7 Replies Latest reply on Mar 17, 2014 2:57 PM by Peacekeeper

    Artemis!AEAAD6418270

    stingrayjg

      I have been using the program DVD95Copy since 2006 with no problems from Mcafee this whole time until this weekend. I downloaded a routine periodic update to the program and for the first time McAfee keeps popping up saying that a file has been quarantined automatically. I have consulted online with experts on the program who have told me that the file is not a threat and their advice was to "whitelist" it (which McAfee will not allow me to do) or to add it to the trusted file list (which McAfee will also not let me do.) If I go to the quarantine list and select the quarantined file and attempt to restore the file, it will restore the file but then about 5-10 minutes later, I get another pop-up saying that McAfee has once again quarantined it whether I used the program or not. (I would imagine maybe real-time scanning is doing this?) This file is a vital part of the program and it will not work with this file absent from its proper location in the folder. This is very annoying. The file either needs to be re-classified as a non-threat, or I need to be able to add it as a trusted file so this wrongful quarantine stops, but McAfee will not allow me to. Please help.

       

      P.S. - Just so we can save time, I have already also sent this as a false positive to the virus_research email address as recommended here:

      https://community.mcafee.com/thread/2016

      I also posted this here as the other recommendation the page gives.

      False Artemis screen.jpg

       

      on 3/17/14 1:13:22 AM CDT
        • 1. Re: Artemis!AEAAD6418270
          Peacekeeper

          Ok did the submit work ie did you get an immediate reply back with an analysis id included if not you submitted it incorrectly.

           

          If yes can you post the id number here and if you do not have a fix in 4 days post here and I will ping a lab tech to fix/investigate it.

           

          I assume you replied to teh reply as Peter suggested with false +ve in the subject?

           

          Message was edited by: Peacekeeper on 17/03/14 4:47:24 PM
          • 2. Re: Artemis!AEAAD6418270
            stingrayjg

            Thank you for the quick reply!

             

            I received a delivery receipt but not a reply.

            If I did it wrong, what should've been in the subject line and what (if anything) should've been in the body of the email??

            • 3. Re: Artemis!AEAAD6418270
              Peacekeeper

              You first submit the file zipped up with password infected.

              That gets you a reply an automatic hey we found xyz and sending it off to be checked with this is an analysis id that I need.

               

              You then reply to that email you got changing teh subject to False+ve and name of detection and say whay you feel it is a false detection. To this email you will not get any reply usually ill they sort it out.

              • 4. Re: Artemis!AEAAD6418270
                stingrayjg

                I just sent another email with the file in question attached in a zip file. (I did not create a password for it, is this required for some reason?)

                 

                It has been about 15 minutes and I have once again received a delivery receipt but no reply.

                 

                I know that 15 minutes is not  a long time but you are saying I should've received some kind of immediate reply, which I haven't.

                 

                What am I doing wrong??

                 

                For the initial first email, please tell me:

                1. What EXACTLY should I put in the subject line?

                2. What EXACTLY should be attached?

                3. What EXACTLY should be in the body of the email? (If anything)

                 

                I am assuming that virus_research@mcafee.com is the correct email address since I'm getting an almost immediate delivery receipt.

                 

                Thanks again for all your help. My frustration is all with McAfee, not you. They make this harder than it has to be, it seems.

                • 5. Re: Artemis!AEAAD6418270
                  Peacekeeper

                  No you must do it as this faq says in the link in your original post

                  See....How to Submit a file to the Labs for analysis: http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx

                   

                  Zip the file up after disabling Real time protection and password protect it with infected as teh password no other email will be opened by them.

                   

                  I prefer waiting for the reply then sending the fasle detection in the subject email that works  the other way will as well but I prefer suggesting adding false only to the reply email.

                  • 6. Re: Artemis!AEAAD6418270
                    stingrayjg

                    I used GetSusp to send the file to them, I got this reply back in my email just now:

                    Is this what you were asking for?

                    Thanks again for your guidance.

                     

                    -------------------------------

                     

                    From: Virus_Research@avertlabs.com [mailto:Virus_Research@avertlabs.com]
                    Sent: Monday, March 17, 2014 12:14 PM

                    Subject: 8035144 - gsusp_04CA760097C7_031714_115841 False Artemis!AEAAD6418270

                     

                    McAfee Labs - Beaverton                                                               

                    Current Scan Engine Version:5600.1067                                                 

                    Current DAT Version:7379.0000                                                         

                    Thank you for your submission.                                                        

                     

                    Analysis ID: 8035144

                     

                    File Name            Findings                       Detection                    Type         Extra

                    --------------------|------------------------------|---------------------------- |------------|-----

                    files.xml           |inconclusive                  |                            |            |no  

                    files.xsl           |inconclusive                  |                            |            |no  

                    getsusp.log         |inconclusive                  |                            |            |no  

                    getsusp.xml         |inconclusive                  |                            |            |no  

                    getsusp.xsl         |inconclusive                  |                            |            |no  

                    mcafee-product.txt  |inconclusive                  |                            |            |no  

                    network.xml         |inconclusive                  |                            |            |no  

                    network.xsl         |inconclusive                  |                            |            |no  

                    upddl.ex_           |inconclusive                  |                            |            |no  

                     

                    inconclusive [files.xml files.xsl getsusp.log getsusp.xml getsusp.xsl mcafee-product.txt          

                    network.xml network.xsl upddl.ex_]                                                    

                     

                       Automated analysis was not able to determine that this file is malware. This file is  

                    being sent for further processing and the DAT files will potentially be updated if    

                    detection of this sample is warranted.                                                

                     

                    Note –                                                                                

                     

                    Due to the prevalence of network gateway AV products, it is important that all        

                    submissions be zipped and the zip file password-protected (password - infected). Some 

                    products will reject an email that contains a virus that is not sent in this way. In  

                    addition, often we receive a file that appears not to have been infected, to find     

                    later that the file was infected when it left the sender, and was cleaned somewhere   

                    along the line.                                                                       

                     

                    Regards,                                                                              

                     

                     

                     

                    McAfee Labs                                                                           

                    • 7. Re: Artemis!AEAAD6418270
                      Peacekeeper

                      Yes if no fix in 4 days post back and I will expediate it