8 Replies Latest reply on Apr 18, 2011 7:38 PM by emtjoe

    False Detection - Artemis!59AAEDB31386

      McAfee keeps indentifying a game helper .exe file (HCNSUFZASLB.exe) and quarantines it.  Now I have read how to submit the file to McAfee for review and understand how to do it.  Here's the problem.  Even after I turn off Real Time Scanning, Scheduled Scanning, the Firewall, and Anti-Spam, McAfee still identifies and quarantines the file so that I cannot send it.  Short of unistalling McAfee, how in the heck do I get this file to you?  And the even bigger question, why won't McAfee give back the ability to ignore any file?  I have seen this mentioned in posts going back to late last year and yet nothing has been done. 

        • 1. Re: False Detection - Artemis!59AAEDB31386
          Vinod R

          Unlikely that the product will detect and remove a file if the protection is turned off correctly --

           

          The detection that you see is from McAfee Global Threat Intelligence and is based on detection seen across the globe and as a precation the file gets picked up-- detection will be updated in real time here(no need to wait for a full daily update) ...

           

           

          Could you please try to boot the machine is safe mode with networking ( protection and most non -microsoft) application would be disabled there anyway and submit the file and reference the analysis id here.

          • 2. Re: False Detection - Artemis!59AAEDB31386

            I was able to zip the file and send it in Safe Mode.  Thanks for the suggestion.  

            Analysis ID is : 6602550.  Got an immediate answer which stated as follows:

             

            File Name            Findings                       Detection                    Type         Extra

            --------------------|------------------------------|---------------------------- |------------|-----

            hcnsufzaslb.exe     |current detection             |generic pws.y!det           |Trojan      |no  

             

            current detection [hcnsufzaslb.exe]                                                                     

             

               The file received is infected and can be detected and removed with our current DAT    

            files and engine. It is recommended that you update your DAT and engine files and scan

            your computer again.                                                                  

             

            If you are not seeing this with the product you are using, please speak with technical

            support so that they can help you determine the cause of this discrepancy.            

             

            To find detailed information about viruses and other malware, please review McAfee    

            Labs' Virus Information Library:

             

            I have had the program for years and never had a problem until recently.  As far as turning off the protection and still having McAfee identify and quarantine the file I can post screen shots here.

             

            Thanks again for your help.

            • 3. Re: False Detection - Artemis!59AAEDB31386
              Vinod R

              I would love to see those screen shots but currently am held up with some thing else pressing....

               

              The detection is based on Threat Intelligence and is very dynamic and could change very rapidly based on the current threat landscape.

               

              In the mean time could you upload that file on to some common free online scan service such as www.virustotal.com to share the URL for the analysis page?

              • 4. Re: False Detection - Artemis!59AAEDB31386
                Vinod R

                forgot to mention---

                 

                Please reply to the automated mail after adding a FALSE before the current subject line

                • 5. Re: False Detection - Artemis!59AAEDB31386

                  Sumitted it to virustotal...it had already been submitted....here is the url: http://www.virustotal.com/file-scan/report.html?id=3c32dcc5970532aedecf296835e0c 9e3e7200a8edd1e967d9207bb04775fe0ca-1295782317

                   

                  Also submitted to your own Avert lab, here is that URL:  https://www.webimmune.net/ViewAnalysis.asp?AnalysisID=6602577

                   

                  Replied to the automated mail.  Guess there isn't much else I can do.

                  • 6. Re: False Detection - Artemis!59AAEDB31386
                    Vinod R

                    thanks for the virustotal link..... I checked the link and it seems that many anti-virus vendors are detecting that as a threat-- perhaps you might want to report that to the software vendor --- show them reference on Virus total----

                    • 7. Re: False Detection - Artemis!59AAEDB31386

                      Their reponse was an auto-email that told me how to turn off the firewalll in McAfee, like I didn't know how to do that already.  Unfortunately, most of these software vendors whose products are the "recipient" of the false positive are going to point right back at McAfee (and others) and say it is their responsibility to fix it and I somewhat agree with them.  McAfee needs to step up NOW and give users the ability to trust any file.   Otherwise. people will be moving on to other products that will give them that option.

                      • 8. Re: False Detection - Artemis!59AAEDB31386

                        I have to laugh.  Now instead of showing the threat as Artemis!59AAEDB31386 is says it is Generic PWS.y!det.  A rose by any other name.  I have downloaded a competitor's BETA IS program.  Hopefully this will get straightened out so that I can return to using McAfee....I HATE this competitor's product but it does let you choose any file that you want to trust.