1 2 Previous Next 19 Replies Latest reply on Apr 4, 2017 7:49 AM by dmeier

    FALSE Artemis!4434F3C22855

    jorisvergeer

      Our updater is detected as generic malware. Including McAfee

       

      Can you tell us on what base our updater is marker as malware so we can avoid this in the future. Our application is signed by a certificate we paid $120 for, just to avoid this issue, yet it started popping up again.

       

      So, please tell us why it failed and how we can avoid being marked as malware? We don't want this to start again when we update our application.

       

      Kind regards

       

      Attatchment removed until deemed safe by McAfee Labs.

        • 1. Re: FALSE Artemis!4434F3C22855
          catdaddy

          Try following these Guidelines/Instructions What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

           

          I also noticed that your zip contained 50mbs, the individual limit is 10 mbs per zipped submission. It may be that you have to submit to VirusTotal.com and possibly provide the hashes  to me in a Direct Message. I will follow you just in case. Please hover over my Avatar,and click okay/done and follow me, if needed.

          1 of 1 people found this helpful
          • 2. Re: FALSE Artemis!4434F3C22855
            catdaddy

            I will also add that once your software has been analyzed/processed and considered clean by McAfee standards. Quite possibly you could submit your software for future references/updates, to McAfee,a *GetClean* program.

             

            I will discuss this with the a McAfee Labs Engineer.

            1 of 1 people found this helpful
            • 3. Re: FALSE Artemis!4434F3C22855
              catdaddy

              I received your hashes from Virus Total, Please be informed of your escalated ticket number:

              Ticket #: AM000882 - Artemis! (User could not submit normally 50mbs zip )

              • 4. Re: FALSE Artemis!4434F3C22855
                catdaddy

                For your information:

                 

                Hi Cliff,

                 

                This sample has been escalated up to the research team for further analysis.

                 

                Regards,

                Nick

                • 5. Re: FALSE Artemis!4434F3C22855
                  catdaddy

                  Please confirm that your software/detection has indeed been suppressed:

                   

                  Hi Cliff

                   

                  The detection for this file has been suppressed.

                   

                  Cheers

                  Cliff

                  • 6. Re: FALSE Artemis!4434F3C22855
                    jorisvergeer

                    This does NOT answer my question

                     

                    My question was why our signed executable was marked as malware?

                     

                    Regards,

                    Joris

                    • 7. Re: FALSE Artemis!4434F3C22855
                      catdaddy

                      Excuse me?  The reason it was detected is McAfee deemed it as *Suspicious* not necessarily as Malware. Now it is no longer considered as such. So by saying your software is suppressed/clean. It is in my opinion *Answered*. For the sake of me, I cannot understand your logic.

                      • 8. Re: FALSE Artemis!4434F3C22855
                        jorisvergeer

                        Ok. here is my logic,

                         

                        I am responsible for the update process for our companies software at our customers site. We have a lot of issues with AV software since they all tend to block our software now and then. To address this we started using "code signing" certificates. That's fine. Now suddenly (since last week or so) our signed executable are marked as "Suspicious* and are put in quarantine and/or scaring our customers with "scary" messages (not only McAfee but also a lot of other major AV solutions).

                         

                        Its fine that the current executable is not marked as *Suspicious* anymore. But who says that the next version of our updater executable will not suddenly get marked?
                        We can also build another build of exactly the same code, and then It will also not being detected anymore. But its only a matter of time before it is marked again for no reason.

                         

                        How can I tell our customer support team that they do not have to expect that suddenly the updates stop working because AV software has started blocking those again?

                         

                        I just want to make sure that when our support team wants to update our application they don't have to worry about AV software.

                         

                         

                        You also do not block updates from for example "Google".

                        • 9. Re: FALSE Artemis!4434F3C22855
                          catdaddy

                          Due to the (Fact) I have taken every step possible to assist and get a resolution to your issue. And McAfee Labs has indeed found your software to be clean of any malicious content. I am marking this as *Correctly Answered* and locking.

                           

                          If you have any further issues moving forward, Please start a new thread.

                          1 2 Previous Next