[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Share tech news, updates, or what's on your mind.

Sign up to Post

my i phone X plus is beyond messed up yet apple has tested it. they say all is ok. i just wrote out my question where did it go?
0
Discover the Answer to Productive IT
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

i have an apple iphone X plus. it has not worked properly since bought 7 months ago reports from apple come out as functioning good yet i think this is the most craziest iphone yet. its acting like its being shared or other devices have access  my apple id password . been to apple store support cases galore have had the cell wiped and reinstalled os plus all apps yet 24-72 hrs later. i get a wrong password msg. this has happened way too often to brush off as misspelling. as well cell has gotten even crazier. settings r coming on without my input. there are written flaws now being admitted by apple. my question is how can a cell thats been tested by apples high quality  equipment not pick up any of problems like my voice mail is in french my cell rings low most times plus i have to enter my passcode to answer? by time the calls is gone

wacky iphone X plus
0
Hello.

With Symantec

I kept on getting
Symantec blocked an attack by: System
infected W32.Cridex Activity 10

Popping
0
Some virus is filling up my HD, malwarebytes can't find the problem
any idea of what to do?
0
https://thehackernews.com/2018/12/china-ransomware-wechat.html?m=1

referring to above link, it did not give the hash for the malware but I need to check if signature has been released by Trendmicro.

Once I have the hash value, can enter into virustotal to check
0
We are having and issue with deleting computer profiles. This profiles are usually deleted during the nightly reboot and reloaded at logon. After a closer look, the issue is with a hidden log file in the profile for Avast. So I logged into one of the computers having this problem to troubleshoot it. Logged in with a admin account. Tried to take ownership so I can deleted it. All I have tested will not allow it. Never, had this issue before. This is one Windows 7 computers.

Any ideas would be appreciated.

Regards,
ABBEadmin
0
I don’t want MS security essential as it’s giving errors and won’t uninstall or upgrade

So need an alt

Thanks
0
When we get threat intels info for hashes to be added to Trendmicro
Officescan, the MD5 or SHA1 hash value has to be entered into an
IOC Editor (we use Mandiant's ie
 https://www.fireeye.com/content/dam/fireeye-www/services/freeware/ug-ioc-editor.pdf)
 to generate 2 values indicated by 1st value & 2nd value enclosed in "...'  below.

However, sometimes, the intel that comes in can be more than a hundred, so this makes
it very tedious to manually generate the values & populate into the IOC file for Officescan
to read in.  Is there an automated way / script to generate the 2 values for each hash &
auto-populate (using script etc) or an easier way for Officescan to read in just the hash
values?    Have logged a case with Trendmicro & was advised to do it manually which
does not help at all.

attached the full IOC file.


   Sample IOC file's content:
   ====================
<?xml version="1.0" encoding="us-ascii"?>
<ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="2146113a-1513-4be6-b07e-f43969847a6a" last-modified="2018-12-02T02:19:17" xmlns="http://schemas.mandiant.com/2010/ioc">
  <short_description>Default</short_description>
  <authored_date>2017-09-26T02:58:26</authored_date>
  <links />
  <definition>
    <Indicator operator="OR" id="a1c825b0-ae7f-4461-85dd-25a20720acac">          <== 1st value enclosed in "...";  once only for entire IOC file
      <IndicatorItem …
0
A user was infected with the trojan.emotet and now my computers are constantly be hit wiht Artemis! Trojans through out the day.

I have the McAfee Endpoint Security, which catches and deletes it.

However, does anyone knows how I can get rid of this?

Any help in this will be most appreciated.McAfee-Alert.PNG
0
I am looking into general anti-virus management / monitoring best practices (regardless of vendor). I basically want a check list  for comparison to actual of:

-what our administrators should be alerted on from the AV agent / software installed any client device,
-what they should be able to produce in terms of compliance reporting for all their managed devices specific to AV.
-What kinds of issues they should be looking for when reviewing logs/alerts specific to AV on a daily basis

I will then use these to compare what they can produce from their central AV monitoring console(s) for a sample of devices or even all devices listed in other information sources such as AD, system centre or our asset management DB. I presume the 3 basics would be status (on or not), definitions last updated, last scheduled scan date. Are there any others?

There seems to be an assumption AV setup/config/management is pretty hard to get wrong but from some recent health checks for PCI DSS I noted on the findings many issues such as out of date signatures, AV not even running in some cases on devices etc.
0
Rowby Goren Makes an Impact on Screen and Online
LVL 12
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Emotet Trojan!!

Currently dealing with an Emotet Trojan on a domain network with around 20 machines.

I know that the files replicates itself across the network and is generally a massive pain and is quite aggressive.

Does anyone have any tips at all that I could use to try and eradicate the malicious code.

I thought I cleared it by taking all machines offline and manually cleaning them by removing the files that were sat in SYSTEMROOT and user appdata etc.

Any pointers would be really appreciated, also if there is any specific software that removes this Trojan, that would also be of great help.

Thanks!!!
0
our server and all computers have been hit by trojan.emotet virus. are there any available tools to remove the trojan. we have installed Malwarebytes 3 premium which detects and quarenteens the various out breaks. we clean up the exe's that are generated and remove registry settings for them but they come back each time.
0
To whom it may concern
Hope you are well.  We have Kaspersky Endpoint Cloud installed on our network.  We are moving to Sophos Endpoint and need to uninstall the Kaspersky Endpoints on the network.

Domain Environment:  Windows 2008 R2 Standard
Domain Name:  homemakers-sa.co.za
Server VM Specs:
Intel Xeon CPU 5410 @ 2.33GHz
4GB Ram
64-bit OS
135GB HDD

The Kaspersky Endpoint Cloud console is in the cloud and displays the endpoints installed in the environment and not working like the old one where you have your console onsite and have the option to create a policy to uninstall.  What is the correct procedure to remove Kaspersky from the network so that I can deploy and install Sophos AV Endpoint.
Please let me know if you require more information.

Kind Regards
Lourensvd
0
getting alerts on mac for Symantec every minute for days, nothing is getting attacked on my network or scanned, Symantec mentioned i need to upgrade and i did but still annoying alerts


Screen-Shot-2018-11-19-at-2.39.49-PM.pngScreen-Shot-2018-11-19-at-2.39.49-PM.pngScreen-Shot-2018-11-19-at-2.39.12-PM.pngScreen-Shot-2018-11-19-at-2.38.38-PM.png
0
We use Spamtitan email filtering appliance connecting to Exchange servers.
Since OLE macro enabled attachments were recently marked as viruses, it has been so confusing regarding how we deal with the attached files sent via emailing. We use Microsoft Word document a lot and usually macros are used. Now according to the new rule, macros are equal to viruses. All emails with macro-enabled attached files got rejected but our virus-protection app (AVG) doesn't think they are viruses. Here are my questions:
1. What can we do if macros are needed in our documents and we need to send the document files with macro via emailing?
2. Why are macros equal to viruses? Isn't it right not all macros are viruses? Only macros infected with viruses are what we need to concern, right?

We don't want to disable that feature as we believe there must be a reason for it. What do you suggest? Thanks.
0
WordPress site getting SPAMMED, not sure how to stop it.

My website, FortressHarvard.com

has a Download button, and when you fill your Name and Email, then click the button, you get an email with the URL to my book's Preface and Chapter 1. Also, I get an email to my "info@" email's inbox with the name and email of the person requesting the downloading.

I am getting spammed there, by some sort of robot, and do not know how to stop it.

This started yesterday morning, and continued every few minutes, non-stop. I even added a CAPTA requirements this morning, but that had no impact.

How do I stop this SPAM?

Thanks
0
I would like to read what's in Clam AV's safebrowsing .cld
(that lists the blacklisted sites).

After following some suggestions online, extracted from
the cld file  the following (using dd & 7zip):
08/11/2018  02:13 PM            18,325 Copying.txt
08/11/2018  02:14 PM       113,037,608 safebrowsing.gdb
08/11/2018  02:14 PM               514 safebrowsing.info

How can we read/extract the gdb file?
0
https://www.cloudcomputing-news.net/news/2016/oct/31/agentless-vs-agent-based-architectures-why-does-it-matter/
https://aws.amazon.com/marketplace/pp/B01LXMNGHB?qid=1541553180900&sr=0-1&ref_=srh_res_product_title

Extracted from above links, "Agentless services, on the other hand, talk directly to the underlying cloud platform (e.g., AWS, Azure)...",

Q1:
Is AWS' AV subscription now an agentless AV?  Is this the agentless Deep Security?

Q2:
If there are appliance VMs (eg: highly stripped-down Linux), is it the way to go to
adopt agentless (as we may subscribe to say Commzgate SMS or cloud-based
services) AV/end-point IPS as agents can't run/install in the stripped-down guest
OS?

Q3:
in the case of AWS' AV/IPS service (ie the 2nd link above), is this an SaaS of FaaS
(Function as a Service)?
0
We are moving some of our apps/systems to the cloud.
However, some vendors for the cloud projects came back to
say that the OS is a stripped down Linux which is hardened
& that it's not applicable to install/run AV.

In view of high profile attacks and audit requirements, I
loathe to raise exemption/deviation even if the cloud VM
is not accessible to public (ie firewalled to our corporate
only).  I noticed that AWS & another vendor that uses VM
on WIndows guest offers AV

Q1:
Is there a quick/easy way for me to verify that the 'strip-
down Linux OS' the vendor uses in the cloud truly could
not support AV?  Guess by running 'uname -a' is not
enough.  Or is there a script for me to verify?
Or can I verify by checking what are the past patches
they had been applying?  If it's all RedHat/Rhel patches
then, it's just simply a hardened RHEL which should
support many AV

Q2:
What are the usual audit requirements for AV for a custom
Linux VM in the cloud?  Don't really need an AV under what
criteria?

Q3:
If it's truly a stripped-down Linux say based on CentOS or
FreeBSD, can I assess the patch requirements based on
CentOS & FreeBSD?  I recall when running a VA scan
against a PABX that's based on RHEL, all vulnerabilities
for RHEL are applicable & the PABX vendor produces
the patches though they are behind RedHat by a few
months in coming out with the patches.

This reminds me of IOT, many of which are appliances
that customizes their OS from …
0
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

I have a client with a 2016 RDS server using a non-standard port (not 3389) for security reasons, which works fine.
The client would like to setup a RemoteApp for it as well.  If I set the RDS server to the standard port of 33889, the remoteapp works fine, but when I change the port back to the non-standard one, I can log into the remote app wep page without issue, but when I try to start the app, I get the error;
Remote Destop can't connect to the remote computer for one of these reasons:
1 remote access to the server is not enabled
2 the remote computer is turned off
3 the remote computer is not available on the network

Can anyone help me get the remoteapps to work on the non-standard port?
Thanks!
0
Q1:
If I use a Solaris server as repository server to get from Internet
ClamAV updates, can it be used by other platform 'satellite'
ClamAV such as Windows, Linux?   Ie can freshclam on
Windows/Linux pull signature updates from a Solaris ?


Q2:
Are the 3 cvd files (main, daily, bytecode) inter-useable
between Solaris x86, RHEL & Windows ?
0
uninstall Eset security endpoint through domain using script or any centralized solution.
0
a user says there is some auto deletion of files she had on her windows 10 pc after doing a scan there is no virus or malware found. noticed that the browsers (google chrome, IE, edge) are not able to surf the net even though the wifi internet is connected. refer to some link like internet-connected-but-browsers-not-working-windows-10 however not able to resolve. Anyway to check if her pc is instead hacked by someone or the browsers issue is due to some system files that is non virus or malware related?
1
Hi folks,

We're trying to delete a Symantec ccSettings .dat file but it won't allow us to.  Keeps stating that the file is open in System.

We've uninstalled Symantec, deleted all Symantec folders in registry, ran the SEP uninstaller, no change.
Tried Unlocker and FilExile, no change.
Turned off Tamper Protection in SEP, no change.

Attached is a screenshot of the error.

We currently have a case open with Symantec on this, but they seem stumped as well.  Wanted to see if the good people of EE might be able to help!
data-file-error.jpg
0
I would like to get some feedback on my security software assessment. I have Windows defender that comes with Windows 10 and Webroots Secure Anywhere through Best Buy. I also have paid professional versions of CCleaner and Malwarebytes but I am not using them currently. I can install them if I need to. I heard a lot of bad information about CCleaner and I am not sure if things have improved since those articles were written or not. My question to the experts is what I have at moment enough arsenal against all the bad "WARES" or not? I have been blessed so far and I had any problems. Please let me know if I need to install the CCleaner and the Malwarebytes or Spybot Search and Destroy? I know in life the more the merrier is not always true. If I did install the CCleaner and the Malwarebytes or Spybot Search and Destroy, what would happen to my PC? will it slow down or do all of them clash against each other. Please educate me.

Thank you.

Basem Khawaja, R.Ph.
0

Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.