Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Desktop security.

Posted on 2014-10-22
5
214 Views
Last Modified: 2014-11-04
Our company Windows 7 workstations is running latest Mcafee VSE 8.8 and patch.  A lot of them are being infected by malware.zeroday, cryptoware or something similar.

The workstation also receive Microsoft patches periodically.  

Can someone advise if there is additional thing(s) we could do to make the blocking stronger?

Thanks.
0
Comment
Question by:nav2567
5 Comments
 
LVL 11

Expert Comment

by:epichero22
ID: 40397724
Are they being infected with the McAfee software enabled?  At this point, I would either tighten your security GPOs or simply create a standard user account for users to log into.  You also may want to consider repairing the OS once the viruses are removed.
0
 
LVL 13

Assisted Solution

by:Rizzle
Rizzle earned 334 total points
ID: 40397773
I would make sure of the below to help stop getting infected.

1. Your Anti-Virus is actively monitoring any activity on the machine
2. The Anti-Virus is up to date with the latest infections database
3. Ensure users don't have right to download/install .exes
4. Ensure the machines have the latest Windows updates installed
5. Give user awareness training on not to click pop up, unknown links in emails and also go to unknown websites.
0
 

Author Comment

by:nav2567
ID: 40398125
Thanks guys.

We have this "f33b2d1.exe" which got into the c:\users\user\appdata\roaming folder for some reason.

I scanned it from virustotal and only three vendors recognize it.  

Again, the PC has latest Mcafee VSE and being real time monitored.  The user does not have local admin right to the PC.
0
 
LVL 13

Accepted Solution

by:
Rizzle earned 334 total points
ID: 40398641
Would probably be worth notify mcafee then as that shouldn't be happening. Atleast if there is an issue with the definitions or active monitoring they can resolve this. To resolve this issue in the short term download and run Malwarebytes.

Maybe ask the users what sites they're visiting to see if one is where the infections are coming from.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 40399091
"f33b2d1.exe...I scanned it from virustotal and only three vendors recognize it." - just imagine: virus authors know virustotal.com, too. They like it a lot. They use it to modify their viruses as long, as no virus scanner will recognize them. Yes, true.

Don't ever rely on Antivirus softwares. AV is just a small tiny piece of the security puzzle.
A virus wants to start on each reboot. In order to do that, it writes some exe to startable areas as %appdata%. Can we deny write access there? This will be difficult, as legitimate programs write there, too. But we can deny write access to startup entries, so the virus will not start on next reboot (or setting it up will fail altogether). This principle "no autostarts for users" is old but good. The german IT magazine CT had a tool that helped configuring it, it was called kafu.exe - google it, you'll still find it.

Apart from that, you could establish policies for applocker (or software restriction policies) that deny starting executables from certain paths or even resort to whitelisting only known executables. Unknown ones will not even run.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain admin accounts get locked out 35 81
Non admin needs to install programs 17 67
Home firewall recommendations 11 54
sftp vs SendThisFile 9 23
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question