0 Replies Latest reply on Nov 13, 2009 5:50 AM by exbrit

    "Artemis" & Other Possibly False Detections

    exbrit

      Artemis is the new "Active Protection" component of Security Center.

       

      It works by adding an extra heuristic layer to the detection engine, but instead of just detecting something it actually "calls home" to the virus database to double-check before labelling something as a possible threat.

       

      You should go to the Restore tab in Security Center and make sure that it is forwarded to the Threat Center (Avert Laboratories) as, if it is harmless, it will then be excluded from the database automatically.

       

      To send it to the Threat Center outside of Security Center.....

       

      First disable VirusScan:

       

      To temporarily turn off VirusScan do the following:

       

      Double-click the taskbar icon to open Security Center

      Click Advanced Menu (bottom left)

      Click Configure (left)

      Click Computer & Files (top left)

      You can disable VirusScan in the right-hand module and tell it for how long.

       

      Then click the Restore button (left & assuming it was quarantined) & restore the item.

       

      Send the file to Avert for analysis:

      http://vil.nai.com/vil/submit-sample.aspx

       

      or

       

      https://www.webimmune.net/default.asp

       

      or

       

      Email file to: virus_research@avertlabs.com

       

      When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP can be no more than 3 megabytes in size and can contain no more than 30 files.

      Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected. For False Positive submissions please have the word FALSE in the subject line of your e-mail.

       

      Also see *Unofficial* Increase In Size Of Submissions To Threat Center

       

      To be on the safe side scan with an outside anti-spyware agent such as SuperAntispyware (Free) or Malwarebytes (Free). Let them clean everything they find.

       

      See this FAQ regarding Artemis.

       

      It comes with and is configurable on Security Center 9.3 (the latest 2009 version) but it can be installed as an extra on the following McAfee versions:

       

      * 2008 McAfee® VirusScan Plus® / McAfee® Internet Security Suite / McAfee® Total Protection (SC v8.x)

      * 2009 McAfee® VirusScan Plus® / McAfee® Internet Security / McAfee® Total Protection (SC v.9.0)

       

      But it will NOT be configurable. The only way to turn it off is to uninstall it from Control Panel/Add or Remove Programs (XP), Programs/Uninstall a Program (Vista), where it will be listed separately.

       

      See: http://us.mcafee.com/en-us/landingpages/activeprotection.asp

       

      To configure it on SC9.x, double-click the taskbar icon to open Security Center

      Click Advanced Menu (bottom left)

      Click Configure (left)

      Click Computer & Files (top left)

      Click Advanced (right)

      Select Active Protection (left)

      You can turn it off at the right.

       

      (Not recommended)

       

       

      Message was edited by: Ex_Brit to correct some errors/bad links on 11/13/09 4:50 AM