Machine Vision

Hi sliber,

The file in question is installed with the name flashupdate.exe, which is used to update the BIOS on certain LabVIEW Real-Time Targets. In this case, it is used for the Compact Vision System 145x series (CVS) of products. It runs directly on the CVS, and is not a valid Win32 application - it cannot run on Windows platforms and nor cause any issues there.

There is a known issue with certain pieces of our software showing up as false positives in McAfee and/or Symantec. R&D is tracking these pieces, and the file you mentioned has already been added to the list - this particular file was reported to R&D for further investigation in January of 2009 (CAR #141629). If you would like further reassurance that the file is not a virus, you can submit the file through McAfee's threat submission process, or NI can provide you a written letter stating the same if you would like.

I was unable to reproduce a positive scan result using McAfee Agent 4.50.1429 with definitions from Sept 15, 2010 (v. 6107.0000), but my initial guess would be that your McAfee client is sending up a red flag because of the flashupdate.exe name embedded within the file. It might think it is Adobe Flash related, or the "update" part of the name might cause it to look at the file differently.

Is there any more information you can provide us that would help us in figuring out under what circumstances the file may be caught as a potential virus, including your virus definition file version and OS? If you are not currently running the latest version of the definition files, it is possible that McAfee has released an update for your engine which no longer registers the file as a threat.

For reference, I ran a virus scan using McAfee Agent 4.5 and the above definitions file for on both Windows 7 64-bit, and Windows XP 32-bit.

The alarm is set when I unzip the installer, copy the files or run the installer. I use WinXP Pro 32-bit in a corporate environment. McAfee reports the suspect as

Artemis!4B326DC24279.

McAfee Agent: 4.0.0.1494, virus definitions updated daily (the latest were applied today, 9/20).

Is there any means of working around this file? I am not planning to use Image Acquisition with real-time targets.

Thanks!

Hi sliber,

Your McAfee agent should have settings to ignore the file in future On-Access Scan attempts. If it does not give you an "Ignore" option when the pop-up comes up while accessing the .cab file or running setup.exe, right click the McAfee Agent tray icon and navigate to Quick Settings»On-Access Scan Properties. From there, go to General Settings»Exclusions and add exclusions for the imaqcfg.cab and the final destination of the file: **\7046\flashUpdate.exe

See if that suppresses the popup after that.

By the way, it appears as though Artemis is the heuristics technology McAfee uses to try and determine whether unknown files are threats which do not have entries in the DAT definition files. So the Artemis tag given to the file doesn't indicate fit is an unknown variant of a known threat called Artemis, it's just a generic name given by the Artemis engine.