Solved

Mcafee not picking up malware such as antivirus antispyware 2011

Posted on 2011-03-08
11
1,978 Views
Last Modified: 2013-12-09
We are running Virus Scan 8.7 (patch 2) with the anti spyware plugin. We haven't really deviated from the default install settings. All clients are running XP SP3.

We have found that we are getting around 1 PC per month infected with fake anti virus software. The latest one is called "Antivirus Antispware 2011". The source of infection is generally compromised web sites.

The mcafee does not seem very good at picking these up and preventing infection. Once the machine is infected i generally have to use tools such as malwarebytes and combofix to clean the machine.

Can aybody advise how i can tweak virus scan so that it prevents these infections? Also, are there any MS patches available or other tools i should be using?
0
Comment
Question by:metamatic
  • 4
  • 2
  • 2
  • +1
11 Comments
 
LVL 16

Expert Comment

by:legalsrl
Comment Utility
OK, we can certainly do this.....

Have you got the Potentially Unwanted Programs tick box set in ePO ?

How many clients do you have ?

Why haven't you kicked your reseller in to configuring it properly for you ?

Cheers
Si
0
 
LVL 16

Expert Comment

by:legalsrl
Comment Utility

VSE 8.7i & AntiSpyware IS a antimalware solution....

In VSE 8.8i, it's further improved with the combination of the two products in to one with a faster scan engine, and 98% accuracy

It's like having a car, and only staying in first gear......if you don't learn to drive ePO, then you're not getting the best out of it....

All Professional Services engagements I've done to properly configure ePO results in a pretty much zero infection rate for the organisation......
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
@synetron,
Let me try it this way.

Anyone posting in the Anti-malware Zones needs to be thoroughly familiar with the information being discussed.

Casual comments can seriously disrupt a qualified Expert from assisting.

Corporate/Enterprise security is a much different animal from personal use/suggestions and many of us have spent several years learning the specifics of this field.

If there are Zones here on EE in which you have some expertise, then please feel free to offer some thoughts.

This question is about a very specific load of McAfee ePO and should be left to those trained and certified with the product.
0
 
LVL 16

Expert Comment

by:legalsrl
Comment Utility
Thanks Vee_Mod

@metamatic - if you come back with the answers, I'll help you to sort out your ePO and configure it....

There are plenty of changes to make to a default installation of ePO to manage VSE directly, and we can make your world a brighter place

Cheers
Si
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:metamatic
Comment Utility
Thanks for the replies. Looks like i've missed an interesting debate as a few comments had been deleted before i got chance to check back!

In answer to your queries...

I have got the unwanted programs box ticked.

I have 80 clients

I have tried to talking to mcafee for help with config but they are more interested in selling me a place on a training course. I've donwloaded various knowledge base articles but really want some real world examples as to what other virusscan users have done.
0
 
LVL 2

Expert Comment

by:tpl415
Comment Utility
We have the same problem where I work (bout 200 workstations) and we have monitoring system tha notifies us when computers get infected and then we use combofix and malwarebytes to remove them.  I believe that it comes down to mcafee being ineffective unfortunately due to licensing we have to use it.  Anyways what I has done is set up windows defender to monitor email, and removable drives, but if you can get away from mcafee I recommend security essentials (they also have an enterprise version), I feel in my own personal use that it does better job then mcafee.  
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
@tpl415,
I suggest that you actually learn how to use McAfee/ePO - it is a pretty amazing product (for those who learn how to use it).

In a cross-domain (Forest) environment it used to give my a consistent 99.99% protection on systems deployed in anywhere from 15-20 countries on a regular basis.

I am fully confident in stating that there is no better product on the market - for those who learn to use it.
0
 
LVL 2

Expert Comment

by:tpl415
Comment Utility
@younghy
You are more then welcome to your opinion and if McAfee works for you then great, but don't assume that I don't know how to use it and that is why I dislike it.  If you were to do a simple google search on opinions of McAfee or McAfee vs. Security Essentials then you would see many more people agree with me.  I am glad that it works for you.  I have used it for a long time and have played with all of the features and what not and I think it is ok, not a bad option, but I personally prefer Security Essentials because it requires less tinkering, takes up less system resources (McAfee can slow older or lower powered computers significantly), and I have found that it detects more malware,spyware and viruses that McAfee in my experience.  
0
 
LVL 16

Accepted Solution

by:
legalsrl earned 500 total points
Comment Utility
@tpl415, sounds like you had a bad experience with McAfee.....probably configured wrong.....I spend most of my time fixing ePO
installations that are poorly configured.....from SMB to Fortune 500.......you should try the latest version 8.8i.....

Also, SE does not protect against unauthorised traffic over TCP 25, nor does it block IRC communication......the 2 most common methods of malware replication today...

Anyway, back to the question.....

Good things to do in ePO

1.  Set up Active Directory Synchronisation and deploy agents to any new found machines....
2.  Create a client task that deploys VSE automatically when the agent checks in (it will run a full scan by default)
3.  Set up the Exclusions as the McAfee KB articles for Exchange, Domain Controllers and SQL Servers
4.  Set up notifications to alert you when malware is found and NOT handled
5.  Create a Repository Pull task that runs daily
6.  Create a Update Task for machines to update daily
7.  Set up Rogue System Detection to alert you, and deploy agents when Rogues are found
8.  Create a query in ePO to provide you with a list of all machines that have not checked in to ePO for 3 days, then redeploy agents to that list

Also, ensure that you have heuristics (Artemis) enabled and upgrade to the latest and greatest 8.8i as this combines VSE and AntiSpyware as well as using Global Threat Intelligence......

Let me know if you need to know any more

Cheers
Simon
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
This video discusses moving either the default database or any database to a new volume.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now