I'm running 8.7i with epo server 4.5.
Now we are getting pounded by these fake av program like xp security tool, xp AV 2011. these program show the fake av screen that your infected and it usually hide your programs and user data.
what setting are all of you setting for you policies that you see helping to combat this infection?
thanks for any help
McAfee released a 20 page pdf on this topic last week. It contains some info for epo policy settings in Access Protection to fight the fake alerts.
rdefino, what is your desktop patching strategy, and are you promptly patching all common web plugins (adobe reader/ adobe flash/ quicktime/ java), or are you making the mistake of many environments and only patching Microsoft stuff?
An environment I did some work for was getting their butts handed to them on fake AV (they were mcafee customers too) and after a large effort of implementing vulnerability scanning and getting religion about patching third party web plugins, it's not a big problem any more. That's probably where the biggest bang for the buck is on time spend for the fake AV issue.
I know I am only a Moderator on the consumer side but I read that PDF out of interest and am surprised that it only mentions the regular Stinger tool and not the Fake_Alert one. When it was written I believe they were possibly one and the same, but now they are two distinct entities;
I'll alert the powers that be to have it revised.
Message was edited by: Ex_Brit on 16/07/11 9:00:52 EDT AM
Thanks for picking up on this Peter. The doc was produced prior to the most recent changes made to the fake alert stinger - smart scan and fix to scan being the really important for Fake AV. I've asked the KB folks to amend the doc.
We're really keen to get feedback on the new Fake Alert Stinger - if you do have the opportunity to use it please come and post about your experience in the new Top Threats space. I'm going to move this thread over there now.