2 Replies Latest reply on Jun 2, 2017 10:44 AM by catdaddy

    False Artemis!01C023B8AD64

    hausi

      SuitcaseFusion5 - "Suitcase Fusion 5 v16.0.0.exe" extracts during the installation...

       

      Threat Event Log Information 

       

       

      Server ID:S990361
      Event Received Time:5/23/17 8:02:02 AM
      Event Generated Time:5/23/17 8:01:27 AM
      Agent GUID:8A38B3E2-3F06-11E7-149D-54EE7596BFE1
      Detecting Prod ID (deprecated):ENDP_AM_1050
      Detecting Product Name:McAfee Endpoint Security
      Detecting Product Version:10.5.0
      Detecting Product Host Name:C040067
      Detecting Product IPv4 Address:10.51.240.218
      Detecting Product IP Address:10.51.240.218
      Detecting Product MAC Address:0050b6cc2e5e
      DAT Version:2988.3
      Engine Version:5900.7806
      Threat Source Host Name:C040067
      Threat Source IPv4 Address:10.51.240.218
      Threat Source IP Address:10.51.240.218
      Threat Source MAC Address:
      Threat Source User Name:
      Threat Source Process Name:
      Threat Source URL:
      Threat Target Host Name:C040067
      Threat Target IPv4 Address:10.51.240.218
      Threat Target IP Address:10.51.240.218
      Threat Target MAC Address:
      Threat Target User Name:
      Threat Target Port Number:
      Threat Target Network Protocol:
      Threat Target Process Name:
      Threat Target File Path:C:\WINDOWS\TEMP\{4855E8D4-AE72-4EBF-9972-745CC9745816}\EXENW.EXE
      Event Category:Malware detected
      Event ID:1027
      Threat Severity:Critical
      Threat Name:Artemis!01C023B8AD64
      Threat Type:Trojan
      Action Taken:Delete
      Threat Handled:True
      Analyzer Detection Method:On-Access Scan

       

       

      Endpoint Security 

       

       

      Module Name:Threat Prevention
      Analyzer Content Creation Date:5/22/17 6:58:00 AM
      AMCore Content Version:2988.3
      Analyzer McAfee GTI Query:Yes
      Threat Detected On Creation:No
      Target Hash:01c023b8ad6410a5c2f0874f7f22c84b
      Target Name:EXENW.EXE
      Target Path:C:\WINDOWS\TEMP\{4855E8D4-AE72-4EBF-9972-745CC9745816}
      Target File Size (Bytes):106496
      Target Modify Time:5/23/17 8:01:13 AM
      Target Access Time:5/23/17 8:01:13 AM
      Target Create Time:5/23/17 8:01:13 AM
      Cleanable:Yes
      Task Name:On-Access Scan
      First Attempted Action:Clean
      First Action Status:Succeeded
      Second Attempted Action:Delete
      Second Action Status:Failed
      Description:Unknown
      Duration Before Detection (Days):0
      Attack Vector Type:Local System

       

      ...and the installation fails.