1 2 Previous Next 13 Replies Latest reply on May 21, 2015 7:24 PM by catdaddy

    False Artemis!8F67726F377C

    kcooke

      To whom can assist in removing this false positive….

       

      I submitted the below text 5 business days through the process outlined...

       

      "The .MSI install file for the Liquidware Labs Stratusphere Connector ID Key (a Windows-based agent) is used for both in both desktop PC assessment as well as desktop monitoring in our customer’s enterprise computing environments. We have recently learned that we are being falsely caught by the McAfee Artemis detection as an Artmis!8F67726F377C Trojan. Can you please advise us how to have this whitelisted?

      Regards,"

       

      Further, I've attached and password protected our MSI file, however it continues to be bounced with the message below...  Can someone please let me know how to get this addressed.  It is causing challenges with the customers of our product.  Thank you.


      McAfee Labs - Beaverton

      Current Scan Engine Version:5700.7163

      Current DAT Version:7784.0000

      Thank you for your submission.

       

      Analysis ID: 9395077

       

      File Name Findings Detection Type         Extra

      --------------------|------------------------------|---------------------------- |------------|-----

      image001.jpg |no password |                            |            |no 

       

      no password [image001.jpg]

       

         A file you submitted did not arrive in a password-protected ZIP file. Please see     

      http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx for         

      instructionson how to submit a sample to McAfee Labs.                                

        • 1. Re: False Artemis!8F67726F377C
          exbrit

          Moved this to Artemis Discussion for faster support.

           

          There's some reading on the subject here, mainly for consumers but it may help:  What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

           

          Please don't attach samples here, it's against forum rules.

          • 2. Re: False Artemis!8F67726F377C
            sol

            You need to submit the sample in a passsword protected zip file  both the password and the zip file must be the word "infected"

            1 of 1 people found this helpful
            • 3. Re: False Artemis!8F67726F377C
              kcooke

              I have submitted a file, password protected as noted...  As noted in my original post...  The automated sstems seems to kick-bacck mu message (even with the file zipped and locked with the password "infected." I'm hoping there is a live person at McAfee that I might interact with as this is going over a week with no response.

              • 4. Re: False Artemis!8F67726F377C
                sol

                That is very very odd....  I prefer the email route   use this address and a password protected ZIP file. Try to open the zip file to see that it asks for a password before you send it. Maybe it isn't encrypting correctly.

                 

                Virus_Research@avertlabs.com   in the subject line enter the Artemis False Positive and provide some detail in the email

                • 5. Re: False Artemis!8F67726F377C
                  kcooke

                  Email sent with ZIP attached

                  • 6. Re: False Artemis!8F67726F377C
                    kcooke

                    Just received the following:

                     

                    ###

                     

                    McAfee Labs - Beaverton

                    Current Scan Engine Version:5700.7163

                    Current DAT Version:7787.0000

                    Thank you for your submission.

                     

                    Analysis ID: 9399481

                     

                    File Name Findings Detection Type         Extra

                    --------------------|------------------------------|---------------------------- |------------|-----

                    install-connectorid-|inconclusive                  |                            |            |no  

                     

                    inconclusive [install-connectorid-key-5_7_2-winstandard.msi]                                       

                     

                    Automated analysis was not able to determine that this file is malware. This file is  

                    being sent for further processing and the DAT files will potentially be updated if    

                    detection of this sample is warranted.                                                

                    • 7. Re: False Artemis!8F67726F377C
                      sol

                      That is a good start... that is what you should get

                       

                      You may not hear back from them again. When it comes to whitelisting the false positives... it just seems to happen and things work again. I never seem to get a notice back from them but I am able to carry on like nothing ever happened

                      • 8. Re: False Artemis!8F67726F377C
                        kcooke

                        I would really LOVE to get some type of formal response as this affects many, many of my customers....  Is there any mechanism ny which I can obtain some formal feedback?

                        • 9. Re: False Artemis!8F67726F377C
                          catdaddy

                          kcooke,

                                         Actually when you immediately receive a confirmation with a Analysis ID #,is a formal response. It indeed indicates that your submission was successful. Please know that I am contacting someone on your behalf at McAfee Labs, and hopefully expedite your submission.

                           

                          Thank you for your patience.

                           

                          Catdaddy

                          McAfee Community Moderator

                          Consumer Products

                          1 of 1 people found this helpful
                          1 2 Previous Next