Could you copy that file being detected to the hard disk and then submit the same to www.webimmune.net and let us know the submission id.
Note: You may want to disable the protection by click on Virus scan > Real Time scanning > Off for 15 mins prior to copying the file. (Also check and see the extact file getting detected ... and try submitting that file)
feel free to post back for further help/clarification
Please refer to:
was that the Autoruns.exe file from an original disk? If yes this might update soon as the detection is based on Global Threat Inteligence, which detects and takes evasive action and is purely automated.
Unless a large number of detections are triggered these are likely to be detected and analyzed by a human and whitelisted if found safe.
If you do not see a reponse / update in the next 2-3 days do let us know on the thread. We will flag of someone to assist you .
Yes it was copied directly from disk to hard drive to McAfee.
WebImmune determined that there was a threat and responded:
"The file received may contain a potential virus or trojan threat identified heuristically. This potential threat was identified with our most powerful set of heuristic DAT drivers. Heuristic drivers can cause false-positive identifications, as such, this issue is being escalated to McAfee Labs for a thorough review.
In the meantime, it is recommended that you update your DAT and engine files and scan your computer again. You will be contacted through e-mail with the results of our analysis."
I have ran update and done a scan again. No change.
request to give somemore time on it.
Please clarify the statement.
Do you want me to request McAfee to spend more time on it?
Is McAfee requesting more time to analyze?
the detection has been escalated to a human and once analyzed an update will be send out. The artemis detection that you see is a clever detection technique that uses behaviour and pattern of the files on machines and automatically decides the course of action to take based on what machines across the world has seen. ( This reduces the gap from detection to remediation from days to minutes).... however as indicated in the sytstem mail as its automated to verify that the detection is 100 % genuiue a human intervenes later. ( normaly in a few hours time.. or the next day).
So in effect i request you to wait for a day till the detection is updated or flagged clear by the Labs. If you do not see that working feel free to reply to the original mail and /or post on this thread.
In the meantime I will also flag off this submission id to forum volunteer from the labs.
hope that helps
Thank you very muc for this clarification.
I will wait for the response.
Thanks for reporting. The file has been whitelisted - give it 30 mins for the Artemis detection to go away.