Solved

Desktop security.

Posted on 2014-10-22
5
210 Views
Last Modified: 2014-11-04
Our company Windows 7 workstations is running latest Mcafee VSE 8.8 and patch.  A lot of them are being infected by malware.zeroday, cryptoware or something similar.

The workstation also receive Microsoft patches periodically.  

Can someone advise if there is additional thing(s) we could do to make the blocking stronger?

Thanks.
0
Comment
Question by:nav2567
5 Comments
 
LVL 11

Expert Comment

by:epichero22
ID: 40397724
Are they being infected with the McAfee software enabled?  At this point, I would either tighten your security GPOs or simply create a standard user account for users to log into.  You also may want to consider repairing the OS once the viruses are removed.
0
 
LVL 13

Assisted Solution

by:Rizzle
Rizzle earned 334 total points
ID: 40397773
I would make sure of the below to help stop getting infected.

1. Your Anti-Virus is actively monitoring any activity on the machine
2. The Anti-Virus is up to date with the latest infections database
3. Ensure users don't have right to download/install .exes
4. Ensure the machines have the latest Windows updates installed
5. Give user awareness training on not to click pop up, unknown links in emails and also go to unknown websites.
0
 

Author Comment

by:nav2567
ID: 40398125
Thanks guys.

We have this "f33b2d1.exe" which got into the c:\users\user\appdata\roaming folder for some reason.

I scanned it from virustotal and only three vendors recognize it.  

Again, the PC has latest Mcafee VSE and being real time monitored.  The user does not have local admin right to the PC.
0
 
LVL 13

Accepted Solution

by:
Rizzle earned 334 total points
ID: 40398641
Would probably be worth notify mcafee then as that shouldn't be happening. Atleast if there is an issue with the definitions or active monitoring they can resolve this. To resolve this issue in the short term download and run Malwarebytes.

Maybe ask the users what sites they're visiting to see if one is where the infections are coming from.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 40399091
"f33b2d1.exe...I scanned it from virustotal and only three vendors recognize it." - just imagine: virus authors know virustotal.com, too. They like it a lot. They use it to modify their viruses as long, as no virus scanner will recognize them. Yes, true.

Don't ever rely on Antivirus softwares. AV is just a small tiny piece of the security puzzle.
A virus wants to start on each reboot. In order to do that, it writes some exe to startable areas as %appdata%. Can we deny write access there? This will be difficult, as legitimate programs write there, too. But we can deny write access to startup entries, so the virus will not start on next reboot (or setting it up will fail altogether). This principle "no autostarts for users" is old but good. The german IT magazine CT had a tool that helped configuring it, it was called kafu.exe - google it, you'll still find it.

Apart from that, you could establish policies for applocker (or software restriction policies) that deny starting executables from certain paths or even resort to whitelisting only known executables. Unknown ones will not even run.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Virus On motherboard 6 64
Botnet detection help me please 21 113
Windows Security warnings have started to pop up excessively 4 52
php extract($_REQUEST) 5 47
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question