1 2 3 Previous Next 46 Replies Latest reply on Aug 15, 2013 10:26 AM by malware-alerts

    Artemis

    marlonmarota

      Hi

       

      we have Mcafee AV 8.8.0 and we are receiven this alert for many valid programa

       

      Artemis!F01A9A2D1E31

       

      is this a normal behavior????

       

      is ther a problem with DAT?????

      artemis.JPG

       

        • 1. Re: Artemis

          We are experiencing issues with this as well.

          • 2. Re: Artemis
            abaack

            Having the exact same problems... throughout the company.  On hold right now with support - hopefully this is not going to become a huge issue repairing deleted files.

             

            mcafee.jpg

            • 3. Re: Artemis

              We are in the same boat.   VS 8.8 with Artemis at Medium setting.   Over 10% of our clients, about 1000 unique exe files triggering 750+ Artemis detection IDs with No real virus detection identified.

              • 4. Re: Artemis
                carleyc

                I've diabled GTI for all systems due to this. I'm expecting McAfee to send some sort of notification on what happened here.

                • 5. Re: Artemis

                  We also disabled GTI for all systems.

                  • 6. Re: Artemis

                    McAfee just put out a tech article KB78993 about this error.

                     

                    They are advising this is NOT NOT  a DAT issue.

                     

                    They do not have a fix but recommend customers temporarily disable Global Threat Intelligence File Reputation until the issue is confirmed as resolved.  Text belwo

                     

                    Technical Articles

                     

                    Artemis false positive detections from Global Threat Intelligence

                    Technical Articles ID: KB78993

                    Last Modified: July 31, 2013

                    Environment

                     

                    McAfee Global Threat Intelligence

                     

                    Summary

                    This article will continue to be updated as additional information becomes available. Please check back for more information.

                     

                    Problem

                    McAfee has determined that Artemis/GTI File Reputation is producing some falsepositive detections in North America due to a server issue.

                    IMPORTANT: This is not an issue with the current McAfee DAT files.

                     

                    Cause

                    This is an issue with specific Global Threat Intelligence servers.

                     

                    Solution

                    McAfee is investigating this issue. This article will be updated as additional information becomes available.

                     

                    Workaround

                    McAfee recommends that customers temporarily disable Global Threat Intelligence File Reputation until this issue is confirmed as resolved.

                    • 7. Re: Artemis

                      Can someone advise how to shut GTI off on EPO??

                      • 8. Re: Artemis
                        Travler

                        Out of 2500+ systems, we've had 23 systems (a few machines had several files deleted, so there were 38 incidents) all within 2:24pm - 3:30pm Central time with none since then.  All machines had DAT 7152 from yesterday, so it does not seem to be a "bad dat".  The deleted files all appear legitimate.  There is no apparant pattern to which files were deleted.  There is also no pattern to the machines affected; their OSes are XP, Win7, 2008.  Our Artemis setting in ePO is set to "Low", although I am now setting it to "Disable" until we hear something.

                         

                         

                        EDIT:  While typing this, McAfee released the KB.  Sorry for the late info!

                         

                        Message was edited by: Travler on 7/31/13 3:49:52 PM GMT-06:00
                        • 9. Re: Artemis
                          carleyc

                          Policies for virus scan, on access, and on demand scanner.

                          Set artemis to disabled.

                          Send wakeup to push out the policies.

                           

                          not much time to talk now sorry hope this helps.

                          1 2 3 Previous Next