2 Replies Latest reply on Apr 2, 2013 9:29 AM by showvik

    Possible false positives  Artemis!83881CB35716

      We have seen this several times today after the setting on Artemis was mistakenly changed to "Very High".   We would like to run at that level, but need to avoid this type of false positive from occurring.   Can anyone determine whether this Artemis alert is valid or if it is a false positive please shut it down.

       

      Detecting Product Name: VIRUSCAN8800

      Detecting DAT Version: 7018.0000

      Detecting Engine Version: 5400.1158

      Analyzer Host Name: 9L4NHQ1

      Target Host Name: 9L4NHQ1

      Source IPv4 Address: 172.17.13.48

      Distinct Count of Analyzer Host Name: 1

      Threat Name: Artemis!83881CB35716

      Threat Type: Trojan

      Threat Category: Malware detected

       

      Go to the McAfee Labs website to view detailed information.  Enter in the threat name in section called, "Search the Threat Library".  There you will find an overview of the threat and removal information including minimum DAT version and engine version required.

       

      http://www.mcafee.com/us/mcafee-labs.aspx

       

      Number of events: 1

      Event Description: Infected file deleted.

      Threat Action Taken: deleted

      Target User Name: NT AUTHORITY\SYSTEM

      Source User Name:

      Count of Event Description: 1

      Target File Name: C:\Users\Gabriela_Rodriguez\TIREMOTE\TIRemoteService.exe

      Count of Target File Name: 1

      UTC: 03/19/13 18:50:50 UTC

       

      Detecting Product Name: VIRUSCAN8800

      Detecting DAT Version: 7018.0000

      Detecting Engine Version: 5400.1158

      Analyzer Host Name: 1VSH3M1

      Target Host Name: 1VSH3M1

      Source IPv4 Address: 172.17.13.37

      Distinct Count of Analyzer Host Name: 1

      Threat Name: Artemis!83881CB35716

      Threat Type: Trojan

      Threat Category: Malware detected

       

      Go to the McAfee Labs website to view detailed information.  Enter in the threat name in section called, "Search the Threat Library".  There you will find an overview of the threat and removal information including minimum DAT version and engine version required.

       

      http://www.mcafee.com/us/mcafee-labs.aspx

       

      Number of events: 1

      Event Description: Infected file deleted.

      Threat Action Taken: deleted

      Target User Name: NT AUTHORITY\SYSTEM

      Source User Name:

      Count of Event Description: 1

      Target File Name: C:\Users\Sofia_Cuan\TIREMOTE\TIRemoteService.exe

      Count of Target File Name: 1

      UTC: 03/19/13 18:46:02 UTC

       

      Message was edited by: Ex_Brit on 19/03/13 5:28:11 EDT PM