6 Replies Latest reply on Aug 15, 2014 3:46 AM by Peacekeeper

    False Artemis!0E1EFA308060

    nathan.n.sword

      Attempting to download an "unofficial" version of Virtualbox that has been re-packaged for portable use,  after it was removed from my USB stick by McAfee's On-Access scan engine, from the Linux Live USB Creator site.

       

      I believe this to be a false positive, and has been classified as such because it employs the use of AutoIT scripting.

       

      I realize it's not possible to de-classify AutoIT as it has been used in the past for malware/trojan scripting, but this package has been classified a threat for at least over a year and most other sites have already re-classified the Portable Virtualbox package as safe.

       

      I can't add a copy of the file, currently, because our firewall (McAfee Web Gateway) also blocks the site (possibly for the same reason) and the on-access scan engine has removed the only copy I have of it, currently; Please see the embedded links above for more information. I require a portable means to transporting my linux environments between work and home; Copying my files back and forth to USB is tedious enough without having this happen and other available software options, static installations, require importing and exporting my environments every time I need access to them...

       

      Can someone PLEASE get this looked at so we can move forward with reclassifying this as a safe application?

       

      Thanks,

       

      Nate

       

      File link removed as it as at a red rated site

       

       

       

      Message was edited by: Peacekeeper on 5/06/14 3:31:16 PM
        • 1. Re: False Artemis!0E1EFA308060
          catdaddy

          Hi natthan.n.sword,

           

                           Welcome to the McAfee Communities. Please see the following thread,it should assist you in resolving your issue. Please Keep your Work Item # , for future references. Thread can be found HERE   Other methods to submit can be found HERE

           

          I might add that Site Advisor Flags your (1st) entry (Portable Virtualbox)  as "Malicious/Dangerous", and quite possibly should be removed,for the safety of others.

           

          All the Very Best,

          Regards,

           

          Message was edited by: catdaddy on 6/5/14 12:16:25 AM EDT
          • 2. Re: False Artemis!0E1EFA308060
            Peacekeeper

            As CD says send it zipped and password protected as he suggests and use subject as posible false +ve and name of detection. say why you think it so.

            Post analysis id number you get here and if no definite fix in 4 days post back

             

            I removed the file link please do not post possible infected file links even if you are sure they are ok.

             

            Message was edited by: Peacekeeper on 5/06/14 3:36:07 PM
            • 3. Re: False Artemis!0E1EFA308060
              joe76000

              Hello Nathan,

               

              I have exactly the same issue than you within the same context.

              McAfee has to clean its database regarding this false positive.

               

              If McAfee is not willing to well support the open source community including Linux, under Windows I will change my Security suite to an other brand.

              That's all.

               

              Cheers. Joe

              • 4. Re: False Artemis!0E1EFA308060
                Peacekeeper

                Unsure if the Op actually submitted the file as Cd suggested . But  that is the way to go you will get a reply back immediately so reply to that changing the subject to False +ve and name of detection and send it off.

                 

                submit malware

                http://vil.nai.com/vil/submit-sample.aspx

                 

                 

                Post the analysis id number here and if no fix in 4 days post back and I will escalate it immediately to a lab tech to fix.

                • 5. Re: False Artemis!0E1EFA308060
                  joe76000

                  Hello Peacekeeper,

                   

                  Thank you for your reply.

                   

                  I have tried to send several times the so called threath directly from my McAffe Internet Security (quarantine zone) but without any success (transmisson failed - an error occured when my Internet access is okay).

                  Portable-VirtualBox.exe     Artemis! 0E1EFA308060    15/08/2014 00:21     Détecté

                   

                  I will not spend any more time on this issue. I am getting rid off McAfee on my new HP Spectre 13 x2 and will use an other Security suite which is well taking care about open source softwares.

                   

                  For me, this message is closing the subject.

                   

                  Cheers. Joe

                  • 6. Re: False Artemis!0E1EFA308060
                    Peacekeeper

                    Ok btw running getsusp would have submitted it that quarantine submission is problematic.As would the method I posted If you were in a hurry things could have been speeded up

                     

                    http://downloadcenter.mcafee.com/products/mcafee-avert/GetSusp/GetSusp.exe

                    add your email to the preferences so McAfee can notify you.

                     

                    Another way that I do not like is in version 13.6 the real time scanner has an exclusion option to exclude certain files from being scanned when run.

                     

                    Anyway as you removed McAfee the above is for future reader hope things go well for you.

                     

                    Closing the thread