is the "Active Protection" component of McAfee's Security Center which uses a combination of signature and behavior analysis to check with McAfee servers in real-time to identify possible new malware threats. This is accomplished by adding heuristics
to the virus database. McAfee then uses this heuristic detection to analyze the cataloged behaviors and assess the likelihood of possible new variants of malware
before the vendor can get samples and update the program's definitions for detection.
In general, heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus
. The disadvantage
to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk
for a "false positive
" when the heuristic analysis flags a file as suspicious
that contains no malware.
Artemis is not
the name of an actual virus, but an alert displayed by McAfee when it thinks it may have found a new virus
. These detected files may
or may not
be malicious. McAfee advises to forward these files to the Avert Lab's Threat Center if you think it was a false detection so it can be excluded from the database automatically. For more specific information, please refer to "Artemis" & Other Possibly False Detections
If you're not sure about the detection, McAfee asks that you submit a sample directly to McAfee Labs so they can investigate further. To do this, please refer to Submit a Sample To McAfee
Edit: The information I provided did not change with this edit. I reworded a sentence for clarity and fixed a broken link.
Edited by quietman7, 12 February 2011 - 10:13 AM.