6 Replies Latest reply on Jul 29, 2014 6:05 AM by catdaddy

    False Artemis!ADF72A53FE56

    roybarda

      Check Point Document Security (cpds.exe ) is being detected Artemis!ADF72A53FE56, obviously it's a false positive.

       

      Expecting your efficinet support to fix this one asap, thanks.

       

      Roy.

        • 1. Re: False Artemis!ADF72A53FE56
          catdaddy

          Actually cpds.exe is not required to run on Windows XP/7/8.1. I have not ran it through the various submission sites, however there is an article from Bleeping Computer on it HERE

           

          If you feel that it is a false detection, you can follow the Guidelines/Instructions below my Signature (Last Link)

          Upon submittal you should receive a confirmation email that it is being analyzed. Allow the appropiate time for the process (4-5) days.

           

          If not resolved by then,Kindly post back the Analysis ID #, and we can quite possibly expedite the process.

           

          All the very best,

          Regards,

          • 2. Re: False Artemis!ADF72A53FE56
            roybarda

            Dear Sir,

             

            cpds.exe is an installation of an official IT product signed using a valid software signature certificate provided to software publishers:

             

            cpds signature.png

            1. We did try to follow the instructions, and didn't get any confirmation email. Could you, please, re-verify (as you can see, your signature has been removed by the forum).

            2. What was the reason the software was identified as malicious in the first place? Article in Bleeping Computer forum? But again, the software is signed by a valid publisher ceritificate - why would a forum article be enough of a reason to declare it as malicious?

            3. BTW, the article behind the link you have provided was removed from Bleeping Computer.

             

            I am asking the above questions, since, this false identification is damaging the product reputation and preventing valid users from using it. I would like to understand how this happened and how to avoid this in the future.

            • 3. Re: False Artemis!ADF72A53FE56
              catdaddy

              Hi roybarda,

               

                         Thank you for your response/Questions. I can appreciate your thoughts and comments. As for the article being removed from Bleeping Computer, it has not. You could have typed in the Search field (cpds.exe) and it would have taken you HERE

               

                           As for why it gets detected as a Suspicious file is why I recommended you submitting the file to Avert Labs/McAfee. For sometimes the cpds.exe File/program masqurades as the valid file/program. Please follow the Guidelines/Instructions as I suggested before. Especially the instructions regarding (Restoring the File) and zipping it to send to Avert.

               

                            Please make certain that you (Re-enable) RTS afterwards. As for why my Signature not being visible,our Forum is undergoing maintenance and could possibly be the case. It should appear visible now.

               

                             In addition, in Version (13.6) file exclusion has been re-introduced. Please only utilize this,if you are absolutely certain the file is safe. Hence, is the reason I suggested submitting to McAfee to make sure. It is quite possible after analysis it could be Whitelisted.

               

                             Upon successful submittal, you should receive a confirmation that it is under Analysis associated with an Analysis ID #. Please allow the appropiate time to be processed (4-5) buisness days. If not resolved by then,please post back the Analysis ID # and quite possibly we can expedite the process.

               

                              Please know that other Vendors detect this file as well on occasion.

               

                           Again, the Instructions can be found below my Signature (Last Link)

                           How to submit False Artemis!/samples to McAfee Labs/ here

               

              Wishing you all the very best,

              Regards,

               

              Message was edited by: catdaddy on 7/24/14 7:53:07 AM EDT
              • 4. Re: False Artemis!ADF72A53FE56
                catdaddy


                Hi Roy,

                 

                                I was wondering if you were successful at getting your issue resolved? If you got confirmation that the (cpds.exe) was indeed submitted for analysis? You should have received a Analysis ID #. It would go a long way in determining if we can consider/assume this thread answered?

                 

                All the Best,

                Regards,

                 

                Message was edited by: catdaddy on 7/28/14 11:20:19 AM EDT
                • 5. Re: False Artemis!ADF72A53FE56
                  roybarda

                  Hi,

                   

                  First of all, Thanks for guiding me through.

                   

                  I have sent the file for analysis and recieved the attached reply :

                   

                  "

                  McAfee Labs Sample Analysis

                   

                  Thank you for submitting your suspicious file(s). We havedetermined that the following files are detected with our current DAT files.

                   

                         Reference  : (Escalation) 9054629

                          ---------------------------------

                          

                         +---------------------------+----------------------------------+--------------- ---+----------------------+-----------------+

                  | File Name                 | MD5                              | Findings         | Detection            | Type            |

                  +---------------------------+----------------------------------+---------------- --+----------------------+-----------------+

                   

                          |cpds.exe                  |adf72a53fe56c44952fe388e5104a280 | clean            |                     | clean           |

                   

                         +---------------------------+----------------------------------+--------------- ---+----------------------+-----------------+

                   

                         

                          

                   

                  Solution:

                   

                   

                  To ensure that you have the maximum capability ofdetecting and cleaning this malware, please make sure you have the latestMcAfee scanning engine.

                   

                  DAT and scanning engine updates are available at thefollowing location: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

                   

                  Support:

                   

                  McAfee Labs accepts file samples for analysis andpossible inclusion into AV signature DAT updates.

                  Additional information for submitting samples to McAfeeis available in the following location: https://kc.mcafee.com/corporate/index?page=content&id=KB68030

                   

                  Product related questions and comments can be addressedvia McAfee Technical Support and Customer Services, including:

                  * Assistance with detection and cleaning or removal ofmalware

                  * Product installation and update questions

                  * Product usage questions

                   

                  Please use the following links to reach our TechnicalSupport group:

                  Business Customers: http://www.mcafee.com/us/support.aspx

                  Home Customers: http://home.mcafee.com/root/support.aspx

                   

                  Regards,

                  McAfee Labs

                   

                  McAfee Labs: http://www.mcafee.com/us/threat-center.aspx

                  McAfee Labs Blog: http://blogs.mcafee.com/mcafee-labs

                  "

                   

                  Does that mean McAfee removed CPDS.EXE from their blacklist ?

                   

                  Thanks,

                  Roy.

                  • 6. Re: False Artemis!ADF72A53FE56
                    catdaddy

                    Hi Roy,

                              Thank you for the reply back. The question now being is, does McAfee still detect it as Artemis! when attempting to access it? Please attempt to do so,and apprise us of your results.

                     

                    Regards,