9 Replies Latest reply on Jun 18, 2014 4:48 AM by exbrit

    False Artemis!C8034D590686

    sunnyhongyang

      Hi, Dear Sir

       

       

          We are Elex do Brasil Participa es Ltda,the file submitted is a product we produce and publish.  It is a online-downloader for Yac.

          However, they have encountered a false positive problem with McAfee Artemis recently.

          The reported threat name is "Artemis!C8034D590686" .

       

          Please do have a check immediately, and clear the false alarm, I have sent an email to virus_research@mcafee.com

       

       

      But, currently I do not get reply so far.

       

       

      And I also use GutSup to submit, but it popup an error say the zip file is not valid, so I am now unable to use it to submit the false positive, the pop up "Invalid GetSusp zip fie" could you give me some suggestion about this problem, I have made it a valid zip for sure, since I have submit successully before.

       

       

      Looking forward to your kindly attetion and effective solution.

       

       

      Best regards

      Sunny

        • 1. Re: False Artemis!C8034D590686
          catdaddy

          It seems you followed the proper protocol. You should recieve a Automated reply back from McAfee Labs,with a Work analysis ID#. Confirmation that it recieved your submission and is under analysis. Generally give it 4-5 (Buisness days). As you can imagine the enormous amount of detections collected on a daily basis.

           

          After allowing the appropiate amount of time, please post back the Analysis ID #, and quite possibly we can stir up someone at McAfee Labs to expedite matters.

           

          I,m concerned about you stating that you had issues running the Getsusp Tool?  You may want to Download/Install "Malwarebytes (Free) only. Do not accept the (Free Trial) or activate the (Paid Version) For the RTS Module may conflict with McAfee.

           

          The (Free) Version will suffice. You can locate this Tool and Getsusp below my Signature (First Link)

           

          Should Malwarebytes detect anything, Remove/Delete all and restart to entirely remove all/any remnants. I would run another scan to check for sure,then attempt to run the Getsusp Tool afterwards.

           

          All the best,

           

          Message was edited by: catdaddy on 6/17/14 5:58:42 AM EDT
          • 2. Re: False Artemis!C8034D590686
            Peacekeeper

            If you got no reply did you zip the file correctly as mentioned in both our signatures. If they receive it correctly you will get a reply immediately.

            • 3. Re: False Artemis!C8034D590686
              exbrit

              If GetSusp is not recognizing a zip file then there is something wrong with how you are zipping.  What software are you using to zip it and have you tried another method?    With GetSusp anyway I though files don't need to be zipped.

               

              Are you an Enterprise customer?  If so the portal support should be able to assist you.

              • 4. Re: False Artemis!C8034D590686
                exbrit

                If something is identified, maybe wrongly as "Artemis" then McAfee already knows about it.  Merely send an email to virus_research@mcafee.com with the Artemis detection name and the words "False Artemis!++++++++++++" (where ++++++++++++ is the 12-digit code given to it) as the subject line. (Minus the "").

                 

                In this case the header should read:  False Artemis!C8034D590686

                 

                No need to re-submit the file as Artemis by definition means the labs already have it and are working on it.

                • 5. Re: False Artemis!C8034D590686
                  catdaddy

                  Thanks Peter   Just remembered got an appointment @ 9:45 am, I,ll be back after that.

                  • 6. Re: False Artemis!C8034D590686

                    Let me correct everyone here - McAfee does not capture files through the Artemis system - that would be a huge privacy problem.

                     

                    The artemis code is a unique identifier for the file, which we MAY have had submitted through another system, or may have captured through our honeypots and other systems, but when your computer generates an artemis warning, it does not mean that your computer sent the file to us.

                    • 7. Re: False Artemis!C8034D590686
                      exbrit

                      Sorry I worded things wrongly.

                      • 8. Re: False Artemis!C8034D590686
                        sunnyhongyang

                        Hi, Dear Ex

                        Thank you so much for your kindly explanation, and I am very appreciate your patient.

                        I have successfully upload the file by GetSusp using "rar" format,  I do not know what was going on my "winzip", maybe I should uninstall it and reinstall again.

                        I am now in a stage that waiting for the answer from your lab, I have sent sent email subjected False Artemis!C8034D590686 as well as submit by getSusp.

                        And I have a liitle question, after I upload the file as well as sending email, would I get a auto-reply after I type my email on the software or make the email subject right ?

                        Cause so far I still do not get an auto-answer which make me a little suspect if I have made the correct work flow.

                        Thank you again for your kindly attention.

                        Hope you enjoy a great day!

                        • 9. Re: False Artemis!C8034D590686
                          exbrit

                          They will answer you eventually. Good luck.