This article provides information on improved Artemis functionality for listing specific detected malware names.
To provide increased proactive detection, McAfee has opted to detect some malware generically. This means that new malware can be detected earlier in the wild, some detection names will be generalized rather than providing a specific name for the infection.
Because the name assigned to these detections is generic, it may be diifficult to restore specifics Artemis detections from Quarantine and differentiate between specific threats in reports. To counter this McAfee Avert Labs has recently added a unique identifier to the end of Artemis identifications, so that when Artemis identifies malware, an additional unique identifier is shown.
The bold text equals the first 12 hexadecimal characters of an MD5 hash.
Adding the unique tagging for detections enables you to do the following:
More easily restore items from quarantine via ePolicy Orchestrator (ePO). You can now use the full detection name to enable restore from quarantine for just the one detection rather than all Artemis detections.
Create reports detailing how unique the malware is that Artemis is identifying. You can now see if multiple detections are of the same malware, and better understand the threat posture.
More easily submit a samples when you suspect a false positive detection. With the unique identifier, you no longer need to locate and send a sample to McAfee Avert Labs to submit a service request when you suspect a false positive. If a sample is requested, the unique identifier makes it much easier to locate specific files to send.
Create exclusions for potentially unwanted program detections reported by Artemis.