thank you. Interesting to see that you use threats to get your protection put to the test. I wish I could but I do not have time and material to do the same.
Excuse me, you still have not answered my other question: so are you using Access Protection and with which rules and how come that does not work?
Attila, Yes I still use Access Protection and make it very strong by using all possible rules and make sure I only leave room for Windows executables. I block almost everything like temporary creation of files, modifictaion of user settings and rights etc.
Set the Artemis to VRY HIGH in both On Access as well as On Demand scans. When doing an on demand, I select all the options to scan even the files migrated to storage etc. But still, some nasty malware get the best of it
I do not have experience with real life infection analysis so I can only guess: does not a typical infection use techniques that could be prevented (mostly or at all) with Access Protection? Let us assume that Access Protection itself is protected and we do not speak about the recent vulnerability of VirusScan 8.7.
Should not it prevent loading malware pieces if - understandably - has got to the harddisk, downloaded etc and no Artemis signatures for it?
Well, Access Protection can ONLY protect us against threats that McAfee identifies with or without Artemis. Let me tell you even when you selct the option of prevent McAfee services from being stopped, Lots of malware can get through and defunct McAfee which results in the Access Protection being disabled and subsequently the On Access scanner also goes off. This is against the nasty malware on client machines.
But if you ask me the same question in reference to a Business network where everything is managed via ePO and HIPS software is used, that will definitely protect you almost all the time.
VSE is a damn good software. I only test against Zero days just to understand what kinds of threats creep up and what is the scope of my protection agains them
are you using VSE home edition in your test environment? Otherwise I just can't believe what you are saying here. I'm not denying that malware does get through, but I can't believe the relation between Access Protection and Artemis. It can't be. To me illogic.
Access Protection is a "blind IDS" I used to say, however a little basic one. When it blocks it should not use Artemis, why should it?
Convince me, please.
I'm not experienced in analyzing infection methods I said and please tell me, what clever routes can a piece of internet malware (not a classic virus) take, that the following AP rules would not block:
- Prevent programs registering to autorun
- Prevent installation of browser helper objects and shell extensions
- Prevent installation of CLSID and TYPELIBS (ok I'M cheating here, we do not have this rule enabled)
- Prevent remote creation of autorun files.
other than for example the Windows Restore folder, maybe.
Then I've heard of some malware travelling through low level network packets that VirusScan cannot sense, this could be the second.
I'm really curious. You must have heard some interesting pieces of information in the firm. How do they cope with such tricks?
Just an info: I'm currently working with GTI proxy appliance, commissioning it for internal use. I'm having a few issues, though, not an easy task..
Are you familiar with Unix and GTI proxy? I might have some help here...
I am not happy at all with this joke of a antivirus , it misses a lot of malware but it deletes files that are harmless, it uses up more resources and slows down the pc more then other suites do ,and it doesn't even provide better protection to compensate, to be honest i think Mcafee intentionally misses malware to charge their clients 90$ for the virus removal , a company that is selling you software to protect your pc lets all kind of dangerous stuff in your computer then charge you to remove it, it's not like you payed for the product, it's the users fault if he gets infected , it's not like we buy this so called total protection suite to be protected.
The 2011 version from what i see will be as the 2010, no improvements in detecting malware , new technologies etc.
I am very disappointed with this product and tho i still have another 2 years going of my subscription if mcafee dosn't start improveing the detections and do a more serious job i will change to another company.
As much as I like McAfee, I have to agree with this person,
McAfee's forum support, brilliant,
But the software, isn't as good, I like some of the features, but look at Norton, they were like myspace as to facebook now, bad.
Now they are pretty good, fast, better detection.
I one day hope McAfee will step up to the mark..