1 2 Previous Next 10 Replies Latest reply on Apr 13, 2016 8:10 PM by Peacekeeper

    False Artemis!73B5F9A75280

    mdarcy

      This is a file that has been part of our software for roughly 4 years now, buy Mcaffee has started detecting it as a virus. it is exactly the same file as was part of our software released 4 years ago.

        • 1. Re: False Artemis!73B5F9A75280
          Peacekeeper

          To help resolve your issue, please follow these Guidelines/Instructions What To Do When McAfee Detects Legitimate Software As An Infection - How to Submit To McAfee Labs & Appeal

           

          You will get an immediate reply with an analysis ID number post this here and if no fix in 3-4 days post back and I will escalate the detection.

          • 2. Re: False Artemis!73B5F9A75280
            mdarcy

            Unfortunately g-mail blocks sending zipped exes even if they are password protected, already tried that one so i moved onto the next options which  on that page it says to come here and post...."Also post  in the Artemis forum with the Artemis number as the header and put an explanation in the body of the post. " so i did that, the next option was to use the getsusp application, which I'm not exactly sure what that did as it just told me it was a virus, but then emailed me with the following which seems to say it is not a virus.

              

                    +--------------+----------------------------------+--------------+-----------+- ---------------+

            | File Name    | MD5                              | Findings     | Detection | Type           |

            +--------------+----------------------------------+--------------+-----------+-- --------------+

             

                    | instmenu.ex_ | 73b5f9a752800aa2e8f238e2153ea565 | not_detected |           | assumed_dirty4 |

             

            +--------------+----------------------------------+--------------+-----------+- ---------------+

             

            It seems Mcaffee has a terrible process of reporting false positives compared to most AV vendors which just have a simple online submissions form.

            • 3. Re: False Artemis!73B5F9A75280
              Peacekeeper

              The submission zipped file works well unless your email client has issues. Seems getsusp has reported it I assume you added your email address to the preferences and you got a reference number or work Item id number?

               

              If no action in 3 days post and I will escalate the detection.Usually the submission process works fine depends on tech's work load i suppose.

               

              There is another way of posting the zipped file in a dropbox and I grab it and submit on your behalf it referencing this thread. Works well for large files.

              • 4. Re: False Artemis!73B5F9A75280
                mdarcy

                Hi, here is the info from the getsusp email

                 

                Submission through GetSusp (Reference WorkItemID: 2072762)


                We really need this done ASAP as we have customers hassling us about it and waiting 2 more days just to have it escalated it isn't really a great option, most of the other AV companies reporting this as a virus have already updated their definitions, the only ones that haven't are the ones that don't have an online form.

                 

                One thing I am curious about will both the below engines be updated once it is confirmed as a false positive?

                 

                McAfee
                McAfee-GW-Edition
                • 5. Re: False Artemis!73B5F9A75280
                  Peacekeeper

                  Yes all detections I understand.

                  So now I am contacting escalation bod then it depends on his workload re response but should not be long

                  1 of 1 people found this helpful
                  • 6. Re: False Artemis!73B5F9A75280
                    mdarcy

                    Thanks for your help!

                    • 7. Re: False Artemis!73B5F9A75280
                      dmeier

                      I've been able to whitelist the file. Yes, it will be whitelisted from both detection's.

                       

                      - David

                      • 8. Re: False Artemis!73B5F9A75280
                        Peacekeeper

                        Thanks David mdarcy can you please confirm issue fixed in a couple hrs please

                        • 9. Re: False Artemis!73B5F9A75280
                          mdarcy

                          thanks guys, looks like it is all good now!

                          1 2 Previous Next