1 2 3 Previous Next 24 Replies Latest reply on Feb 2, 2011 12:28 AM by Attila Polinger Branched to a new discussion.

    Artemis improvement ?

      Hi,

       

      It feels great to be back in action in the community after a short hiatus.

       

      Last time, I had started a thread showing how Artemis keeps flagging innocent files of Ccleaner ( A free utility - Registry Cleaner) and Winrar.

       

      It will be great to see if we have any improvements in that regard. Artemis is a technology to be proud of however, I guess McAfee still needs to polish it further. For example :- If a file has been flagged as malicious due to whatever reasons, It should be analysed and be checked properly. Especially so, when the users report the matter. I still see winrar and its cousins being detected and deleted as trojans. Also, Artemis' new favourite is the uninstall.exe files in some programs.

       

      I see my McAfee deleteing such files and detecting them as Trojans. For example :- EA Sports Cricket uninstall.exe. Now tell me.. Is that really a virus ??? I beg to differ !!!

       

      The workaround ???

       

      How about this ? McAfee has millions of users worldwide and add to that the evolvement of GTI. Can we not have a fair system of analyzing the processes running on a particular machine and checking it with McAfee's VAST database of whitelisted applications and also adding them to cache ?

       

      That will help in reducing the system impact in scanning - both on demand and on access. Having said that, efforts should be taken to make sure that the moment feedback is recieved, a particular file should be outrightly added to the SAFE list after the analysis. This will reduce the false alarms and also shows that McAfee cares and is eager to have the user feedback.. Its very important that McAfee stays at the top when it comes to detections and does not raise any false alarms. Psst pssst.. The in the wild misses hurt a lot to the loyal McAfee users.. !!!

       

      Any one got a second thought about this ???

        • 1. Re: Artemis improvement ?
          Attila Polinger

          Hi Samir,

           

          my understanding is that Artemis is a technology to check file hashes against a database and not else. It is the heuristics that flags files as suspicious to trigger Artemis's check. So if this is true I rather see more polishing work on the heuristics techique than Artemis, although on the other hand, adding hashes to whitelists are a kind of solution as long as there are no identical (or similar) hashes for two files (one malicious and the other non-malicious).

           

          In addition, what criteria is to be true for a file to be seen as suspicious? Can you obtain information on it?

           

          Attila

          • 2. Re: Artemis improvement ?

            apoling wrote:

             

            Hi Samir,

             

            my understanding is that Artemis is a technology to check file hashes against a database and not else. It is the heuristics that flags files as suspicious to trigger Artemis's check.

             

            An undocumented function of Artemis that I've discoverd through much testing is that it contains some heuristic capacity. Artemis detections can be flagged on files that aren't registered as hashes in the Artemis database. The reasoning for this detection is based on packer used or some other criteria, rather than McAfee having seen the file as malicious previously.

             

            So that's the sort of heuristic detection I don't want in their database - it causes too many false positives. The system has improved greatly over time, but there do seem to be some strange Artemis detection at times.

            • 3. Re: Artemis improvement ?
              exbrit

              I agree, people are reporting a lot of false detections lately.

              • 4. Re: Artemis improvement ?

                Very true friends.

                 

                Attila, mal and exbrit. I myself have raised quite a few requests about the same.

                 

                We all know that Artemis is great and has improved quite a lot over the time but yes, there is still a lot of room for it to reach that peak. Lots of false positives and of late as I have mentioned earlier, I am seeing the uninstal.exe file getting wiped off by Artemis. This is what I dont it to do.

                 

                A suggestion here is :-

                 

                May be McAfee team can do this :- When a user runs a scan, there should be way for the settings to be tune done in such a way that all the Artemis detections should not be oiutrightly deleted but rather, there must be an option for the Admin to either add them to their trusted list of programs or report for further analysis.

                 

                This will greatly help in adding on to the whitelisting database and would also prevent the innocent files from getting slaughtered. Obviously, this should be available in all the software but let the Admins do the same on their own risk because they would know what they are doing. As I understand, there may be a chance here where a not so technical user may unintentionally allow an otherwise malicious program. So, this should be one of those advanced settings which must be disabled by default but if need be, can be activated so that Artemis doesnt delete the file and the Admin doesnt have to keep doing the restore job.

                 

                What do you guys think ????

                 

                 

                Sameer

                • 5. Re: Artemis improvement ?
                  exbrit

                  The ability to choose whether or not to let it delete files is an excellent point and one that we have been suggesting needs improvement for years, ever since it was removed from the consumer product about 7 years ago.

                   

                   

                  Message was edited by: Ex_Brit on 24/10/10 8:03:46 EDT AM
                  • 6. Re: Artemis improvement ?

                    Moved to Artemis discussion area for housekeeping.

                    • 7. Re: Artemis improvement ?

                      Any updates on the Malware detection capabilities ?

                       

                      I see all the big talks and trumpets blowing about the Global threat intelligence engine, but McAfee AGAIN misses out on the prestigious VB 100 award. Come on !!!

                       

                      Last test saw McAfee missing 4 in the wild malware and this time its 1. I mean, What is going wrong ??? Other freeware are doing an amazing job in keeping malware at bay but what is wrong with McAfee ? I was so very hopeful of McAfee regaining the top slot and coming back with a vengeance but things only seem to be going downhill...

                       

                      McAfee.. I still am a faithful and a loyal user. Come on, show people like us that we are betting on the right horse here !!!

                       

                       

                      Sameer

                      • 8. Re: Artemis improvement ?
                        Attila Polinger

                        Hello,

                         

                        Could you paste here the link of the said test result (details)?

                         

                        I wonder how this test is being prepared: do they allow submitters to install and configure the product to be tested on the platform that VBTN provides?

                         

                        Attila

                        • 9. Re: Artemis improvement ?

                          Hi Attila,

                           

                          The link to that comparative is :-

                           

                          http://www.virusbtn.com/vb100/latest_comparative/index

                           

                          You do need to sign up for free and I must say, if you are a free subscriber, then you can only check out the results but if you are ready to shell out the money, then you can become a magazine subscriber.

                           

                          Thank you

                           

                          Sameer

                          1 2 3 Previous Next