Hi team,

A user recently synced their document folder to OneDrive, and SharePoint Online was able to detect a X97M/Laroux.gen! (a macro virus) from a really old spreadsheet that was created sometime around 2010.

The workstation has full scans scheduled to run daily. However, McAfee was not able to detect this virus for many years until some other malware detection built-in to SharePoint was able to alert us on this virus.

McAfee DAT is up to date. I ran a McAfee scan on this file specifically but the result says nothing found.

I even pulled the file out and tried to transfer the file to a sandbox that has Fortinet, and immediately the transfer was stopped and a pop-up message warns that there is a virus found. Did the same thing on a machine with Windows Defender and Defender was able to detect the virus immediately.

Question is, this virus has been around since the early 2000s, so how is it McAfee not able to detect something like this?

More background, we have McAfee ePO. The workstation has the McAfee Agent, VSE + AntiSpyware Enterprise, and HIP.

Is it possible that this workstation is missing the right McAfee tool to scan for this type of malware?