Today I received a number of notifications in ePO that a number of files on remote computers had a detection. All began with Suspect-AH! and I have never seen these before. A closer examination revealed that many of them were Word documents that had used multiple "." to break up the name of the document. I know that naming items in that fashion can be a flag but not a sole reason for deleting a file.
The product is VirusScan 220.127.116.119 with DAT 7063.0000. The scan engine is 5400.1158. I have not applied Patch 3 due to the fact that I do not have Windows 8 machines present. Artemis Sensitivity level: Medium.
The systems in question are Windows XPSP3 and Windows 7SP1 computers. All workstations, no servers.
\Documents and Settings\(%USERNAME%)\Local Settings\Temporary Internet Files\Content.Outlook\(%RANDOM%)\An.eaxmple.doc2010.doc
I replaced parts of the path with appropriate items to relay their import but hide personal details.
I did a search for Suspect-AH and did not find anything. Is this how Artemis files are being named now?
-- You should hear the way my brain works sometimes.