9 Replies Latest reply on Jul 31, 2014 12:24 PM by killermobile Branched from an earlier discussion.

    Re: False Artemis!80A569BD65AA

    killermobile

      Hello again Nitin,

       

      It appears that our most recent update is again being flagged:

       

      Artemis!80A569BD65AA

       

      Please review and remove this.

       

      Regards

       

      Josh

        • 1. Re: False Artemis!80A569BD65AA
          Peacekeeper

          You need to go through  a submission as explained here

          http://vil.nai.com/vil/submit-sample.aspx

          when they reply post the analysis id number here and reply to the email changing the subject to False +ve and name of detection.

          say why the file is a false detection. If no fix in 4 days post back and I will chase up a tech. Nitin I assume rarely reads these posts.

          • 2. Re: False Artemis!80A569BD65AA
            killermobile

            Hello again Nitin,

             

            It appears that our most recent update is again being flagged:

             

            https://play.google.com/store/apps/details?id=com.killermobile.totalrecall

             

            Please review and remove this asap. If this keeps happening (as it has been for EVERY update), we will have to look into legal action as we were forced to with Avast recently.

             

            "Peacekeeper" - we've already submitted the file via email.......

             

            Regards

             

            Josh

            • 3. Re: False Artemis!80A569BD65AA
              Peacekeeper

              OK will stir the pot as well

              • 4. Re: False Artemis!80A569BD65AA
                vinoo

                Sample is now whitelisted.

                 

                You might want to follow the steps under https://kc.mcafee.com/corporate/index?page=content&id=KB67411 to pro-actively whitelist your software next time via the datasubmission@mcafee.com route.

                • 5. Re: False Artemis!80A569BD65AA
                  killermobile

                  Hello again Nitin, Vinoo & Peacekeeper

                   

                  It appears that our most recent update is again being flagged: Artemis!E41F663D6526

                   

                  https://play.google.com/store/apps/details?id=com.killermobile.totalrecall

                   

                  Please review and remove this asap, this is a constant vicious circle that is clearly a time burn for everyone. We've gone through the submission process over and over, and with every update, you start flagging our product again.

                   

                  "Peacekeeper" - we've already submitted the file via email....... (again, and again....)

                   

                  Regards

                  • 6. Re: False Artemis!80A569BD65AA

                    There really is no value in posting here every time - just submit your app in advance of public release, or when it gets triggered. You must be using some of the tricks that malware uses, packers, obfuscation etc to keep getting flagged.

                     

                    you should probably look at using metas can from OPSWAT prior to release as well.

                     

                    but again, no point posting here - you need to submit as you have done before.

                    • 7. Re: False Artemis!80A569BD65AA
                      killermobile

                      Because obfuscation is only used in Malware?? As for OPSWAT, we already use VirusTotal.com for this, but in this case, it's useless, because it takes weeks if not longer before we're flagged. With other companies, we've simply had to initiate legal action, which appears may be what we need to do in this case. Mcafee most certainly has the ability to white list this particular app, and considering it's a Play Store product, that's commercial in nature, there's absolutely no reason this can't be done.


                      It's just a matter of time before some developer finally takes one or more of these companies to court for defamation, and this will most certainly open a massive can of worms. False positives from so-called "anti virus" companies that don't even have competence to find actual malware are becoming far too frequent. It's a defame first, and check later mentality.

                       

                      Josh

                      • 8. Re: False Artemis!80A569BD65AA

                        Well before you make your decision, please remember the facts

                         

                        1. Artemis!80A569BD65AA and Artemis!E41F663D6526 are two completely different executables - they are different hashes which means they are NOT the same file. So, please remember we didn't "flag our file again" we flagged a completely new file.

                         

                        2. Artemis is not a condemnation that a program is malware, it's a warning that the file exhibits features and behaviour common to malware and should be considered suspicious until determined otherwise. Users get a choice as to how to react to this warning.

                         

                        So, since you pretty much know you're going to trigger Artemis, why not just send in your file BEFORE you launch? We can't whitelist things not yet created...

                         

                        And on the topic of Avast - let's review how Total.Recall dealt with them on their community. I am astounded their mods let the name calling go as far as it did without shutting down the thread. Very liberal of them.

                         

                        https://forum.avast.com/index.php?topic=140477.0

                        • 9. Re: False Artemis!80A569BD65AA
                          killermobile

                          1) Yes, I'm fully aware this isn't the same file, however it is an update of the same app. I mentioned in the post above that our "most recent update" was being flagged. Every time we release even a minor update, we go through this same ordeal.

                           

                          2) If that was only how users see it. Labeling an app as Artemis or a PUP to an end user may as well scream out virus or Trojan. Users simply don't distinguish between the various labels, ANY label means the app is bad to them, and this equates to lost sales & a damaged reputation. Imagine if your competitors started labeling your Mcafee app as a PUP? I'm certain your attorneys would be on this within hours.

                           

                          As for proactively submitting the file  - now that we know that this is an option, we most certainly will. But the issue of the current Artemis flagging remains (and we did submit the file through the proper channels already). But with that said, I'm certain you guys have the ability to do a deeper "fingerprinting" of applications so that the whitelisting of a minor app update can be automated?

                           

                          As for the Avast forum, it's exactly due to this (and the fact it was so clearly documented) and their utter refusal to resolve the issue (and yes, it is an issue as companies such as Avast, Mcaffee, etc simply do not have the right to incorrectly label applications as even "potentially" dangerous) that we escalated this to our Attorneys and resolved this quickly. Of course getting attorneys involved is expensive, so I'd prefer to simply resolve issues like this directly.

                           

                          Look, I'm not trying to be a big pain in the butt here - however it is frustrating that we're the ones that have to spend the time getting your company to treat our application as it should - as a legitimate, commercial application with millions of downloads and hundreds of thousands of paid users, that is quite simply one of the most legitimate, and one of the ONLY ad-free/tracking-code free app of it's kind found on the Play Store.

                           

                          Regards

                           

                          Josh