This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations. Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.
Solved
Mcafee not picking up malware such as antivirus antispyware 2011
Posted on 2011-03-08
We are running Virus Scan 8.7 (patch 2) with the anti spyware plugin. We haven't really deviated from the default install settings. All clients are running XP SP3.
We have found that we are getting around 1 PC per month infected with fake anti virus software. The latest one is called "Antivirus Antispware 2011". The source of infection is generally compromised web sites.
The mcafee does not seem very good at picking these up and preventing infection. Once the machine is infected i generally have to use tools such as malwarebytes and combofix to clean the machine.
Can aybody advise how i can tweak virus scan so that it prevents these infections? Also, are there any MS patches available or other tools i should be using?
We have found that we are getting around 1 PC per month infected with fake anti virus software. The latest one is called "Antivirus Antispware 2011". The source of infection is generally compromised web sites.
The mcafee does not seem very good at picking these up and preventing infection. Once the machine is infected i generally have to use tools such as malwarebytes and combofix to clean the machine.
Can aybody advise how i can tweak virus scan so that it prevents these infections? Also, are there any MS patches available or other tools i should be using?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
2
-
2
- +1
11 Comments
OK, we can certainly do this.....
Have you got the Potentially Unwanted Programs tick box set in ePO ?
How many clients do you have ?
Why haven't you kicked your reseller in to configuring it properly for you ?
Cheers
Si
Have you got the Potentially Unwanted Programs tick box set in ePO ?
How many clients do you have ?
Why haven't you kicked your reseller in to configuring it properly for you ?
Cheers
Si
VSE 8.7i & AntiSpyware IS a antimalware solution....
In VSE 8.8i, it's further improved with the combination of the two products in to one with a faster scan engine, and 98% accuracy
It's like having a car, and only staying in first gear......if you don't learn to drive ePO, then you're not getting the best out of it....
All Professional Services engagements I've done to properly configure ePO results in a pretty much zero infection rate for the organisation......
@synetron,
Let me try it this way.
Anyone posting in the Anti-malware Zones needs to be thoroughly familiar with the information being discussed.
Casual comments can seriously disrupt a qualified Expert from assisting.
Corporate/Enterprise security is a much different animal from personal use/suggestions and many of us have spent several years learning the specifics of this field.
If there are Zones here on EE in which you have some expertise, then please feel free to offer some thoughts.
This question is about a very specific load of McAfee ePO and should be left to those trained and certified with the product.
Let me try it this way.
Anyone posting in the Anti-malware Zones needs to be thoroughly familiar with the information being discussed.
Casual comments can seriously disrupt a qualified Expert from assisting.
Corporate/Enterprise security is a much different animal from personal use/suggestions and many of us have spent several years learning the specifics of this field.
If there are Zones here on EE in which you have some expertise, then please feel free to offer some thoughts.
This question is about a very specific load of McAfee ePO and should be left to those trained and certified with the product.
Thanks Vee_Mod
@metamatic - if you come back with the answers, I'll help you to sort out your ePO and configure it....
There are plenty of changes to make to a default installation of ePO to manage VSE directly, and we can make your world a brighter place
Cheers
Si
@metamatic - if you come back with the answers, I'll help you to sort out your ePO and configure it....
There are plenty of changes to make to a default installation of ePO to manage VSE directly, and we can make your world a brighter place
Cheers
Si
Thanks for the replies. Looks like i've missed an interesting debate as a few comments had been deleted before i got chance to check back!
In answer to your queries...
I have got the unwanted programs box ticked.
I have 80 clients
I have tried to talking to mcafee for help with config but they are more interested in selling me a place on a training course. I've donwloaded various knowledge base articles but really want some real world examples as to what other virusscan users have done.
In answer to your queries...
I have got the unwanted programs box ticked.
I have 80 clients
I have tried to talking to mcafee for help with config but they are more interested in selling me a place on a training course. I've donwloaded various knowledge base articles but really want some real world examples as to what other virusscan users have done.
We have the same problem where I work (bout 200 workstations) and we have monitoring system tha notifies us when computers get infected and then we use combofix and malwarebytes to remove them. I believe that it comes down to mcafee being ineffective unfortunately due to licensing we have to use it. Anyways what I has done is set up windows defender to monitor email, and removable drives, but if you can get away from mcafee I recommend security essentials (they also have an enterprise version), I feel in my own personal use that it does better job then mcafee.
@tpl415,
I suggest that you actually learn how to use McAfee/ePO - it is a pretty amazing product (for those who learn how to use it).
In a cross-domain (Forest) environment it used to give my a consistent 99.99% protection on systems deployed in anywhere from 15-20 countries on a regular basis.
I am fully confident in stating that there is no better product on the market - for those who learn to use it.
I suggest that you actually learn how to use McAfee/ePO - it is a pretty amazing product (for those who learn how to use it).
In a cross-domain (Forest) environment it used to give my a consistent 99.99% protection on systems deployed in anywhere from 15-20 countries on a regular basis.
I am fully confident in stating that there is no better product on the market - for those who learn to use it.
@younghy
You are more then welcome to your opinion and if McAfee works for you then great, but don't assume that I don't know how to use it and that is why I dislike it. If you were to do a simple google search on opinions of McAfee or McAfee vs. Security Essentials then you would see many more people agree with me. I am glad that it works for you. I have used it for a long time and have played with all of the features and what not and I think it is ok, not a bad option, but I personally prefer Security Essentials because it requires less tinkering, takes up less system resources (McAfee can slow older or lower powered computers significantly), and I have found that it detects more malware,spyware and viruses that McAfee in my experience.
You are more then welcome to your opinion and if McAfee works for you then great, but don't assume that I don't know how to use it and that is why I dislike it. If you were to do a simple google search on opinions of McAfee or McAfee vs. Security Essentials then you would see many more people agree with me. I am glad that it works for you. I have used it for a long time and have played with all of the features and what not and I think it is ok, not a bad option, but I personally prefer Security Essentials because it requires less tinkering, takes up less system resources (McAfee can slow older or lower powered computers significantly), and I have found that it detects more malware,spyware and viruses that McAfee in my experience.
@tpl415, sounds like you had a bad experience with McAfee.....probably configured wrong.....I spend most of my time fixing ePO
installations that are poorly configured.....from SMB to Fortune 500.......you should try the latest version 8.8i.....
Also, SE does not protect against unauthorised traffic over TCP 25, nor does it block IRC communication......the 2 most common methods of malware replication today...
Anyway, back to the question.....
Good things to do in ePO
1. Set up Active Directory Synchronisation and deploy agents to any new found machines....
2. Create a client task that deploys VSE automatically when the agent checks in (it will run a full scan by default)
3. Set up the Exclusions as the McAfee KB articles for Exchange, Domain Controllers and SQL Servers
4. Set up notifications to alert you when malware is found and NOT handled
5. Create a Repository Pull task that runs daily
6. Create a Update Task for machines to update daily
7. Set up Rogue System Detection to alert you, and deploy agents when Rogues are found
8. Create a query in ePO to provide you with a list of all machines that have not checked in to ePO for 3 days, then redeploy agents to that list
Also, ensure that you have heuristics (Artemis) enabled and upgrade to the latest and greatest 8.8i as this combines VSE and AntiSpyware as well as using Global Threat Intelligence......
Let me know if you need to know any more
Cheers
Simon
installations that are poorly configured.....from SMB to Fortune 500.......you should try the latest version 8.8i.....
Also, SE does not protect against unauthorised traffic over TCP 25, nor does it block IRC communication......the 2 most common methods of malware replication today...
Anyway, back to the question.....
Good things to do in ePO
1. Set up Active Directory Synchronisation and deploy agents to any new found machines....
2. Create a client task that deploys VSE automatically when the agent checks in (it will run a full scan by default)
3. Set up the Exclusions as the McAfee KB articles for Exchange, Domain Controllers and SQL Servers
4. Set up notifications to alert you when malware is found and NOT handled
5. Create a Repository Pull task that runs daily
6. Create a Update Task for machines to update daily
7. Set up Rogue System Detection to alert you, and deploy agents when Rogues are found
8. Create a query in ePO to provide you with a list of all machines that have not checked in to ePO for 3 days, then redeploy agents to that list
Also, ensure that you have heuristics (Artemis) enabled and upgrade to the latest and greatest 8.8i as this combines VSE and AntiSpyware as well as using Global Threat Intelligence......
Let me know if you need to know any more
Cheers
Simon
Featured Post
ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.
One of a set of tools we're offering as a way to say thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY
PROBLEM
If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network.
In my case, the …
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
- Anti-Virus Apps
- Ransomware
- The Email Laundry
- Email Servers
- Cybersecurity
- Microsoft Access, *malware
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email
Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses
Course of the Month10 days, 9 hours left to enroll
618 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.