Detection failure can happen in several scenarios. This article provides a checklist to help you confirm that a valid detection failure has occurred. To learn more about common causes of detection failure, see the articles mentioned in the
Related Information section.
Before you submit a sample to McAfee Labs, do the following to confirm that a valid detection failure has occurred:
- Confirm that the on-access scanner (OAS) was not in a disabled state at the time the suspected malware was copied.
- Check the configuration of the OAS and verify the following:
- The path location where the suspicious file resides is not excluded from the scan.
- The OAS does not have Scan on write disabled.
- Confirm that the DAT file on the system is the latest available production DAT. McAfee typically releases updated DAT files regularly, between 12 p.m. and 1 p.m. (CST).
- Do a full system scan after you make sure that the DAT file is the latest available.
NOTES:
- When you perform a scan, McAfee recommends that you use, and raise the sensitivity to at least Medium for:
- (VSE) Global Threat Intelligence (GTI) by clicking the scan properties Performance tab
- (ENS) On-Access Scan settings in ENS.
- GTI is another detection that is separate from DAT files and commonly produces a detection in the form of 'Artemis!<MD5 hash>', when the DAT files do not contain detection for the threat.
After confirming that your product configuration is
not at fault and the DAT files are up to date, contact Technical Support for further assistance.
Malware, specifically
trojan infections, are highly dynamic, and change quickly. McAfee can help you with sample collection to submit suspicious files to McAfee Labs for analysis; McAfee Labs can then provide extra detection information.
- If you are a registered user, type your User ID and Password, and then click Log In.
- If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.
