1 2 Previous Next 16 Replies Latest reply on Aug 18, 2014 2:22 AM by kalelinho

    False Artemis!402CBFCF8CAE

    kalelinho

      Hello,

       

      I have bought a software of a trust company and when I try to open it after its installation McAfee keeps flagging the .exe file (tajweed.exe) as a virus, causing the software to fail. I am getting the "False Artemis!402CBFCF8CAE" message and McAfee takes my .exe (tajweed.exe) file for this software and quarantines it. Once I try to send it back to its resective folder, McAfee wil repeat the whole quarantine process once again.

       

      What is the problem ?

       

      What can I do to avoid the quarantine process and to be able to use this (expensive) software ?

       

      Thank you in advance for your help.

       

      Best regards.

        • 1. Re: False Artemis!402CBFCF8CAE
          llamamecomoquieras

          Hi there,

           

          Please submit the file to McAfee as per below article and in the main time create a file exclusion for the exe that has been removed.

           

          False positive submissions
          If you think that a file has been falsely detected or incorrectly classified, follow this procedure to submit the sample to McAfee Labs. 

          Submit false positive samples through the McAfee ServicePortal
          The preferred method for submission is via the McAfee ServicePortal. See Solution 1 for instructions to submit samples using the ServicePortal.

          When you use the ServicePortal to submit false positives, ensure that you select the appropriate Issue Type for your submission:

          • Artemis False (false positive detection from Global Threat Intelligence)
          • Suspected False (all other false positive detections)

          Email submissions
          To submit a sample via email, please send it to McAfee Labs Virus Research at: virus_research@mcafee.com.

          • Prefix the email subject line with the word FALSE. For example:

            FALSE: In-house file being detected by McAfee
          • Ensure that you include the On Access / On Demand Scan log files of the McAfee product along with the DAT and Engine versions in use at the time. Also, include any other relevant information regarding why you think the file has been incorrectly detected. This information is helpful when analyzing the sample.

                Information to provide: (example)

                Please review the submitted file as we believe this is a false detection.

            Product: VirusScan Enterprise 8.8
            DAT version: 6587
            Engine: 5400
            Description of issue: This application has been developed as an in-house tool for cleaning our databases. Please see the attached OAS/ODS log file showing this detection by VirusScan.

            NOTE: Failure to supply all of the information requested above might result in delays with the analysis.

          After the sample has been analyzed, one of the following happens:

          • The sample is considered clean. Detection is suppressed and will be updated in the earliest DAT release.
          • The sample is incorrectly classified. It will be reclassified and detection will be updated in the earliest DAT release.
          • Analysis of the file determines that the sample is properly detected. You will be notified of the results.

           

          Best regards,

           

          José María

          1 of 1 people found this helpful
          • 2. Re: False Artemis!402CBFCF8CAE
            k3tg

            This is the link I have that is used to submit samples to McAfee for analysis What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

             

            Good Luck

             

            Tom K3TG

            • 3. Re: False Artemis!402CBFCF8CAE
              catdaddy

              There also is this link, Albeit may just be for Buisness/Corporate Customers?

               

              Detection Dispute Submission | McAfee Labs

               

              Regards,

              Catdaddy

              McAfee Volunteer Moderator

              • 4. Re: False Artemis!402CBFCF8CAE
                kalelinho

                I have submitted the .exe file via Getsusp and the result is :

                 

                SR Number               Creation Date                WorkItem ID        Machine Name

                =========               ==============               ===========        ===========

                None specified          8/7/2014 5:57:36 PM          1398011            VAIO_YO

                 

                 

                 

                 

                +-------------+----------------------------------+--------------+-----------+--- -----+
                | File Name   | MD5                              | Findings     | Detection | Type   |
                +-------------+----------------------------------+--------------+-----------+-- ------+
                  | tajweed.ex_ | 402cbfcf8cae94755ce0767a647fb895 | not_detected |           | TROJAN |
                +-------------+----------------------------------+--------------+-----------+-- ------+

                • 5. Re: False Artemis!402CBFCF8CAE
                  kalelinho

                  What can I do knowing that I am sur that the file is a trust one ?

                  • 6. Re: False Artemis!402CBFCF8CAE
                    llamamecomoquieras

                    You can open a case with Malware team and ask why is detected I mean what is the behaviour or what trigger to be detected...

                     

                    Regards,

                     

                    José María

                    • 7. Re: False Artemis!402CBFCF8CAE
                      kalelinho

                      I can send the .exe file by mail for an analysis. Will they be able to whitelist it ?

                      • 8. Re: False Artemis!402CBFCF8CAE
                        catdaddy

                        It looks as though you have sent it, by your Confirmation and Work Item #. Please allow them the appropriate time to analyze ( 4-5) business days. As they detect over 150,000 samples a day.

                         

                        Regards,

                        Catdaddy

                        McAfee Volunteer Moderator

                        • 9. Re: False Artemis!402CBFCF8CAE
                          kalelinho

                          Ok I will wait. thank you for your answer.

                          1 2 Previous Next