1 2 Previous Next 15 Replies Latest reply on May 23, 2016 2:02 PM by exbrit

    False Artemis!4BE13898D043

    kwylidd

      Apparently this is a false positive. I wish to make sure of it and to request McAfee for stop auto deleting this file.

        • 1. Re: False Artemis!4BE13898D043
          catdaddy

          kwylidd,

           

                         Please try following these Guidelines/Instructions to resolve your issue:What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

           

           

          All the Best,

          -CD

          • 2. Re: False Artemis!4BE13898D043
            exbrit

            kwylidd wrote:

             

            Apparently this is a false positive. I wish to make sure of it and to request McAfee for stop auto deleting this file.

            Please never attach samples here.  Have removed.

            Peter

            Moderator

            • 3. Re: False Artemis!4BE13898D043
              kwylidd

              The sample was zipped and encrypted with the "infected" password as instructred. I thought that was what I was meant to do

              • 4. Re: False Artemis!4BE13898D043
                catdaddy

                That is the correct thing to do. Colleage Ex_Brit was just saying, until it gets Analyzed/Cleared by McAfee Labs, he removed the attatchment you inserted for the safety of others.

                 

                Regards,

                -CD

                • 5. Re: False Artemis!4BE13898D043
                  exbrit

                  kwylidd wrote:

                   

                  The sample was zipped and encrypted with the "infected" password as instructred. I thought that was what I was meant to do

                  Yes but you have to email it as per the instructions in that link.  There's nothing that we can do with it here.

                  • 6. Re: False Artemis!4BE13898D043
                    kwylidd

                    So I got this reply:

                     

                    McAfee Labs - Beaverton 

                    Current Scan Engine Version:5800.7501 

                    Current DAT Version:8142.0000 

                    Thank you for your submission. 

                     

                    Analysis ID: 9965681

                     

                    File Name Findings Detection Type Extra

                    --------------------|------------------------------|---------------------------- |------------|-----

                    cloudrop.exe |inconclusive | | |no 

                     

                    inconclusive [cloudrop.exe] 

                     

                      Automated analysis was not able to determine that this file is malware. This file is 

                    being sent for further processing and the DAT files will potentially be updated if 

                    detection of this sample is warranted.

                     

                    Does it mean I'll get the results of the further analysis or that's all I'll ever know about this file?

                    • 7. Re: False Artemis!4BE13898D043
                      exbrit

                      It means, hopefully, that one day soon, the file will magically be OK'd by the software...or not, but by the sounds of it I would say OK is more likely.

                      It's difficult to say.

                      They may email you saying it will be cleared in the next update and enclose an "Extra.DAT".   That means next day it should be OK, if not later that day.

                      Ignore the attached file they may send as that is meant for Enterprise/Business software consumption only.

                      • 8. Re: False Artemis!4BE13898D043
                        kwylidd

                        Oh thank you very much for the support. one last question: this file is automatically downloaded to %appdata% and McAfee instantly deletes it (quarantines it). What should I do to prevent this behaviour? If I go to the quarantine and select "restore" the file still gets quarantined when accessed. How to I manually "trust'" it then?

                        • 9. Re: False Artemis!4BE13898D043
                          exbrit

                          In the Consumer software you can only Trust a file that has been identified as a "PUP", or Possibly Unwanted Programme, so no you wont be able to do that unless that is the case.

                          It should tell you that information in the Quarantine folder - whether or not it's a PUP..

                          1 2 Previous Next