cancel
Showing results for 
Search instead for 
Did you mean: 
patrakshar McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 45

Re: Malware Behavior: Windows EFS Abuse

Jump to solution

Hi All,

If you are facing the issue with 6148 Signature ID, then please follow the attached guide to mitigate it. 

lewisc
Level 7
Report Inappropriate Content
Message 12 of 45

Re: Malware Behavior: Windows EFS Abuse

Jump to solution

Is this mitigation a temporary correction for the blocking or a permanent solution that McAfee has chosen? 

patrakshar McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 45

Re: Malware Behavior: Windows EFS Abuse

Jump to solution

It is a temporary correction as the permanent fix going to take sometime. We are actively working on this and will update this thread once permanent fix is available. 

Re: Malware Behavior: Windows EFS Abuse

Jump to solution

Hello,

 

Is there any update for this problem?

 

Best Regards.

Zebu
Level 9
Report Inappropriate Content
Message 15 of 45

Re: Malware Behavior: Windows EFS Abuse

Jump to solution

Hello,

No, LABS is still working on it. 

d00d
Level 7
Report Inappropriate Content
Message 16 of 45

Re: Malware Behavior: Windows EFS Abuse

Jump to solution

Just wanted to mention we also ran into this false positive and it took a couple production apps offline. I’ve since changed the signature to neither block nor report. Report only would have been fine except it causes a flood of alerts in the SOC. Easier to turn off reporting then having to modify the SIEM rule. 

cheetah
Level 10
Report Inappropriate Content
Message 17 of 45

Re: Malware Behavior: Windows EFS Abuse

Jump to solution

Is the problem still there with the new content update 9863?

sw41
Level 10
Report Inappropriate Content
Message 18 of 45

Re: Malware Behavior: Windows EFS Abuse

Jump to solution

We have the issue also.  Interested in the fix.

sw41
Level 10
Report Inappropriate Content
Message 19 of 45

Re: Malware Behavior: Windows EFS Abuse

Jump to solution
Error displaying contents
AdithyanT McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 20 of 45

Re: Malware Behavior: Windows EFS Abuse

Jump to solution

Hi @sw41,

If that is the message you receive when you click on the attachment, please download and open the pdf and it should open just fine!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community