Showing results for 
Show  only  | Search instead for 
Did you mean: 

What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

SOFTWARE MAKERS ONLY:  If you are the owner of the software being detected see:  KB85568 - also please see KB85569 - & the Detection Dispute Submission Form

Please also note the links to related KB articles at the bottom of some of those, thanks and good luck.

CUSTOMERS: This only applies to to the Windows-based software - there are no published procedures yet for MAC or for Mobile applications.  Although it could be adapted for MAC I believe.

This outlines what to do when something is detected as being malware by your McAfee software.  This applies whether it is detected as regular malware or given the generic title 'Artemis' (given to "unknowns").

Files can be quarantined as regular malware or if they are currently unknown to the database, they will be labelled "Artemis", which I will deal with first.

Artemis (or McAfee 'Global Threat Intelligence' technology) is the enhanced heuristic detection component of McAfee SecurityCenter's virus protection module.

It works by adding an extra layer to the detection engine, but instead of just detecting something it actually "calls home" to the virus database to double-check before labelling something as a possible threat.

If something is identified, maybe wrongly as "Artemis" then send an email to with the Artemis detection name and the words "False Artemis!++++++++++++" as the subject line (minus the "", ++++++++++++ is the 12-digit code given to it).  Also post  in the Artemis forum with the Artemis number as the header and put an explanation in the body of the post.  That gives you a double chance at getting it dealt with quickly.

However, if you still want to submit the file......the following is for Consumers only but could give Enterprise people pointers  (Sorry not familiar with Enterprise).

You should go to the Restore tab in Security Center and make sure that it is forwarded to the Threat Center (Avert Laboratories) as, if it is harmless, it will then be excluded from the database automatically.

Lately this procedure is often blocked by ISP's because of the protocol the software utilizes, so do the following:

To send it to the Threat Center outside of SecurityCenter.....

First disable your virus protection and then reinstate the file from quarantine.

See....How to Submit a file to the Labs for analysis:

Email file (encrypted - see below) to: and make the header of the email start with the word FALSE - for example FALSE:  In-house file being detected by McAfee

When submitting samples via E-mail all samples must be packaged in a .ZIP file.

Additionally, any .ZIP file created must be password-protected (encrypted) using the password "infected" (minus the "") - using the basic or default zipping level - some compression software offers varying degrees.  Failure to follow these guidelines will cause your submission to be rejected or ignored.

If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

If you don't receive anything it either means the file was submitted incorrectly or the response is sitting in your Junk or Spam mail folders.

**If they respond that it is an infection and you are sure it is not, reply to that email immediately ( to ) and insert the word 'False' (minus the '') in front of the header, but keep the rest of the header intact.

To be on the safe side scan with an outside anti-malware agent such as MalwareBytes (Free)  or SuperAntispyware (Free). Let them clean everything they find.

NOTE:  Due to the large volume of detections on a daily basis (150,000 or more) please allow 4-5 business days for the submission to be analysed & processed.

Also there is a limit of 10Mb file size on submissions so if your file is bigger post in the Artemis or malware forum and provide a link to it and a mod will forward the file's link to McAfee.


If you do get a reply post the analysis Id number in the thread.



Another way of submitting files is to use the new GetSusp tool's Upload tab.  The tool is downloadable here:  GetSusp and support for it is in that Group which is free to join.

Don't forget to add your email address in Preferences to obtain a response. The file size limits are lower than email submission.


Note:  The Excluded Files feature has been reinstated in the consumer products, but, should that file be found in the database as possible malware, it will still end up being quarantined.

Also submit the file to VirusTotal to see what other antivirus makers say about it:  VirusTotal - Free Online Virus, Malware and URL Scanner

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community