Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Background: Helping a friend troubleshoot problems on his Windows 7 Home system, which may have malware or a virus, among other issues. He claims to have the latest, up-to-date Microsoft Security Essentials and a version of Malwarebytes with real-time protection. His system has TeamViewer (free for personal use), but I don't know the version. My W7 Pro system has the latest, up-to-date MSE and MBAM Premium (real-time protection), and the latest TeamViewer 14.1.3399 (free for personal use).

Question: Can malware or a virus on his system traverse the TeamViewer connection and infect my system?

Thanks much, Joe
1
I’m trying to compare the two solutions, between Webroot anywhere secure with DNS protection or Sophos interecptX advanced with EDR.
I do have a Sophos Firewall, but I’ve been using Webroot for now and just tested InterceptX and I have to decide which route to take.


Does anyone have any recommendations?
0
I am working for a client that would like to leverage Windows Defender as their endpoint security solution.  I would like to recommend a different endpoint security solution to them in favor of Defender.  How would you make your recommendation to the team and what talking points would you focus on?

Let’s say you’ve been successful in your recommendation and the client decides to implement the solution you pitched.  About 6 months after you are done with the implementation, issues start to arise and the cause seems to be the endpoint security solution you recommended and implemented.  The client is asking to have the issues resolved immediately, however the vendor is not being responsive or supportive, and has indicated they may not have a fix for the problem.  The client is also alluding to wanting to move back to Defender.  What steps would you take with the client to alleviate their concerns about your recommended product, and what steps would you take with the vendor to ensure prompt replies and a sense of urgency?
0
The client complains about the expense on antivirus software. What solution are you using for a company running over 150 computers?
This client has been using Trend Micro for over a decade, which is installed on servers and PCs. Every year when renewing the software, the client always questions
- Is there anything cheaper but doing the job?
- Can we disable internet access on certain computers and save the license on them?

I am so fxxking annoyed.
1
We have used Symantec Endpoint Protection for antivirus for the last 10 years. But now that Windows Defender keeps getting better and better (specifically the new sandboxing) I am considering abandoning Symantec. The reason we haven't been able to make the switch yet is that I need the central notifications, so that as the admin I know of every infection, and also need to verify that definitions are updating on all PCs.

I once heard something about a third party package that uses the Defender engine but adds a management layer on top of it. What are some packages that do this? Any recommendations?
1
Some virus is filling up my HD, malwarebytes can't find the problem
any idea of what to do?
0
https://thehackernews.com/2018/12/china-ransomware-wechat.html?m=1

referring to above link, it did not give the hash for the malware but I need to check if signature has been released by Trendmicro.

Once I have the hash value, can enter into virustotal to check
0
We are having and issue with deleting computer profiles. This profiles are usually deleted during the nightly reboot and reloaded at logon. After a closer look, the issue is with a hidden log file in the profile for Avast. So I logged into one of the computers having this problem to troubleshoot it. Logged in with a admin account. Tried to take ownership so I can deleted it. All I have tested will not allow it. Never, had this issue before. This is one Windows 7 computers.

Any ideas would be appreciated.

Regards,
ABBEadmin
0
When we get threat intels info for hashes to be added to Trendmicro
Officescan, the MD5 or SHA1 hash value has to be entered into an
IOC Editor (we use Mandiant's ie
 https://www.fireeye.com/content/dam/fireeye-www/services/freeware/ug-ioc-editor.pdf)
 to generate 2 values indicated by 1st value & 2nd value enclosed in "...'  below.

However, sometimes, the intel that comes in can be more than a hundred, so this makes
it very tedious to manually generate the values & populate into the IOC file for Officescan
to read in.  Is there an automated way / script to generate the 2 values for each hash &
auto-populate (using script etc) or an easier way for Officescan to read in just the hash
values?    Have logged a case with Trendmicro & was advised to do it manually which
does not help at all.

attached the full IOC file.


   Sample IOC file's content:
   ====================
<?xml version="1.0" encoding="us-ascii"?>
<ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="2146113a-1513-4be6-b07e-f43969847a6a" last-modified="2018-12-02T02:19:17" xmlns="http://schemas.mandiant.com/2010/ioc">
  <short_description>Default</short_description>
  <authored_date>2017-09-26T02:58:26</authored_date>
  <links />
  <definition>
    <Indicator operator="OR" id="a1c825b0-ae7f-4461-85dd-25a20720acac">          <== 1st value enclosed in "...";  once only for entire IOC file
      <IndicatorItem …
0
A user was infected with the trojan.emotet and now my computers are constantly be hit wiht Artemis! Trojans through out the day.

I have the McAfee Endpoint Security, which catches and deletes it.

However, does anyone knows how I can get rid of this?

Any help in this will be most appreciated.McAfee-Alert.PNG
0
I am looking into general anti-virus management / monitoring best practices (regardless of vendor). I basically want a check list  for comparison to actual of:

-what our administrators should be alerted on from the AV agent / software installed any client device,
-what they should be able to produce in terms of compliance reporting for all their managed devices specific to AV.
-What kinds of issues they should be looking for when reviewing logs/alerts specific to AV on a daily basis

I will then use these to compare what they can produce from their central AV monitoring console(s) for a sample of devices or even all devices listed in other information sources such as AD, system centre or our asset management DB. I presume the 3 basics would be status (on or not), definitions last updated, last scheduled scan date. Are there any others?

There seems to be an assumption AV setup/config/management is pretty hard to get wrong but from some recent health checks for PCI DSS I noted on the findings many issues such as out of date signatures, AV not even running in some cases on devices etc.
0
Emotet Trojan!!

Currently dealing with an Emotet Trojan on a domain network with around 20 machines.

I know that the files replicates itself across the network and is generally a massive pain and is quite aggressive.

Does anyone have any tips at all that I could use to try and eradicate the malicious code.

I thought I cleared it by taking all machines offline and manually cleaning them by removing the files that were sat in SYSTEMROOT and user appdata etc.

Any pointers would be really appreciated, also if there is any specific software that removes this Trojan, that would also be of great help.

Thanks!!!
1
getting alerts on mac for Symantec every minute for days, nothing is getting attacked on my network or scanned, Symantec mentioned i need to upgrade and i did but still annoying alerts


Screen-Shot-2018-11-19-at-2.39.49-PM.pngScreen-Shot-2018-11-19-at-2.39.49-PM.pngScreen-Shot-2018-11-19-at-2.39.12-PM.pngScreen-Shot-2018-11-19-at-2.38.38-PM.png
0
WordPress site getting SPAMMED, not sure how to stop it.

My website, FortressHarvard.com

has a Download button, and when you fill your Name and Email, then click the button, you get an email with the URL to my book's Preface and Chapter 1. Also, I get an email to my "info@" email's inbox with the name and email of the person requesting the downloading.

I am getting spammed there, by some sort of robot, and do not know how to stop it.

This started yesterday morning, and continued every few minutes, non-stop. I even added a CAPTA requirements this morning, but that had no impact.

How do I stop this SPAM?

Thanks
0
I would like to read what's in Clam AV's safebrowsing .cld
(that lists the blacklisted sites).

After following some suggestions online, extracted from
the cld file  the following (using dd & 7zip):
08/11/2018  02:13 PM            18,325 Copying.txt
08/11/2018  02:14 PM       113,037,608 safebrowsing.gdb
08/11/2018  02:14 PM               514 safebrowsing.info

How can we read/extract the gdb file?
0
https://www.cloudcomputing-news.net/news/2016/oct/31/agentless-vs-agent-based-architectures-why-does-it-matter/
https://aws.amazon.com/marketplace/pp/B01LXMNGHB?qid=1541553180900&sr=0-1&ref_=srh_res_product_title

Extracted from above links, "Agentless services, on the other hand, talk directly to the underlying cloud platform (e.g., AWS, Azure)...",

Q1:
Is AWS' AV subscription now an agentless AV?  Is this the agentless Deep Security?

Q2:
If there are appliance VMs (eg: highly stripped-down Linux), is it the way to go to
adopt agentless (as we may subscribe to say Commzgate SMS or cloud-based
services) AV/end-point IPS as agents can't run/install in the stripped-down guest
OS?

Q3:
in the case of AWS' AV/IPS service (ie the 2nd link above), is this an SaaS of FaaS
(Function as a Service)?
0
We are moving some of our apps/systems to the cloud.
However, some vendors for the cloud projects came back to
say that the OS is a stripped down Linux which is hardened
& that it's not applicable to install/run AV.

In view of high profile attacks and audit requirements, I
loathe to raise exemption/deviation even if the cloud VM
is not accessible to public (ie firewalled to our corporate
only).  I noticed that AWS & another vendor that uses VM
on WIndows guest offers AV

Q1:
Is there a quick/easy way for me to verify that the 'strip-
down Linux OS' the vendor uses in the cloud truly could
not support AV?  Guess by running 'uname -a' is not
enough.  Or is there a script for me to verify?
Or can I verify by checking what are the past patches
they had been applying?  If it's all RedHat/Rhel patches
then, it's just simply a hardened RHEL which should
support many AV

Q2:
What are the usual audit requirements for AV for a custom
Linux VM in the cloud?  Don't really need an AV under what
criteria?

Q3:
If it's truly a stripped-down Linux say based on CentOS or
FreeBSD, can I assess the patch requirements based on
CentOS & FreeBSD?  I recall when running a VA scan
against a PABX that's based on RHEL, all vulnerabilities
for RHEL are applicable & the PABX vendor produces
the patches though they are behind RedHat by a few
months in coming out with the patches.

This reminds me of IOT, many of which are appliances
that customizes their OS from …
0
I have a client with a 2016 RDS server using a non-standard port (not 3389) for security reasons, which works fine.
The client would like to setup a RemoteApp for it as well.  If I set the RDS server to the standard port of 33889, the remoteapp works fine, but when I change the port back to the non-standard one, I can log into the remote app wep page without issue, but when I try to start the app, I get the error;
Remote Destop can't connect to the remote computer for one of these reasons:
1 remote access to the server is not enabled
2 the remote computer is turned off
3 the remote computer is not available on the network

Can anyone help me get the remoteapps to work on the non-standard port?
Thanks!
0
Q1:
If I use a Solaris server as repository server to get from Internet
ClamAV updates, can it be used by other platform 'satellite'
ClamAV such as Windows, Linux?   Ie can freshclam on
Windows/Linux pull signature updates from a Solaris ?


Q2:
Are the 3 cvd files (main, daily, bytecode) inter-useable
between Solaris x86, RHEL & Windows ?
0
Hi folks,

We're trying to delete a Symantec ccSettings .dat file but it won't allow us to.  Keeps stating that the file is open in System.

We've uninstalled Symantec, deleted all Symantec folders in registry, ran the SEP uninstaller, no change.
Tried Unlocker and FilExile, no change.
Turned off Tamper Protection in SEP, no change.

Attached is a screenshot of the error.

We currently have a case open with Symantec on this, but they seem stumped as well.  Wanted to see if the good people of EE might be able to help!
data-file-error.jpg
0
I would like to get some feedback on my security software assessment. I have Windows defender that comes with Windows 10 and Webroots Secure Anywhere through Best Buy. I also have paid professional versions of CCleaner and Malwarebytes but I am not using them currently. I can install them if I need to. I heard a lot of bad information about CCleaner and I am not sure if things have improved since those articles were written or not. My question to the experts is what I have at moment enough arsenal against all the bad "WARES" or not? I have been blessed so far and I had any problems. Please let me know if I need to install the CCleaner and the Malwarebytes or Spybot Search and Destroy? I know in life the more the merrier is not always true. If I did install the CCleaner and the Malwarebytes or Spybot Search and Destroy, what would happen to my PC? will it slow down or do all of them clash against each other. Please educate me.

Thank you.

Basem Khawaja, R.Ph.
0
https://www.opencsw.org/packages/CSWclamav/

From above url, seems like we can't download ClamAV for
Solaris x86 directly : had to use the command:
  pkgadd -d http://get.opencsw.org/now
  /opt/csw/bin/pkgutil -U
  /opt/csw/bin/pkgutil -y -i clamav

I don't have a Solaris box that internet facing.

Anyone has the package?
0
What is a good, legitimate antivirus for a Samsung Tab E? I am getting lots of pop ups and the performance is slow.

Thank you.

Robert
0
Hi Experts,

We recently had one of our employees click on a link in a e-mail that took him to a fake site where he entered his credentials and his e-mail account was compromised.
Management hired a cyber security company who did scans on the systems, his e-mails and also other things on the web.
We have managed symantec Endpoint protection, intrustion, malware which is up to date and active.  
We also didn't have anything on the back end set up (per management) to protect our e-mail against spam, malware, all e-mails were to come through.
The cyber people are telling management that Symantec only gets 20% of intrusions, viruses and malware.  (I don't believe that, I have a e-mail box flooded with all the intrustions Symantec is getting and not one virus in 4 years which it caught).
Management from their advice is most likely going to force me to uninstall Symantec from all of our workstations and servers and deploy Carbon Black?

Can anyone tell me if this sounds as insane as it I think it is?  Anyone familiar with Carbon Black?  

Please help, I don't trust this at all and would love to be proven right or wrong.  I think this cyber company might be banking on management fears from my co-workers mistake.

Thank you
0
I want to know what are the experts recommendation to the best method to block the annoying ads in chrome Edge? It seems every time I visit a website medical, department store etc. I am being bombarded with heavy artillery of ads. It makes me not want to surf the web anymore. Please help.
0

Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.