WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out this quarters report on the threats that shook the industry in Q4 2017.
Mcafee not picking up malware such as antivirus antispyware 2011
We are running Virus Scan 8.7 (patch 2) with the anti spyware plugin. We haven't really deviated from the default install settings. All clients are running XP SP3.
We have found that we are getting around 1 PC per month infected with fake anti virus software. The latest one is called "Antivirus Antispware 2011". The source of infection is generally compromised web sites.
The mcafee does not seem very good at picking these up and preventing infection. Once the machine is infected i generally have to use tools such as malwarebytes and combofix to clean the machine.
Can aybody advise how i can tweak virus scan so that it prevents these infections? Also, are there any MS patches available or other tools i should be using?
We have found that we are getting around 1 PC per month infected with fake anti virus software. The latest one is called "Antivirus Antispware 2011". The source of infection is generally compromised web sites.
The mcafee does not seem very good at picking these up and preventing infection. Once the machine is infected i generally have to use tools such as malwarebytes and combofix to clean the machine.
Can aybody advise how i can tweak virus scan so that it prevents these infections? Also, are there any MS patches available or other tools i should be using?
Asked:
4-
2
-
2
- +1
1 Solution
VSE 8.7i & AntiSpyware IS a antimalware solution....
In VSE 8.8i, it's further improved with the combination of the two products in to one with a faster scan engine, and 98% accuracy
It's like having a car, and only staying in first gear......if you don't learn to drive ePO, then you're not getting the best out of it....
All Professional Services engagements I've done to properly configure ePO results in a pretty much zero infection rate for the organisation......
@synetron,
Let me try it this way.
Anyone posting in the Anti-malware Zones needs to be thoroughly familiar with the information being discussed.
Casual comments can seriously disrupt a qualified Expert from assisting.
Corporate/Enterprise security is a much different animal from personal use/suggestions and many of us have spent several years learning the specifics of this field.
If there are Zones here on EE in which you have some expertise, then please feel free to offer some thoughts.
This question is about a very specific load of McAfee ePO and should be left to those trained and certified with the product.
Let me try it this way.
Anyone posting in the Anti-malware Zones needs to be thoroughly familiar with the information being discussed.
Casual comments can seriously disrupt a qualified Expert from assisting.
Corporate/Enterprise security is a much different animal from personal use/suggestions and many of us have spent several years learning the specifics of this field.
If there are Zones here on EE in which you have some expertise, then please feel free to offer some thoughts.
This question is about a very specific load of McAfee ePO and should be left to those trained and certified with the product.
Thanks Vee_Mod
@metamatic - if you come back with the answers, I'll help you to sort out your ePO and configure it....
There are plenty of changes to make to a default installation of ePO to manage VSE directly, and we can make your world a brighter place
Cheers
Si
@metamatic - if you come back with the answers, I'll help you to sort out your ePO and configure it....
There are plenty of changes to make to a default installation of ePO to manage VSE directly, and we can make your world a brighter place
Cheers
Si
Thanks for the replies. Looks like i've missed an interesting debate as a few comments had been deleted before i got chance to check back!
In answer to your queries...
I have got the unwanted programs box ticked.
I have 80 clients
I have tried to talking to mcafee for help with config but they are more interested in selling me a place on a training course. I've donwloaded various knowledge base articles but really want some real world examples as to what other virusscan users have done.
In answer to your queries...
I have got the unwanted programs box ticked.
I have 80 clients
I have tried to talking to mcafee for help with config but they are more interested in selling me a place on a training course. I've donwloaded various knowledge base articles but really want some real world examples as to what other virusscan users have done.
We have the same problem where I work (bout 200 workstations) and we have monitoring system tha notifies us when computers get infected and then we use combofix and malwarebytes to remove them. I believe that it comes down to mcafee being ineffective unfortunately due to licensing we have to use it. Anyways what I has done is set up windows defender to monitor email, and removable drives, but if you can get away from mcafee I recommend security essentials (they also have an enterprise version), I feel in my own personal use that it does better job then mcafee.
@tpl415,
I suggest that you actually learn how to use McAfee/ePO - it is a pretty amazing product (for those who learn how to use it).
In a cross-domain (Forest) environment it used to give my a consistent 99.99% protection on systems deployed in anywhere from 15-20 countries on a regular basis.
I am fully confident in stating that there is no better product on the market - for those who learn to use it.
I suggest that you actually learn how to use McAfee/ePO - it is a pretty amazing product (for those who learn how to use it).
In a cross-domain (Forest) environment it used to give my a consistent 99.99% protection on systems deployed in anywhere from 15-20 countries on a regular basis.
I am fully confident in stating that there is no better product on the market - for those who learn to use it.
@younghy
You are more then welcome to your opinion and if McAfee works for you then great, but don't assume that I don't know how to use it and that is why I dislike it. If you were to do a simple google search on opinions of McAfee or McAfee vs. Security Essentials then you would see many more people agree with me. I am glad that it works for you. I have used it for a long time and have played with all of the features and what not and I think it is ok, not a bad option, but I personally prefer Security Essentials because it requires less tinkering, takes up less system resources (McAfee can slow older or lower powered computers significantly), and I have found that it detects more malware,spyware and viruses that McAfee in my experience.
You are more then welcome to your opinion and if McAfee works for you then great, but don't assume that I don't know how to use it and that is why I dislike it. If you were to do a simple google search on opinions of McAfee or McAfee vs. Security Essentials then you would see many more people agree with me. I am glad that it works for you. I have used it for a long time and have played with all of the features and what not and I think it is ok, not a bad option, but I personally prefer Security Essentials because it requires less tinkering, takes up less system resources (McAfee can slow older or lower powered computers significantly), and I have found that it detects more malware,spyware and viruses that McAfee in my experience.
@tpl415, sounds like you had a bad experience with McAfee.....probably configured wrong.....I spend most of my time fixing ePO
installations that are poorly configured.....from SMB to Fortune 500.......you should try the latest version 8.8i.....
Also, SE does not protect against unauthorised traffic over TCP 25, nor does it block IRC communication......the 2 most common methods of malware replication today...
Anyway, back to the question.....
Good things to do in ePO
1. Set up Active Directory Synchronisation and deploy agents to any new found machines....
2. Create a client task that deploys VSE automatically when the agent checks in (it will run a full scan by default)
3. Set up the Exclusions as the McAfee KB articles for Exchange, Domain Controllers and SQL Servers
4. Set up notifications to alert you when malware is found and NOT handled
5. Create a Repository Pull task that runs daily
6. Create a Update Task for machines to update daily
7. Set up Rogue System Detection to alert you, and deploy agents when Rogues are found
8. Create a query in ePO to provide you with a list of all machines that have not checked in to ePO for 3 days, then redeploy agents to that list
Also, ensure that you have heuristics (Artemis) enabled and upgrade to the latest and greatest 8.8i as this combines VSE and AntiSpyware as well as using Global Threat Intelligence......
Let me know if you need to know any more
Cheers
Simon
installations that are poorly configured.....from SMB to Fortune 500.......you should try the latest version 8.8i.....
Also, SE does not protect against unauthorised traffic over TCP 25, nor does it block IRC communication......the 2 most common methods of malware replication today...
Anyway, back to the question.....
Good things to do in ePO
1. Set up Active Directory Synchronisation and deploy agents to any new found machines....
2. Create a client task that deploys VSE automatically when the agent checks in (it will run a full scan by default)
3. Set up the Exclusions as the McAfee KB articles for Exchange, Domain Controllers and SQL Servers
4. Set up notifications to alert you when malware is found and NOT handled
5. Create a Repository Pull task that runs daily
6. Create a Update Task for machines to update daily
7. Set up Rogue System Detection to alert you, and deploy agents when Rogues are found
8. Create a query in ePO to provide you with a list of all machines that have not checked in to ePO for 3 days, then redeploy agents to that list
Also, ensure that you have heuristics (Artemis) enabled and upgrade to the latest and greatest 8.8i as this combines VSE and AntiSpyware as well as using Global Threat Intelligence......
Let me know if you need to know any more
Cheers
Simon
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
Have you got the Potentially Unwanted Programs tick box set in ePO ?
How many clients do you have ?
Why haven't you kicked your reseller in to configuring it properly for you ?
Cheers
Si