Our company sees this too, 30 PCs running 5.1.8 have died since the 17th. XP, Vista, Win 7, variery of PC model types. Have also raised McAfee Support ticket.
What is causing this? We cannot link it to the user installing unexpected software but have had one user refer to Trojan being detected whilst running Internet Explorer, shortly before the PC crash which predeced this error.
Pretty much any reputable AV product will block MBR viruses...
So it must be that AV products are not being used "properly" or some in use are not "reputable".
Yes, I would hope so. We are running McAfee VS 8.7i Enterprise + AntiSpyware (Patch 3) with latest DAT, which completely failed to catch the virus (and continues to fail, we have had many systems hit within the past week or so). I've submitted several samples to webimmune.net, hopefully McAfee will include a definition within a future DAT release.
Would that make it "not configured properly" or not "reputable"?
Hello... I am having the same issue with "Endpoint Encryption for PC is not installed". It is occuring much more frequently with 5.2.5 and appears to be user centric (same user keeps on getting the error). How did you determine a virus caused this? How did you capture a sample of the virus for McAfee?
It may be that the same users are infecting themselves with the same MBR virus, repeatedly. Chances are pretty good that the virus was downloaded via an e-mail link or attachment, on a site the user frequents or in a restored file (My Documents, Desktop, etc).
Every system we have recovered has had multiple infections, for the most part only discovered with non-McAfee products (ex. Microsoft Security Essentials). Once the non-McAfee product discovered the infected files, I simply grabbed a copy and submitted it to webimmune.net for analysis.
I posted this in another thread..... Case closed as of now... Thanks for your response.
I used TDSKiller from Kaspersky and it found a rootkit on the infected drive (just slaved the drive and it was still able to read the infected MBR). I quarantined the files and submitted to McAfee (not detected by McAfee). Detected as Win32/Alureon.MBR, Rootkit.Tdss.AW, etc by other vendors.
Scan results from one of the files --> http://www.virustotal.com/file-scan/report.html?id=40914dfd49a3a0df1c4aa0cf867450762a3ac16d398a2559d...
and seem EEPC 5.X is not able to restore back SBR..
which then force us to do manual decryption.
Is there any tools that help to identify the SBR been alter by rootkit etc?
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA