my understanding is that Artemis is a technology to check file hashes against a database and not else. It is the heuristics that flags files as suspicious to trigger Artemis's check. So if this is true I rather see more polishing work on the heuristics techique than Artemis, although on the other hand, adding hashes to whitelists are a kind of solution as long as there are no identical (or similar) hashes for two files (one malicious and the other non-malicious).
In addition, what criteria is to be true for a file to be seen as suspicious? Can you obtain information on it?
my understanding is that Artemis is a technology to check file hashes against a database and not else. It is the heuristics that flags files as suspicious to trigger Artemis's check.
An undocumented function of Artemis that I've discoverd through much testing is that it contains some heuristic capacity. Artemis detections can be flagged on files that aren't registered as hashes in the Artemis database. The reasoning for this detection is based on packer used or some other criteria, rather than McAfee having seen the file as malicious previously.
So that's the sort of heuristic detection I don't want in their database - it causes too many false positives. The system has improved greatly over time, but there do seem to be some strange Artemis detection at times.
I agree, people are reporting a lot of false detections lately.
Very true friends.
Attila, mal and exbrit. I myself have raised quite a few requests about the same.
We all know that Artemis is great and has improved quite a lot over the time but yes, there is still a lot of room for it to reach that peak. Lots of false positives and of late as I have mentioned earlier, I am seeing the uninstal.exe file getting wiped off by Artemis. This is what I dont it to do.
A suggestion here is :-
May be McAfee team can do this :- When a user runs a scan, there should be way for the settings to be tune done in such a way that all the Artemis detections should not be oiutrightly deleted but rather, there must be an option for the Admin to either add them to their trusted list of programs or report for further analysis.
This will greatly help in adding on to the whitelisting database and would also prevent the innocent files from getting slaughtered. Obviously, this should be available in all the software but let the Admins do the same on their own risk because they would know what they are doing. As I understand, there may be a chance here where a not so technical user may unintentionally allow an otherwise malicious program. So, this should be one of those advanced settings which must be disabled by default but if need be, can be activated so that Artemis doesnt delete the file and the Admin doesnt have to keep doing the restore job.
What do you guys think ????
The ability to choose whether or not to let it delete files is an excellent point and one that we have been suggesting needs improvement for years, ever since it was removed from the consumer product about 7 years ago.
Moved to Artemis discussion area for housekeeping.
Any updates on the Malware detection capabilities ?
I see all the big talks and trumpets blowing about the Global threat intelligence engine, but McAfee AGAIN misses out on the prestigious VB 100 award. Come on !!!
Last test saw McAfee missing 4 in the wild malware and this time its 1. I mean, What is going wrong ??? Other freeware are doing an amazing job in keeping malware at bay but what is wrong with McAfee ? I was so very hopeful of McAfee regaining the top slot and coming back with a vengeance but things only seem to be going downhill...
McAfee.. I still am a faithful and a loyal user. Come on, show people like us that we are betting on the right horse here !!!
Could you paste here the link of the said test result (details)?
I wonder how this test is being prepared: do they allow submitters to install and configure the product to be tested on the platform that VBTN provides?
The link to that comparative is :-
You do need to sign up for free and I must say, if you are a free subscriber, then you can only check out the results but if you are ready to shell out the money, then you can become a magazine subscriber.