cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Is there a Signature for Fake AV downloads?

Jump to solution

Hi there!

I'm running a M-3050 Sensor with the newest sig-set at our perimeter to the internet in IDS-Mode (on SPAN-Ports).

We've recently had some trouble with fake antivirus downloads to some of our clients. While our Antivirus-Guys are trying to catch these programs on the client, I was hoping there might be signatures to capture those fake-av downloads while they are happening.

I've already activated GTI File Reputation option.

Do you guys have any suggestions as how this is possible?

Thanks!

Roman

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Is there a Signature for Fake AV downloads?

Jump to solution

I really doubt it. The IPS is not an AV scanner. If you would like to detect this thread on the wire then you may want to test McAfee Web Gateway, as it uses the same DAT files as the McAfee VSE.

Regards,

David

View solution in original post

4 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Is there a Signature for Fake AV downloads?

Jump to solution

Hi Roman,

we don't have a signature for fake-AV software. Keep in mind that the maximum file size for File Reputation is 1 MB.

Regards,

David

Highlighted

Re: Is there a Signature for Fake AV downloads?

Jump to solution

Hi David!

Thanks mate!

Do you know if there are any plans to include signatures for this type of threat?

catch ya,

Roman

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Is there a Signature for Fake AV downloads?

Jump to solution

I really doubt it. The IPS is not an AV scanner. If you would like to detect this thread on the wire then you may want to test McAfee Web Gateway, as it uses the same DAT files as the McAfee VSE.

Regards,

David

View solution in original post

Highlighted

Re: Is there a Signature for Fake AV downloads?

Jump to solution

Hi David,

thanks for your reply!

I've to have a chat with my colleges administrating our McAfee WebGateway. Maybe they can do something against those annoying fake avs.

Catch ya!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community