cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Status regarding Taidoor Malware

Jump to solution
We recently received an alert from the FBI and several other sources regarding Taidoor Malware. My management team is interested to know what levels of protection are in place given that we are running ENS 10.6.1. We are in the process of rolling out 10.7 (May update) and we would like any information that can be provided by McAfee regarding thsi current form of Malware: Example: (Current DAT coverage, Exploit Prevention, Access Protection, know file hash values, etc, Thank you.
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Status regarding Taidoor Malware

Jump to solution

Hello ,

Please be informed that we already have coverage for this variant of Malware in our Production DAT / AMCore content  as well as GTI coverage. Kindly ensure your DAT / AMCore content is upto date 

Thank you .

McAfee Support .

View solution in original post

6 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Status regarding Taidoor Malware

Jump to solution

Hello ,

Please be informed that we already have coverage for this variant of Malware in our Production DAT / AMCore content  as well as GTI coverage. Kindly ensure your DAT / AMCore content is upto date 

Thank you .

McAfee Support .

View solution in original post

Highlighted

Re: Status regarding Taidoor Malware

Jump to solution

Thank you very much.

Glenn

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 7

Re: Status regarding Taidoor Malware

Jump to solution

We strongly recommand you upscale to 10.7 latest version asap.

Also make sure you are aware of the different modules inkl. ATP / TIE Server.

The "Endpoint Security Advanced Threat Protection ATP" Module is free with the ENS licence new.

You can use it CLOUD-based or install a licences TIE-Server internal but only recommnded together with an ATP-Sandbox (Expensive but you need it these days....) With the TIE-Server you have more control and can aprove yourself or deny and also all info is kept on premise (Inhouse).

Greetings from Switzerland

 

 

 

 

Highlighted

Re: Status regarding Taidoor Malware

Jump to solution

We are in the process of upgrading  to ENS 10.7 and I recently implemented TIE and DXL.

I will be posting another message regarding how some powershell scripts are now being detected as malicious after upgrading to 10.7.

I hope you can review this and let me know you opinion.

Thank you again,

 

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 7

Re: Status regarding Taidoor Malware

Jump to solution

Hello,

About the Powershell (If its not your code) check it on virustotal.com.

That INFO is also pulled by ENS ATP and also TIE. They seem to have a extreme large amount of false/Positive with virustotal.com because they integrated some new fresh scanners.

You can't turn ALL powershell Options in the EXPLOIT Modul on. Some are impossible to use in an example develelopment enviroment company.

Greetings from switzerland

Highlighted

Re: Status regarding Taidoor Malware

Jump to solution

Thank you again...I may add a separate post on how best to manage Powereshell Script issues. Since implementing ATP as part of ENS 10.6.1,  we have seen some strange detections related to certain Powershell scripts. Adding the actual script as an exclusion resolved the issue for OAS.

In the latest case, ATP is in "Enable Mode" yet the description results state:

"Adaptive Threat Protection would have repaired C:\Windows\ccmcache\5m\GUI.ps1 based on its reputation (Known Malicious), but didn't because Observe mode is enabled."

 

Additional notes:

Threat Source Process Name: powershell.exe

Event Category: Malware detected using heuristics

Threat Name: Real Protect-PSL!5077131b8a83

Threat Type: Trojan

Action Taken: Adaptive Threat Protection Would Clean

Threat Handled: True

Analyzer Detection Method: Real Protect Client

Module Name: Adaptive Threat Protection

Rule Description: No rule affected this reputation

 

 

Thank you!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community