6 Replies Latest reply on May 5, 2010 1:53 PM by Mal09

    Artemis! has blocked my FTP client. What to do?

      Hello,


      I've been using McAfee for years. I had recently bought a new computer, and when it's preloaded McAfee trial expired today I upgraded and added it to my existing account (3 other computers). Big mistake.


      I'm an independent game developer, and run my own website. I needed to update it today, which I had planned on doing after upgrading my McAfee subscription. However, I use a program called Wise FTP to upload files to my server, which I have used for years without issue. Some time after updating McAfee, I attempted to launch it from a shortcut but was unable to as it gave me "this program could not be found" messages.


      I dug into the folder I had installed it to and found that it's executable file was missing. Long story short, I eventually discovered that McAfee was now flagging it as a Trojan using it's Artemis system. I followed the instructions I found by searching this forum to disable VirusScan, but it continues to remove the file as soon as I unquarentine it.


      I've done some research on Artemis and found quite a number of similar complaints. I have to say that I'm deeply disappointed that a program I've come to trust and rely on has cost me so much time and effort over what should have been a non-issue. A simple option to permanantly un-quarantine a file would have saved me over three hours of lost productivity this afternoon - we're about to release a new game, so I'm extremely lucky that I thought to upload its web page early instead of waiting until everything else was live.


      Going from these instructions (http://community.mcafee.com/thread/2016), am I correct that I should send an email to virus_research@avertlabs.com with the subject line False and the file's Artemis name? And do I need to zip the file and send it to Avert for analysis? The file is wise_ftp.exe and the detection name is Artemis! 1A0B228AE5B2

       

      I am using McAfee SecurityCenter 10.0, build 10.0.580, and McAfee VirusScan Version 14.0, Build 14.0.309, DAT Version 5966, Engine Version 5400.1158.

       

      Thank you.

        • 1. Re: Artemis! has blocked my FTP client. What to do?
          exbrit

          Hi,

           

          I moved this to the Artemis section.  Yes just the email should be sufficient but be prepared to zip and pasword protect the file should they require it.    You would have to follow the guidelines I laid out in that thread you quoted in that case.

           

          You have to disable VirusScan before trying to restore it.

           

          Meanwhile now that this is in this section, it will most likely be read by someone from the Threat Center.

           

           

          Message was edited by: Ex_Brit on 28/04/10 7:56:08 EDT PM
          • 2. Re: Artemis! has blocked my FTP client. What to do?

            Thank you for the quick response. I have sent the first email as per your FAQ, so hopefully it will be resolved soon.

            • 4. Re: Artemis! has blocked my FTP client. What to do?
              SamSwift

              Hi,

               

              How big is the file? I can't see any submissions for it on this side. Did you get an auto response from us to say it had been received?

               

              Sam

              • 5. Re: Artemis! has blocked my FTP client. What to do?

                Yes. Yesterday I recieved an automatic email from Virus_Research@avertlabs.com:

                 

                File Name             Findings                       Detection                    Type          Extra
                --------------------|------------------------------|---------------------------- |------------|-----
                wise_ftp.exe         |inconclusive                  |                             |            |no  

                inconclusive  [wise_ftp.exe]                                                                         

                   Upon analysis the file submitted does not appear to contain  one of the 200,000 known  
                threats in the AutoImmune database. The  file may contain a new threat, or no code     
                capable of being  infected. Your submission is being forwarded to an McAfee Labs       
                Researcher  for further analysis. You will be contacted by McAfee through e-mail  with  
                the results of that  analysis.

                 

                It sounds like it did go through, unless the automatic system is incorrect?

                 

                The file is only 1,592KB, zipped and password protected.

                • 6. Re: Artemis! has blocked my FTP client. What to do?

                  gamedev93 wrote:

                   

                  Yes. Yesterday I recieved an automatic email from Virus_Research@avertlabs.com:

                   

                  File Name             Findings                       Detection                    Type          Extra
                  --------------------|------------------------------|---------------------------- |------------|-----
                  wise_ftp.exe         |inconclusive                  |                             |            |no  

                  inconclusive  [wise_ftp.exe]                                                                         

                     Upon analysis the file submitted does not appear to contain  one of the 200,000 known  
                  threats in the AutoImmune database. The  file may contain a new threat, or no code     
                  capable of being  infected. Your submission is being forwarded to an McAfee Labs       
                  Researcher  for further analysis. You will be contacted by McAfee through e-mail  with  
                  the results of that  analysis.

                   

                  Question for the McAfee Labs/Avert staffers:

                   

                  - Why is it that Webimmune can't yet scan for Artemis detections and handle them?

                  - Perhaps the "200,000 known threats" reference needs to be updated to a more modern number.