Seyyed Akram

Level 8
Verified
McAfee software uses our Global Threat Intelligence (GTI, formerly Artemis) technology for enhanced detection of unknown threats based on the behavior of the file.

Artemis is included in the detection name for any file that is quarantined or blocked by GTI. Artemis in this case is not the name of a virus or malware; it indicates that something else was quarantined or blocked by GTI

GTI helps to secure your computer from unknown threats by allowing your McAfee software to communicate with McAfee servers in real time to identify new threats and take appropriate action using a combination of signature and behavior analysis with community threat intelligence.

GTI will quickly notify you if the file should be blocked or quarantined through the following steps:

  1. VirusScan detects a suspicious file for which there is no signature in the .DAT database on your computer.
  2. Using Global Threat Intelligence, your computer sends a fingerprint of the file to the comprehensive database at McAfee Labs.
  3. If the fingerprint is identified as known malware, an appropriate response is sent to you to block or quarantine the file.

This additional protection is automatically included with your McAfee software.

Source
 

Seyyed Akram

Level 8
Verified
Also called JTI? It's correct?
I don't think so that both are the same. If the JTI/suspect detection have a 12-digit Artemis associated with it, then it is a cloud detection, otherwise it is detected locally by some kind of heuristics.


Edit: this type of detection has a possibility of being FP.



 

Mahesh Sudula

Level 16
Verified
Malware Tester
The real question is how often does the cloud synchronize?
Because my McAfee is not detecting this sample with the cloud (JTI/ old Artemis)

View attachment 218272

Here the link: https://www.virustotal.com/gui/file/8d28f544fe92b97fbc56398b5db76d1973dc7283ba69cfe443b4be5789f9f448/detection
On execution, it works and triggers JTI/Suspect!
Remember this means, the file is already analyzed by their Cloud (manual analysis I mean) and awaiting a signature to get assigned
 

Seyyed Akram

Level 8
Verified
Did you try Mcafee ?? what is your opinion ??:unsure::unsure:
It is light and it offers good protection. I am very careful so I don't need to pair it with anything else. A friend of mine is using MB premium alongside it and he confirmed that there is no slowdowns at all. Mcafee has improved a lot. It is good but not the best. I have a 4-year subscription, so I believe it is worth to use it.

My McAfee also can't detect it on execution.
According to VT link you provided it should be detected by Mcafee's cloud as "Artemis!2DE23AE8B968 ". Please try to rung the sample again and see what happens.
 

DDE_Server

Level 5
It is light and it offers good protection. I am very careful so I don't need to pair it with anything else. A friend of mine is using MB premium alongside it and he confirmed that there is no slowdowns at all. Mcafee has improved a lot. It is good but not the best. I have a 4-year subscription, so I believe it is worth to use it.
maybe be i will try it after my emsisoft subscription Ends which will be in 9/2020 (as i have one year giveaway in addition to my current subscription) but i would recommend to combine it with good behavior blocker such as OSA or Vodooshield (as it is behavior blocker "file inspector is very week against ransomware )
 

Mahesh Sudula

Level 16
Verified
Malware Tester
@Mahesh Sudula Have you every submitted infected samples to Mcafee labs for analysis? If yes, what was your experience. I mean how much time does the submitted sample to be added to their cloud or signatures?
No.. Most of the times if system is infected
Mcafee would catch it by cloud one to two hours later (Jti/Suspect)similar to Eset
However, first person should sacrifice!