[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Some virus is filling up my HD, malwarebytes can't find the problem
any idea of what to do?
0
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

https://thehackernews.com/2018/12/china-ransomware-wechat.html?m=1

referring to above link, it did not give the hash for the malware but I need to check if signature has been released by Trendmicro.

Once I have the hash value, can enter into virustotal to check
0
A user was infected with the trojan.emotet and now my computers are constantly be hit wiht Artemis! Trojans through out the day.

I have the McAfee Endpoint Security, which catches and deletes it.

However, does anyone knows how I can get rid of this?

Any help in this will be most appreciated.McAfee-Alert.PNG
0
Emotet Trojan!!

Currently dealing with an Emotet Trojan on a domain network with around 20 machines.

I know that the files replicates itself across the network and is generally a massive pain and is quite aggressive.

Does anyone have any tips at all that I could use to try and eradicate the malicious code.

I thought I cleared it by taking all machines offline and manually cleaning them by removing the files that were sat in SYSTEMROOT and user appdata etc.

Any pointers would be really appreciated, also if there is any specific software that removes this Trojan, that would also be of great help.

Thanks!!!
0
WordPress site getting SPAMMED, not sure how to stop it.

My website, FortressHarvard.com

has a Download button, and when you fill your Name and Email, then click the button, you get an email with the URL to my book's Preface and Chapter 1. Also, I get an email to my "info@" email's inbox with the name and email of the person requesting the downloading.

I am getting spammed there, by some sort of robot, and do not know how to stop it.

This started yesterday morning, and continued every few minutes, non-stop. I even added a CAPTA requirements this morning, but that had no impact.

How do I stop this SPAM?

Thanks
0
I would like to read what's in Clam AV's safebrowsing .cld
(that lists the blacklisted sites).

After following some suggestions online, extracted from
the cld file  the following (using dd & 7zip):
08/11/2018  02:13 PM            18,325 Copying.txt
08/11/2018  02:14 PM       113,037,608 safebrowsing.gdb
08/11/2018  02:14 PM               514 safebrowsing.info

How can we read/extract the gdb file?
0
https://www.cloudcomputing-news.net/news/2016/oct/31/agentless-vs-agent-based-architectures-why-does-it-matter/
https://aws.amazon.com/marketplace/pp/B01LXMNGHB?qid=1541553180900&sr=0-1&ref_=srh_res_product_title

Extracted from above links, "Agentless services, on the other hand, talk directly to the underlying cloud platform (e.g., AWS, Azure)...",

Q1:
Is AWS' AV subscription now an agentless AV?  Is this the agentless Deep Security?

Q2:
If there are appliance VMs (eg: highly stripped-down Linux), is it the way to go to
adopt agentless (as we may subscribe to say Commzgate SMS or cloud-based
services) AV/end-point IPS as agents can't run/install in the stripped-down guest
OS?

Q3:
in the case of AWS' AV/IPS service (ie the 2nd link above), is this an SaaS of FaaS
(Function as a Service)?
0
We are moving some of our apps/systems to the cloud.
However, some vendors for the cloud projects came back to
say that the OS is a stripped down Linux which is hardened
& that it's not applicable to install/run AV.

In view of high profile attacks and audit requirements, I
loathe to raise exemption/deviation even if the cloud VM
is not accessible to public (ie firewalled to our corporate
only).  I noticed that AWS & another vendor that uses VM
on WIndows guest offers AV

Q1:
Is there a quick/easy way for me to verify that the 'strip-
down Linux OS' the vendor uses in the cloud truly could
not support AV?  Guess by running 'uname -a' is not
enough.  Or is there a script for me to verify?
Or can I verify by checking what are the past patches
they had been applying?  If it's all RedHat/Rhel patches
then, it's just simply a hardened RHEL which should
support many AV

Q2:
What are the usual audit requirements for AV for a custom
Linux VM in the cloud?  Don't really need an AV under what
criteria?

Q3:
If it's truly a stripped-down Linux say based on CentOS or
FreeBSD, can I assess the patch requirements based on
CentOS & FreeBSD?  I recall when running a VA scan
against a PABX that's based on RHEL, all vulnerabilities
for RHEL are applicable & the PABX vendor produces
the patches though they are behind RedHat by a few
months in coming out with the patches.

This reminds me of IOT, many of which are appliances
that customizes their OS from …
0
I have a client with a 2016 RDS server using a non-standard port (not 3389) for security reasons, which works fine.
The client would like to setup a RemoteApp for it as well.  If I set the RDS server to the standard port of 33889, the remoteapp works fine, but when I change the port back to the non-standard one, I can log into the remote app wep page without issue, but when I try to start the app, I get the error;
Remote Destop can't connect to the remote computer for one of these reasons:
1 remote access to the server is not enabled
2 the remote computer is turned off
3 the remote computer is not available on the network

Can anyone help me get the remoteapps to work on the non-standard port?
Thanks!
0
Q1:
If I use a Solaris server as repository server to get from Internet
ClamAV updates, can it be used by other platform 'satellite'
ClamAV such as Windows, Linux?   Ie can freshclam on
Windows/Linux pull signature updates from a Solaris ?


Q2:
Are the 3 cvd files (main, daily, bytecode) inter-useable
between Solaris x86, RHEL & Windows ?
0
Check Out How Miercom Evaluates Wi-Fi Security!
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Hi folks,

We're trying to delete a Symantec ccSettings .dat file but it won't allow us to.  Keeps stating that the file is open in System.

We've uninstalled Symantec, deleted all Symantec folders in registry, ran the SEP uninstaller, no change.
Tried Unlocker and FilExile, no change.
Turned off Tamper Protection in SEP, no change.

Attached is a screenshot of the error.

We currently have a case open with Symantec on this, but they seem stumped as well.  Wanted to see if the good people of EE might be able to help!
data-file-error.jpg
0
I would like to get some feedback on my security software assessment. I have Windows defender that comes with Windows 10 and Webroots Secure Anywhere through Best Buy. I also have paid professional versions of CCleaner and Malwarebytes but I am not using them currently. I can install them if I need to. I heard a lot of bad information about CCleaner and I am not sure if things have improved since those articles were written or not. My question to the experts is what I have at moment enough arsenal against all the bad "WARES" or not? I have been blessed so far and I had any problems. Please let me know if I need to install the CCleaner and the Malwarebytes or Spybot Search and Destroy? I know in life the more the merrier is not always true. If I did install the CCleaner and the Malwarebytes or Spybot Search and Destroy, what would happen to my PC? will it slow down or do all of them clash against each other. Please educate me.

Thank you.

Basem Khawaja, R.Ph.
0
https://www.opencsw.org/packages/CSWclamav/

From above url, seems like we can't download ClamAV for
Solaris x86 directly : had to use the command:
  pkgadd -d http://get.opencsw.org/now
  /opt/csw/bin/pkgutil -U
  /opt/csw/bin/pkgutil -y -i clamav

I don't have a Solaris box that internet facing.

Anyone has the package?
0
Hi Experts,

We recently had one of our employees click on a link in a e-mail that took him to a fake site where he entered his credentials and his e-mail account was compromised.
Management hired a cyber security company who did scans on the systems, his e-mails and also other things on the web.
We have managed symantec Endpoint protection, intrustion, malware which is up to date and active.  
We also didn't have anything on the back end set up (per management) to protect our e-mail against spam, malware, all e-mails were to come through.
The cyber people are telling management that Symantec only gets 20% of intrusions, viruses and malware.  (I don't believe that, I have a e-mail box flooded with all the intrustions Symantec is getting and not one virus in 4 years which it caught).
Management from their advice is most likely going to force me to uninstall Symantec from all of our workstations and servers and deploy Carbon Black?

Can anyone tell me if this sounds as insane as it I think it is?  Anyone familiar with Carbon Black?  

Please help, I don't trust this at all and would love to be proven right or wrong.  I think this cyber company might be banking on management fears from my co-workers mistake.

Thank you
0
I want to know what are the experts recommendation to the best method to block the annoying ads in chrome Edge? It seems every time I visit a website medical, department store etc. I am being bombarded with heavy artillery of ads. It makes me not want to surf the web anymore. Please help.
0
Q1:
I'm trying to establish if my Officescan  has Officescan's Ransomware protection below :

Ransomware Protection Enhancements in OfficeScan 11.0 SP1 Critical Patch 6054
Detection details of the OSCE 11.0 SP1 Critical Patch 6054 Ransomware Prevention Summary widget

Above 2 lines are extracted from link below:
https://success.trendmicro.com/solution/1111377-enabling-the-ransomware-protection-feature-in-officescan-osce


Q2:
Last screen in the attached shows  Scheduled Scan is disabled : is it a good idea to enable it
& I thought to have it enabled either during lunch hours (for users who bring home their
laptops) or in the night (for users who leave their PCs/laptops powered on in the office at night):
I've heard many recommendations that on-demand scheduled scan is quite essential too.
Just that it's hard to determine which laptops are being brought home

attachment is what's shown on my laptop
TMofficescanver.docx
0
a couple of years back, Trendmicro's  .DAT file can be searched using (find or grep command) for
certain malware names.

I'm now using OfficeScan V12.0.1352 & I think the signature file is VsapiNT.sys

I'm trying to track if  globeimposter  ransomware is in our current officescan signature &
the 2 links below seems to say that TM has documented them quite some time ago:
 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-4th-2017-globeimposter-notpetya-and-more/
 https://www.trendmicro.com/vinfo/in/security/news/cybercrime-and-digital-threats/ransomware-recap-crypshed-spoofs-amazon-in-ransomware-campaign

but when I searched for "glob"  (I suppose FakeGlobal as it's known to Trendmicro) would have it
listed in the latest VsapiNT.sys signature but it's not there:
appreciate steps on how to list the malwares covered by Officescan's signature file:

C:\foren>find/i "glob" *.sys |more

---------- TMPREFLT.SYS

---------- TMXPFLT.SYS

---------- VSAPINT.SYS
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalCompact
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFix
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnWire
GlobalUnfix
GlobalUnlock
GlobalWire
MakeCriticalSectionGlobal
JungUm Global
Corel Global Macro(GMS)
GLOBAL:
GLOBALNE:
GLOBALDOTPROMPT
GLOBAL
GLOBAL.DOT:
GLOBAL:
ExecuteGlobal
Global
0
The user has Outlook 2016, and is connected to an Exchange account hosted by a very large email hosting company - Intermedia
Windows 10

They have noticed that their return address has been swapped out with an address at outlook.com    outlook_FB8C126A98221F43@outlook.com

I checked Outlook Web App, and mail sent using OWA has the right return address.

Their computer is protected with the latest version of MalwareBytes and Windows Defender.

This looks like some sort of Malware that MalwareBytes hasn't caught?

What should I use to scan the system with?


Thanks
0
we have mcafee endpoint enterprise 4.4 running on windows server 2008 r2.

agents installed on 1500 clients

we are now moving to windows 2016 and I need to move my antivirus to the lates version on to a  windows 2016 server.

can I get the migration procedure of mcafee and what is the the upgrade path to the latest version
0
Become a Certified Penetration Testing Engineer
LVL 12
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

When clicking "Disable these  Cookies" we get a message of 3rd cookies to select (see below).   We noticed that all are SQL.  Can some EE explain why these cookies?  Why SQL have 3rd party cookies? - please shed some light on the topic

Spybot issue
0
Q1:
Without saving an email's attachment & then manually (ie on-demand) scan the
saved file, is there any AV that could auto-scan (ie in almost real-time or on-access)
an email attachment (even before the user double-click/open the attachment)?

Q2:
Can BitDefender or Trend's Officescan do the above?
0
I've seen an ex-colleague blocking file extensions from being created using a feature in McAfee
(can't recall the name).

Can someone provide the steps to do this in Trendmicro Officescan's management console?
What's this feature called in Officescan?
0
Residential client brought a computer the other day that is interesting.  He has a folder on the desktop named "TOOLS".  Inside the folder are random picture files by extension and misc other extensions.  38,000+ files in fact.  I cannot delete the folder under any OS (Linux, Ubuntu, Windows, Windows PE) connecting it to another system.  I have tested the drive with WD Lifeguard diagnostic and found no problem.  No performance issues with the drive (Seagate 500GB).  SMART shows no concerns.  CHKDSK shows MFT is corrupt and repairs.  Norton and many other virus scanners find every file in the folder to be a virus, ADS, or something unwanted beyond PuP.  I have never failed to remove a folder or file under Ubuntu.  Another note is that it generally takes hours to access the profile folder in order to even see the TOOLS folder.  Running scans took days to get partially through the TOOLS folder and cannot remove anything as of yet.  Most of the scans are performed on a bench PC with this drive attached, and still have problems.  I assume it is a combination of HDD problems (which I cannot determine) and virus infection.  The folder appears to have been created in September 2014.  The user has no recollection of how it came to be or when.  He did state that years ago he got a fake tech scam call and let them into his computer.  He only does e-mail and web browsing, so there wasn't anything exciting to steal from him.  He didn't pay them, and that was the end in his mind.  This is …
1
To protect our corporate users from being compromised when they
connect to outside Wifi (which may be potentially rogue Wifi), is it
feasible if we implement MS Direct Access or Always-On-VPN?

https://technet.microsoft.com/en-us/library/dd759144(v=ws.11).aspx
https://directaccess.richardhicks.com/tag/directaccess-alternatives/

The products above would establish a tunnel so the rogue Wifi can't
steal credentials nor data & with VPN established, I suppose malwares
can't infect the laptops as the rogue Wifi has no connection to the laptop
(tunnel-protected) or did I get this idea wrong ie can still get infected
even with such tunnel??

We still want the users to be able to access Internet but protect them
in the event they're using a rogue Wifi
0
Symantec Endpoint Protection Manager not getting updates after upgrading to 14.2 build 770

upgraded my symantec server to latest version and no live updates is getting downloaded, i uninstalled live update and reinstalled. also registered with SEPM via command prompt
1.png
0

Anti-Virus Apps

22K

Solutions

23K

Contributors

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.