cancel
Showing results for 
Search instead for 
Did you mean: 

Re: An analysis of the file in McAfee ATD

It's great if it's decided ))

When this new release will be issued ?

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 12 of 22

Re: An analysis of the file in McAfee ATD

Just a question, this is a known issue at the moment??

Cheers

Re: An analysis of the file in McAfee ATD

Personally, I encountered this error when the first test ))

Nowhere it has not been heard or seen.

Highlighted

Re: An analysis of the file in McAfee ATD

HI )

Not so long ago on the portal McAfee My Products | McAfee Downloads It appeared package ATD Detection Image-3.6.2.101 (atd-detection-img-3.6.2.101.56517-3.6.2.x86_64.rpm)

I have a simple question - what kind of package ?

Why is it needed ?

Re: An analysis of the file in McAfee ATD

Hi,

Would like to inform you that this detection package includes enhancements in malware detection. After installing this package you will be able to detect more malware variants as well.

Also would like to inform you that fix for adding .html extension is not fixed in this detection package.

That fix is expected to be released by Q4,2016 Tentatively.

Re: An analysis of the file in McAfee ATD

Would like to inform you that this issue has been fixed in hotfix release 3.6.2.21. Request you to upgrade and test the same.

When you submit a .wsf file in XMode, Advanced Threat Defense now uses Windows Scripting Host to open the original file. (1152278, 1153121)

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 17 of 22

Re: An analysis of the file in McAfee ATD

Hello,

The person did ask what the RPM package does? Now since we don't want to click around in the CLI could you please mention where the RPM package would be installed in GUI.

Is this correct? We fully understand below option from System software. But the RPM package is unclear. We know what to do with that on Linux but on the ATD?

Thank you

Re: An analysis of the file in McAfee ATD

Detection Package Install.JPG

Manage, Image & Software, Content Update, Upload File, Browse, Select Detection Package, Click on Upload.

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 19 of 22

Re: An analysis of the file in McAfee ATD

@ Throsten "Just a question, this is a known issue at the moment??"

The question is absolute right.

We both asumed that even with the HTM* extension of the scripts THEY would analyse it and run it as script. If the thing is really smart it would make sure that any kind of malware which would hook in between

the Windows Scriptin Host could not like fake things. If it's text script i don't need a sandbox for EUR 80'000.- If it's only pattern based then HIPS or VSE/ENS should do the trick.

@Mcafee, We also asume that with PDF which have hidden jscript and download scripts you scan those scripts. And we asume if the Form/PDF has 50 buttons you scan all of them. Fortigate Sandbox does lmit those DEPTH/Buttons

to like 8 and the malware coders started button 50 click field or button in their HTML or PDF (Most of them hidden).

Butsch.ch | SPAM / RANSOMWARE, Switzerland, SWISSCOM, Faked Invoice

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 20 of 22

Re: An analysis of the file in McAfee ATD

Hello all,

regarding the RPM Package. I think i do not understand, i have never installed a RPM package on ATD. You can see the detection package in the ATD GUI and you can install it or you can revert to an previous version. Anything is done under "content update" in the ATD GUI.

Regarding the HTM Files. I tested many malware samples with several different content types. I have no access at the moment to my environment (Malware Samples).

My experience from the past, GAM did a great job for many scripts types or internet based content types.

​, is it possible to share a sample? If yes, i can test it in my environment. Just send me a PM.

Cheers

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community