My OS is win 7 64 bit and the only anti virus I have is the win 7's own, Security Essentials.  Somehow Zemana Anti Malware got onboard.  Please advise if my present Security Essentials is sufficient enough or should I install Zemana also, or if there is a better choice.  thanks

Hi, I'm looking for an antivirus solution for one Windows Server 2012 R2.  I normally don't care about that because I don't do browsing from the server, but I have a client that is insisting on it.  I'm hoping for something light that isn't too draconian.

Also side note, am I on crack for not AVing my servers?  I have never had an issue.

thanks all.

Greetings,

Unfortunately I recently had to deal with a ransomware attack at a client.  It was the W32 CoinMiner Trojan.  The virus infected a new Windows 2016-based Parallels RAS server I was preparing for rollout, and it used that server as a launch point to attack and encrypt files in every non-hidden share across the network.  A couple of servers were heavily infected beyond repair.  Luckily I employ Veeam backup and replication for the client and was able to restore the infected servers to a clean state from the previous night.  Bi-hourly replication jobs using Veeam of the main data file servers allowed me to recover data to within a 2 hour recovery period.  The network is a VMware Esxi 5.5-based environment that uses 2 physical hosts, a primary host which contains the main operating servers, and a 2nd host which operates as the replication target.  Veeam 9.X is used to regularly replicate the main data servers from the primary host to the replication host.

My question is how to best protect against this type of attack going forward.  I had in place at the client an access control policy implemented via Mcafee anti-virus 8.8 VirusScan Enterprise's Access Protection.  I used Mcafee's Access Protection options to create a number of custom access control rules, by which only legitimate applications, e.g. winword.exe, adobe.exe, iexplore.exe, excel.exe, are allowed to write to the most common types of data files on the network.  This is in place on all PC's and …

Setting up mcafee epo server.  
Tried with sql express 2016. No issues using Windows auth

Now building it for real.
Install sql 2016 std  on my server.  My own account is sys admin.   I can log on to management tools, create an odbc etc so my account works.  But when I’m installing epo.  It says I need to use an account with sys admin.    I do have sys admin.   Has been rebooted etc

If I change epo to use sql authentication.  It works fine.  


What might be going on ?  I know you can use Windows auth for epo.  (Preferred for our environment )

Sql 2016 standard.
Windows 2012 r2
Mcafee docs are a bit thin on sql but I match all there criteria.

Quite often, our threat intel provides us hash value of malwares/IOC in SHA256 only or SHA1 but
we need to key in MD5 into our EDR product to detect/block the IOC.

Have used the following hash converter & another online one but the converted value doesn't match what Virustotal.com give:
  http://onlinemd5.com/

Eg: a recent hash from threat intel, in virustotal it gives the following SHA1 & SHA256 values when I search by MD5 the hash value
      but if we input this same MD5 at above link, it gives a totally different ShA1/SHA256 values

Virustotal gives the following :
SHA-256:  539ecca8b99ef55f41b43a78cd92bd4d7e0ed023063735f0d59f483a6d0de298
MD5  :       ccd53d34c6d61dfce9a42aace3956546
SHA-1 :     2027fabc044797a23ef99b62de704222ee8a8b00

Guess onlinemd5 gives the hash of a string entered.

Without uploading a file, I'll need to calculate the hash values for SHA1 & 256.
Often, virustotal don't have the IOC so I can't always use virustotal.



The MD5_and_SHA_Checksum_Utility  also requires file/IOC to be uploaded.

Appreciate any other online URL or freeware (ideally a standalone one;  a
command line standalone will be even better)

What is a good portable antivirus to use from USB flash drive?

This question is not for me but it should serve the community. A question gets more attention than a post, I guess, that's why.

There is an exploit that was published on December 19th. It enables non-admin users of windows systems to read files that they normally wouldn't be allowed to access.
Implications should be obvious: shared systems such as terminal servers or department laptops will be the primary targets.

I will provide the sha256 hash value: 6711ea982ae9a03f8ba5e555c49cefe36dd7ae9991e742e3b5b1d214d02409c1

Insiders will be able to create a custom AV detection using that hash!
Now for the question: If you want to earn points and serve this community, please add a description about how to add a custom detection for any of these AV products that, as of now, still don't detect this malware:
--
Acronis
AhnLab-V3
Alibaba
Avast-Mobile
Avira (no cloud)
Babable
Baidu
Bkav
CAT-QuickHeal
ClamAV
CMC
Comodo
CrowdStrike Falcon (ML)
Cybereason
DrWeb
eGambit
Endgame
ESET-NOD32
F-Prot
Ikarus
Jiangmin
Kingsoft
Malwarebytes
MAX
NANO-Antivirus
Palo Alto Networks (Known Signatures)
SentinelOne (Static ML)
SUPERAntiSpyware
Symantec Mobile Insight
TACHYON
TheHacker
Trapmine
Trustlook
VBA32
VIPRE
ViRobot
Yandex
Zillya
Zoner
--

I’m trying to compare the two solutions, between Webroot anywhere secure with DNS protection or Sophos interecptX advanced with EDR.
I do have a Sophos Firewall, but I’ve been using Webroot for now and just tested InterceptX and I have to decide which route to take.


Does anyone have any recommendations?

We have used Symantec Endpoint Protection for antivirus for the last 10 years. But now that Windows Defender keeps getting better and better (specifically the new sandboxing) I am considering abandoning Symantec. The reason we haven't been able to make the switch yet is that I need the central notifications, so that as the admin I know of every infection, and also need to verify that definitions are updating on all PCs.

I once heard something about a third party package that uses the Defender engine but adds a management layer on top of it. What are some packages that do this? Any recommendations?

https://thehackernews.com/2018/12/china-ransomware-wechat.html?m=1

referring to above link, it did not give the hash for the malware but I need to check if signature has been released by Trendmicro.

Once I have the hash value, can enter into virustotal to check