Loading...

Knowledge Center


Identification of generically detected malware (Global Threat Intelligence detections)
Technical Articles ID:  KB65525
Last Modified:  03/19/2014
Rated:


Environment

McAfee SaaS Endpoint Protection 6.0, 5.x
McAfee Global Threat Intelligence
McAfee VirusScan Enterprise 8.x

For product supported environments, see KB60533.

Summary

This article provides information on Global Threat Intelligence (GTI) functionality for listing specific detected malware names.

To provide increased proactive detection, McAfee has chosen to detect some malware generically. This means that new malware can be detected earlier in the wild, and some detection names will be generalized rather than providing a specific name for the infection.

Examples:
  • Generic.dx
  • Generic!Artemis
Because the name assigned to these detections is generic, it can be difficult to restore specific GTI detections from quarantine and differentiate between specific threats in reports. To counter this, McAfee Labs has recently added a unique identifier to the end of GTI identifications, so that when GTI identifies malware, an additional unique identifier is shown.

Example:

Old detection:  Generic!Artemis  
New detection: Artemis!1234567890AB The bold text equals the first 12 hexadecimal characters of an MD5 hash.
 

Adding the unique tagging for detections enables you to do the following:
  • More easily restore items from quarantine via ePolicy Orchestrator (ePO).
    You can use the full detection name to enable restore from quarantine for just the one detection rather than all GTI detections.
     
  • Create reports detailing how unique the malware is that GTI is identifying.
    You can see if multiple detections are of the same malware, and better understand the threat posture.
     
  • More easily submit samples when you suspect a false positive detection.
    With the unique identifier, you no longer have to locate and send a sample to McAfee Labs to submit a Service Request when you suspect a false positive. If a sample is requested, the unique identifier makes it much easier to locate specific files to send.
     
  • Create exclusions for potentially unwanted program detections reported by GTI.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Glossary of Technical Terms


Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.
United States - English
© 2003-2013 McAfee, Inc.