This article provides information about GTI functionality for listing specific detected malware names.
To provide increased proactive detection, McAfee Labs has chosen to detect some malware generically. New malware can be detected earlier in the wild, and some detection names are generalized rather than providing a specific name for the infection.
Examples:
- Generic.dx
- Generic!Artemis
Because the name assigned to these detections is generic, it can be hard to restore specific GTI detections from quarantine and differentiate between specific threats in reports. So, McAfee Labs has recently added a unique identifier to the end of GTI identifications. When GTI identifies malware, a unique identifier is shown.
Example:
| Old detection: |
Generic!Artemis |
|
| New detection: |
Artemis!1234567890AB |
The bold text equals the first 12 hexadecimal characters of an MD5 hash. |
Adding the unique tagging for detections enables you to do the following:
- More easily restore items from quarantine via ePolicy Orchestrator.
You can use the full detection name to enable restore from quarantine for just the one detection rather than all GTI detections.
- Create reports detailing how unique the malware is that GTI is identifying.
You can see if multiple detections are of the same malware, and better understand the threat posture.
- More easily submit samples when you suspect a false positive detection.
With the unique identifier, when you suspect a false positive and want to submit a Service Request, you no longer have to locate and send a sample to McAfee Labs. If a sample is requested, the unique identifier makes it much easier to locate specific files to send.
- Create exclusions for potentially unwanted program detections reported by GTI.
