I am trying to find out how to check if the following file sav.exe (md5: 5dc438c8c9ab91ccadba1de82ab481d9) would be detected and stopped by McAfee. Also can you provide from which version of .DAT this file is detected?
Hi @Former Member,
Thank you for your post. I looked this up internally and as @patrakshar stated, we do not have detection for this file in DAT for ENS. However please be assured that we cover this malware using Artemis/GTI under the name: RDN/Ransom. GTI is a technology that is enabled by default in McAfee products like ENS and VSE where cloud server is looked up for the detection information and files are determined malicious with the same.
Also, if you are using VSE (VirusScan Enterprise), then this is covered by DAT as well using the same detection name.
So, if you are using ENS (Endpoint Security) then, kindly please follow @patrakshar advice andplease create a SR with us.
In the future, you can search for file hashes on (or upload suspicious files to) VirusTotal.com.
For example, as AdithyanT explains, this appears to be detected by McAfee as RDN/Ransom:
Worth a mention.