If you have the appropriate admin rights, you could try the powershell Get-RegistryKey cmdlet and search for the existence of the key HKCU:\Software\Locky.  It's what Locky does just after it has managed to make an internet connection.  Interestingly, it creates this key even before any files get locked up or it gets its encryption key.  No internet = no registry key, even though the binary has fired.

If your version of PS doesn't have that cmdlet, then the "Get-ChildItem HKCU:\software" will work as well.  Since it's not doing a recursive search for files ending in .locky, rather looking for the specific registry key, it would run quicker across a collection of computers.  You could set a variable $result=Get-ChildItem HKCU:\software | where {$_.name -match "locky"}, and if $result.Name = "HKEY_CURRENT_USER\software\Locky"...you have a hit.  The lack of the key doesn't necessarily mean locky didn't fire (not in the case of the sample I have), it just hasn't been able to get an encryption key.  It's also not proxy aware, so blocking non-proxy outbound http requests can be a saviour (just have to whitelist legit services that do)  No key = no encrypt.

You are calling the correct number for McAfee Business support in Singapore.

The  http://service.mcafee.com/promise Link is indeed for consumer products - as it says at the top of the screen.

The main business customer support site can be found at https://support.mcafee.com

If you let me know your case number I will track it down for you.

I have tried to zip and password it with the password "infected" and was unable to upload. the virus file.
i do not know why which is why i open a case and posted an question.
but no one bother to see or reply.

10days? by the time the update is done my company data would be long gone just one part.

i have having extreme difficultly to contact McAfee for tech support 
1 ) i can be on hold just to contact with mcafee for like 1 hour and then transfer call waits another 2 hours. or more most of the time i just give up.

2) i have like 2 open cases and mcafee tech don't even bother to follow up and i have yet to get any call backs from them either.

resulting in needing to format my users PC (for first case) and restore my server using backups. ( current case)
worst is  some of my backups are infected resulting in 1 month data lost and of course the management isn't happy about it at all.

mcafee still picks up nothing and prevented nothing from happening
i am using VSE 8.8 by the way and i have always kept it updated at least on the server side.

the support provided is absolutely unacceptable  for enterprise/corporate users.

before it got merge with intel i thought it was ok. now it's totally worst than Symantec. 
at least Symantec is slow in resolving the issue but at least someone is there it listen to your problems and tries to help.
mcafee don't even bother picking up the phone

and now they still don't bother picking up.
anyone try to call?

hi andyng,

we are also faced this problem in some other customer places.The McAfee people told noway to retrieve that encrypted files .there some rules to protect for further  i am attaching the  file that means accessprotection rule

PFA

thanks&regards

jagadeesh.

I'm sorry you've had such a roller coaster of an experience with this ransomware. If it's any consolation, you aren't alone, thousands of people are victims of this everyday.

The situation with this type of malware, was pointed out above, to where you have to have prevention in place BEFORE you get the virus. And you can't do this with a DAT based scanner. Detecting it with a DAT, happens AFTER we get a sample, and add detection. (for the most part)  (I don't want to belittle the hard work that goes behind the scenes to proactively detect unknown samples, but it's VERY difficult to do, without creating false detections that can sometimes be worse than the virus)

All that said, we do want you to submit any samples that aren't detected, but understand it will be after the affects of the malware in your environment.

To get ahead of it, you have to stay on top of any preventative measures you can take.  There are many moving parts to this, including: Access Protection rules to prevent certain registry/file based actions from happening.

Blocking unknown network traffic with a firewall (both end point and network based firewall).

User education!! This one is one of the best ways, but least reliable.  If your users don't click on random stuff they get via email, or web popups, you will drastically reduce your infection rates.  You might consider our webprotect product (previously Siteadvisor), that can help dissuade users from clicking on stuff they shouldn't. (I'm sure there is a free version, as well as paid, but I'm no salesman.)

Remember, the malware authors test their viruses against current AV companies, to ENSURE they aren't detected before they try to "deploy" it to the world, so traditional DAT based AV, is limited in what it can do for these rapidly changing variants of ransomware.

Hope that helps, at least a little.

- David