduit.AE potentially unwanted20150210
F-SecureApplication.Generic.110567520150210
GDataWin32.Application.Agent.YTLEKV20150210
K7AntiVirusUnwanted-Program ( 004b1df11 )20150210
K7GWUnwanted-Program ( 004b1df11 )20150210
Kasperskynot-a-virus:WebToolbar.Win32.Agent.avw20150210
MalwarebytesPUP.Optional.ClientConnect20150210
MicroWorld-eScanApplication.Generic.110567520150210
NANO-AntivirusTrojan.Win32.ClientConnect.deinfe20150210
Qihoo-360HEUR/QVM30.1.Malware.Gen20150210

How can I get the same results with the new engine.... 

McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 24 of 25

Re: GAM 2014.2 BETA

The transferred file contained a virus and was therefore blocked.  URL:

http://down.trade010.com/software/kddsoft_@192@_68_51111.exe
Media Type: application/executable
Virus Name: McAfeeGW: BehavesLike.Win32.Pasta.tm

We have a GAM detection.

Minecraft is debatable...I think.

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
Troja
Level 14
Report Inappropriate Content
Message 25 of 25

Re: GAM 2014.2 BETA

Hi all,

in my environment:

software/kddsoft_@192@_68_51111.exe is detected as malware (McAfeeGW: BehavesLike.Win32.Pasta.tm)

SweetPlayer_TSV3GJMIY.exe -> not detected by GAM

SweetPlayer_TSV3GJMIY.exe -> on ATD the detection:

Android as default image, automatically select OS for 32/64bit systems: Gateway Anti-Malware detects Artemis!C42ECFF6163B, ATD no malicious behavior.

Cheers

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.