cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

BEWARE vulnerability scanner

Has anyone found the huge danger with the vulnerability scanner? I sent my son off to Oxford University with McAfee Livesafe I thought protecting his computer. All the automatic updates were on - including the vulnerability scanner.

Sure enough it found some software that an updated it - trouble was that it updated Bit Torrent, which many teenagers use, but which he had turned off.

The new update was automatically turned on by default.

Two films were uploaded from his machine and he incurred a fine from the University of £150!!!

I thought that McAfee was there to increase my security - not to open one that a coach and horses could drive through. I would go so far as to say that any piece of software that automatically acts as a gateway to open up your machine to other users without your knowledge is a VIRUS.

The vulnerability scanner doesn't even keep a log of what it's done (according to McAfee "Tech support"), so there is no way of checking apart from the update time stamps on the software it has updated.

My advice is to SWITCH OFF ALL MCAFEE AUTOMATIC UPDATES - only a fool gives software that is this irresponsible free reign to their computer. Make it ask if it is okay to update everything before it does so, then at least you have some idea what it is doing - McAfee doesn't.

41 Replies
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 2 of 42

Re: BEWARE vulnerability scanner

Moved to PC Optimization > Vulnerablity Scanner>Discussions By Moderator

Cliff
McAfee Volunteer
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 3 of 42

Re: BEWARE vulnerability scanner

,

                  Please know that if you wish, can open your McAfee UI, click on Navigation > Vulnerability Scanner> Scheduled scan Settings. Then select "Don,t set a Scan Schedule"

All the very best,

Catdaddy

Cliff
McAfee Volunteer
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 42

Re: BEWARE vulnerability scanner

All the Vulnerability Scanner does is update software.  It doesn't tell it to download anything other than updates to itself, those that you mention must have been preset in the Torrent software itself.  I have uTorrent on mine and occasionally it will update that but never, ever would it cause a Torrent download of material.    If you don't want something updated then it should be uninstalled until such time that you need it. Torrent clients will always default to on when updated for some reason, that's beyond McAfee's control.  But what puzzles me is Vulnerability Scanner always asks you first if you want to update whatever it has found so I don't see how the above could happen.

Simple answer is know your software and turn off automatic scanning in Vulnerability Scanner.

Mind you, it may be a good idea to make such settings optional, in which case a Product Idea can be posted here: 

ygtbsm
Level 7
Report Inappropriate Content
Message 5 of 42

Re: BEWARE vulnerability scanner

I realize you're just passing on info and best-practice from your perspective, but the answer is unsatisfying to PAYING customers of McAfee products.

Years ago, I had µTorrent on my machine, but I've deleted it.  There are no traces of it anymore.  I've gone over my entire registry and my entire hard drive.  The only reference on my machine to µTorrent must be inside some configuration file of McAfee, because it isn't anywhere else.  How is McAfee determining to "update" software on my machine that isn't even installed?

McAfee's message for a few years now:  "Even if you've paid good money for McAfee products, when they fail to operate as expected, just turn said functionality off."

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 6 of 42

Re: BEWARE vulnerability scanner

Your last line is not true, I'm a long-time customer and know that for a fact.   However, people do have issues and these forums are often the place they come with them.   Your first post here was questioning an issue that was fixed long ago.  Vulnerability Scanner is merely a tool to help do the job a user should be doing anyway, checking that everything is up to date, it is merely a helper which looks for possible vulnerabilities due to outdated software, and does not force you to do anything.   It by no means endangers your machine in any way.   If yours is finding updates for utorrent then I respectfully suggest that you've missed some uTorrent registry key somewhere.

However, Technical Support would be the people to sort this out and they are free to phone or you can use their free online chat.  Link below.

Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers

Consumer Technical Support (alter Country @ top right as needed)

Consumer Customer Service (Accounts, Billing, Registration, etc.)
Anti-Spyware/Malware/Hijacker Tools


Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 7 of 42

Re: BEWARE vulnerability scanner

As I do have uTorrent installed I was curious why yours would be offering updates for something that was uninstalled (obviously not a clean uninstall either, not your fault), so I fired off an email to a contact I have at McAfee.  I don't promise a quick answer or any solution, but will post a response if I get one.

ygtbsm
Level 7
Report Inappropriate Content
Message 8 of 42

Re: BEWARE vulnerability scanner

I respectfully disagree that Vulnerability Scanner is "merely a tool to help do the job a user should be doing anyway".  Users shouldn't have to manually scour the registry in order to prevent VS from installing an update to a program which Windows itself says (by way of "Control Panel\Programs and Features) is not installed on that machine.

To satisfy myself that I've done all a user should have to, I just did the following:

I scoured my registry again.  The only presence of the term "torrent" appears as ".torrent" as a known file extension entry in my registry.

I ran MVS again.

It wants to "update" to Utorrent 3.0.0.26473

I'm about to contact Technical Support right now.

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 9 of 42

Re: BEWARE vulnerability scanner

The registry is not necessarily the complete list of software on your machine - using the registry is entirely optional. You should search your hard disk for utorrent.exe

re the time periods, afaik, MVM first appeared in our 2013 product for consumers, so you must be saying you uninstalled utorrent before then?

tthe bottom line is that utorrent is being detected, thus it must still be on your machine. I'd guess it's still in your temp or downloads folder.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 10 of 42

Re: BEWARE vulnerability scanner

utorrent also writes the following keys, did you delete them?

HKCU\Software\Classes\btdna

HKCU\Software\Classes\FalconBetaAccount

HKCU\Software\BitTorrent

Found that by doing a Google Search for utorrent registry keys

Also check that no browser add-ons are associated with it, albeit disabled.  If so remove them.

Am still checking for others.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community