5 Replies Latest reply on Apr 3, 2012 5:05 AM by SamSwift

    false positive - Artemis!292689F07865

      This has been submitted alot, so i don't understand how this keeps getting detected.  I would have though this would have been fixed after the first 10,000 reports of this with Mektek and Mechwarrior 4's free release.  Cox Security Suite has been detecting this, and removing the .exe for the game now.  It's dumb that I have to disable the auto protection, just to play this game STILL.

        • 1. Re: false positive - Artemis!292689F07865

          Yes, I read the MekTek forum thread about this.


          It would have helped if you could have reminded us that what we're talking about is "MW4Mercs.exe", and that it keeps getting detected as a suspect file because it's encrypted and/or packed, just like some malware. The last submission to VirusScan on Feb. 4th showed 10 AV programs out of 43 flagging it as suspect.


          If you follow the instructions about uploading the file to McAfee for checking (here) it'll get put back on the whitelist again.


          btw, for whoever picks this up : there was a post in December (here), never answered, by a user (zeether)  who went back to the MekTek forum and grumbled about the lack of response. Can't say I blame him too much for that.

          • 2. Re: false positive - Artemis!292689F07865

            I ment no disrepect to them,  I just find it frusterating is all.  Trust me, I'm not a member of the mektek forums, but i have looked through it, and their's a lot of Norton /Mcafee hatred since the free download launched. 


            I've submitted the file to the lab with the email address in the post you linked.  I am just curious how this keeps ending up on the trojan list when so many have brought this up before?


            I thank you for your responce

            • 3. Re: false positive - Artemis!292689F07865

              Don't quote me on this, because the internal workings of the McAfee code are extremely mysterious and not for the eyes of mere mods like me  :-)


              - but I think it has to do with hash codes.


              If the developers change the code (for a game update, or to fix a bug) the file hash changes and I think that's part of what goes on the whitelist. Then the AV checks the stored hash against the new hash and it doesn't match. So : flagged as Artemis detection, on the assumption that it's been tainted by malware. There also has to be a way of doing a real-time check of the hash of a piece of software against a verified hash supplied by the software vendor, if this guy is right in what he says. Perhaps you only get an Artemis if there isn't a verified vendor-supplied hash, or the vendor forgets to update it.


              Well, I just set myself up as a hostage to fortune. I now await the scores of tech-savvy programmers who will shortly descend on me and gleefully point out just how wrong and misinformed I am. In my defence I will blame Wikipedia, as per usual  :-)


              There's a Wikipedia piece here on SHA-1, if you don't mind getting a headache after the first paragraph.

              • 4. Re: false positive - Artemis!292689F07865



                This false positive was fixed. We no longer detect this file. The required changes were made so that we do not detect it in future.





                Message was edited by: Showvik on 3/29/12 2:22:23 PM CDT


                Message was edited by: Showvik on 3/29/12 2:22:52 PM CDT
                • 5. Re: false positive - Artemis!292689F07865

                  Marking thread as assumed answered - please advise if you are still seeing an issue.