Mcafee claims hostassignment.exe is a trojan Artemis!15B30775AE5F
I can roll out Teamviewer 12 because Mcafee claims there is a trojan and therefore the file is automatically deleted by OnAccessScan
cairns ran C:\Windows\explorer.exe, which attempted to access xxxxxTeamViewer_Assignment.exe. The Trojan named Artemis!15B30775AE5F was detected and deleted.
Analyzer / Detector
Analyzer content creation date 15/1/2017 06:35
Product name McAfee Endpoint Security
Product version 10.5.0.581
McAfee GTI query Yes
Task name On-Access Scan
Feature name On-Access Scan
Threat
Action taken Delete
Threat category Malware detected
Threat detected on creation Yes
Threat event ID 1027
Threat handled Yes
Threat name Artemis!15B30775AE5F
Threat severity Critical
Threat timestamp 16/1/2017 10:06
Threat type Trojan
Source
Source hostName xxxx
Source process name C:\Windows\explorer.exe
Target
Target access time 16/1/2017 10:04
Target create time 16/1/2017 10:04
Target file size (bytes) 3132624
Target hash 15b30775ae5f6f880c13e874c8181f3a
Target host name xxxxx
Target modify time 23/11/2016 14:35
Target name TeamViewer_Assignment.exe
Target path xxxxx
Target user name xxx\xxxx
Other
Vector type Local System
Cleanable Yes
Detection message McAfee Endpoint Security detected a threat.
Detection quarantine ID {84F58F42-EF21-4B48-81A9-5DFA922E0A95}
Duration before detection (days) 0
Description xx\xxx ran C:\Windows\explorer.exe, which attempted to access \Users\xxx\TeamViewer_Assignment.exe. The Trojan named Artemis!15B30775AE5F was detected and deleted.
First action status Succeeded
First attempted action Clean
Second action status Succeeded
Second attempted action Delete
Best Answer
-
Hi dcairns,
Thanks for bringing this to our attention! This is actually a "false positive" on the part of McAfee - they are falsely reporting the file as being a trojan when, in fact, it is not.
If you check the file at VirusTotal.com (direct link to the report here), you'll see that only McAfee's antivirus engine is reporting the file as being malicious. The other 55 antivirus engines correctly report the file as being safe. It's also noteworthy that the date of McAfee's virus signatures there is "20170108" while the dates of the other engines are all "20170116" - ie. McAfee's signatures are old.
In any case, we have already reported this false positive to McAfee earlier today, and we expect them to fix the issue as soon as possible.
For more info on false positives, have a read of our Knowledge Base article on the topic here:
https://community.teamviewer.com/t5/Knowledge-Base/What-is-a-false-positive/ta-p/1962Regards,
Jeremy
TeamViewer Quality Assurance Engineer5
Answers
-
Hi dcairns,
Thanks for bringing this to our attention! This is actually a "false positive" on the part of McAfee - they are falsely reporting the file as being a trojan when, in fact, it is not.
If you check the file at VirusTotal.com (direct link to the report here), you'll see that only McAfee's antivirus engine is reporting the file as being malicious. The other 55 antivirus engines correctly report the file as being safe. It's also noteworthy that the date of McAfee's virus signatures there is "20170108" while the dates of the other engines are all "20170116" - ie. McAfee's signatures are old.
In any case, we have already reported this false positive to McAfee earlier today, and we expect them to fix the issue as soon as possible.
For more info on false positives, have a read of our Knowledge Base article on the topic here:
https://community.teamviewer.com/t5/Knowledge-Base/What-is-a-false-positive/ta-p/1962Regards,
Jeremy
TeamViewer Quality Assurance Engineer5