8 Replies Latest reply on Oct 15, 2014 9:15 AM by nkelly

    False Artemis!C885CCCC5584


      I have reported this to virus_research@mcafee.com


      Should I receive a confirmation that the email has been received? How soon after I submit should I generally expect this?


      This is my first submission and want to ensure I have the process down for future (we just moved our Artemis level from Medium to High)



        • 1. Re: False Artemis!C885CCCC5584

          This document explains the process and steps necessary to resolve your issue What To Do When McAfee Detects Legitimate Software As An Infection - How to Submit To McAfee Labs & Appeal


          If this does not get resolved in a few days let us know and one of the moderators can get one of the support people to help expedite. Give it about 4 days and the only reason why so long as they deal with thousands of these per day and there are submissions in the queue already.


          Tom K3TG

          • 2. Re: False Artemis!C885CCCC5584

            I don't believe I have received any notification that my report has been looked at.  What address would it come from, it may have gotten blocked in our email filter.



            • 3. Re: False Artemis!C885CCCC5584


                                It would help immensely, if you PASSWORD protect the submission,with the word "Infected", in a Zipped Folder. attached,per instructions in the Link.




              McAfee Moderator

              • 4. Re: False Artemis!C885CCCC5584

                Sorry. I must have missed something.  The instructions are to send an email to virus_research@mcafee.com and post to this forum . (which I did)

                A moderator stated if I hear nothing in a few days to post back. (I have not received anything so I posted stating this as well as asking what email I would get notified from as our email filter may have blocked the message.)



                Further down in the instructions it does state if I still want to submit the file along with the above 2 stages.  The file detected is autostart.exe from a program called "Rail Designer 5". I am pretty confident it is not infected so as per the instruction I did not feel this needed to be uploaded.


                I have now sent the file in a .zip password protected to the above email address.  It does state I should receive an automated email almost right away and another manual one in 2-48 hours.


                I have not received the automated response so I am not sure the message made it.


                Thanks for your assistance

                • 5. Re: False Artemis!C885CCCC5584

                  Email file to: virus_research@mcafee.com and make the header of the email start with the word FALSE - for example FALSE:  In-house file being detected by McAfee


                  When submitting samples via E-mail all samples must be packaged in a .ZIP file.

                  Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the "") - using the basic or default zipping level - some compression software offers varying degrees.  Failure to follow these guidelines will cause your submission to be rejected.

                  If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

                  You now say you emailed a password protected file did you get an automatic reply back with an analysis Id  number?

                  Also try submiting the file to www.virustotal.com and report detections

                  • 6. Re: False Artemis!C885CCCC5584

                    Can you help on how to password protect the file?  I have used 7zip to upload infected files before with no issue.  The email I sent to virus_research@mcafee.com came back saying it is not password protected.  The .zip file opens and the password is on the file.  Do I need to double zip?  I re-enabled the HIGH Artemis setting and the same file has been deleted again.


                    Thanks for your help

                    • 7. Re: False Artemis!C885CCCC5584

                      The password is "infected" minus the ""  You just take the file and zip it I use winzip. I just used 7 zip and only issue I see is you need to specify file type ie zip not the 7 zip formal. The password worked for me when I tested the compression / extraction method so I suggest retry it.

                      1 of 1 people found this helpful
                      • 8. Re: False Artemis!C885CCCC5584



                        Thanks for submitting the file, it has been received and analysed. It has been confirmed to be non-malicious and should no longer be detected.