1 2 3 Previous Next 20 Replies Latest reply on May 28, 2014 6:43 AM by exbrit

    False Artemis!33AFE2F3942E

    sunnyhongyang

      Hi, Dear Sir

          We are Elex do Brasil Participa es Ltda,the file submitted is a product we produce and publish.  It is a online-downloader for Yac.

          However, they have encountered a false positive problem with McAfee Artemis recently. 

          The reported threat name is "Artemis!33AFE2F3942E" .

       

          Please do have a check immediately, and clear the false alarm,  I have attached the file in the attachment, the zip file's password is "infected", minus "".

       

          Thank you for your attention.

       

          Looking forward to your kindly reply.

       

          Best regards. 

       

      Message was edited by: Peacekeeper on 27/05/14 3:36:12 PM
        • 1. Re: False Artemis!33AFE2F3942E
          catdaddy

          There are method,s to submit possible infections to McAfee labs. Please refrain from posting "Possible Malicious" attachments, for the safety of others. One method to use, is  run the McAfee Getsusp Tool,which can be found below my Signature (Second Link)

           

          Add your Email address under "Preferences",before scanning.

           

          Posting Samples is against Forum policies...

           

          Regards,

           

          The other method to submit samples,can be found HERE

           

          Message was edited by: catdaddy on 5/27/14 12:02:48 AM EDT
          • 2. Re: False Artemis!33AFE2F3942E
            Peacekeeper

            As CD says try getsusp and submit the file with subject line False +ve and name of detection. Post analysis id number or work item number here when you get a reply and if no fix in 5 days post back and I will ping a tech.

            • 3. Re: False Artemis!33AFE2F3942E
              sunnyhongyang

              Hi, Dear Sir

               

              Thank you for your kindly reply, I have downloaded "getsusp" and have upload the YAC downoader, and the result is "No suspicious files found", but I could not find the "analysis id number" or "work item number" anywhere in the getusp software, could you let me know where to find that number? or I just misunderstand the work flow?

               

              I have add some screenshot regards to my operation in this post, since the policy is not allow the attachment, I do not sure if I can send a screenshot picture here, sorry for the trouble in advance.

               

              Looking forward to your kindly reply!

               


              upload.jpgresult.jpg

               

              Message was edited by: Peacekeeper I deleted the Pic that showed your email address not a good idea to flash that. on 27/05/14 6:52:14 PM
              • 4. Re: False Artemis!33AFE2F3942E
                exbrit

                An Artemis designation means the labs already have to sample anyway.  FYI.

                False Artemis findings should be disputed as follows:

                 

                If something is identified, maybe wrongly as "Artemis" then McAfee already knows about it.  Merely send an email to virus_research@mcafee.com with the Artemis detection name and the words "False Artemis!++++++++++++" (where ++++++++++++ is the 12-digit code given to it) as the subject line. (Minus the "").

                • 5. Re: False Artemis!33AFE2F3942E
                  Peacekeeper

                  The workitem id number is from any email Mcafee sends you re detections after a getsusp run. The analysis id number will be on teh reply you get when you use the submission method we described above.

                  • 6. Re: False Artemis!33AFE2F3942E
                    sunnyhongyang

                    Hi, Dear Sir

                    Thank you for your kindly solution,

                    I have just sent  an emailresearch@mcafee.com  which subject is "False Artemis!33AFE2F3942E"  as your suggestion and also follow the other submiton rule,

                    could you also kindly let me know when I may get an answer from your lab?

                    Thank you for your kindly support!

                    • 7. Re: False Artemis!33AFE2F3942E
                      sunnyhongyang

                      Hi, Dear Sir

                      Thank you for your kindly reply.

                      I have used "getsusp" to upload the YAC files, and the result is cleaned, as may previous screenshot show, but I still do not recieve any email from Macfee, I guess maybe my operation flow is not correct,

                       

                      open getsusp -> upload file -> type my email in the preference -> click "scan" -> recieve email from Macfee about id number(which do not happen for now)

                       

                      Please kindly let me know whether this follow correct or not.

                       

                      Thank you for your great patience and support!


                      • 8. Re: False Artemis!33AFE2F3942E
                        exbrit

                        sunnyhongyang wrote:

                         

                        Hi, Dear Sir

                        Thank you for your kindly solution,

                        I have just sent  an emailresearch@mcafee.com  which subject is "False Artemis!33AFE2F3942E"  as your suggestion and also follow the other submiton rule,

                        could you also kindly let me know when I may get an answer from your lab?

                        Thank you for your kindly support!

                        It's virus_research@mcafee.com  They should auto-acknowledge almost immediately but a manual response takes a few days,

                         

                        Message was edited by: Ex_Brit on 27/05/14 5:59:11 EDT AM
                        • 9. Re: False Artemis!33AFE2F3942E
                          sunnyhongyang

                          Hi, Dear Sir

                          Thank you for your kindly support,

                          I have resent an email to virus_research@mcafee.com, and I am waiting to the answer.

                           

                          Thank you again for your support.

                          Best regards

                          1 2 3 Previous Next