cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Virus Scan 8.7i unable to detect Trojan

Hi there,

We had an issue yesterday where several of our machines on the network which are running VirusScan 8.7i were unable to detect a trojan that was on the machine.

The issue was only brought to light when an external company virus scanned files that were removed from this machine and their software detected it.

The problem is highlighted in this McAfee threat thread http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=513367

The machine was running the latest Dat file at the time 6455 and running the scan engine 5400.1158

Seeing as this trojan isn't new - reported by McAfee on 30/05/2011 and that we were running the latest version of the DAT's, how is it possible that this was not detected, as there are no errors on the machine logs or server logs to indicate that any trojan / viruses have been found.

I had to manually remover the suspect files and delete registry setting etc on all of the affected machines, but i would still like to know how McAfee couldn't spot this one.

Although the impact as low in this instance, it worries me that there are potential other trojan / virus's on these machines that McAfee is also not picking up.

Any reasons as to what might have gone wrong here would be appreciated, and should there also be an equivalent McAfee product that we should be using in conjunction with VSE to help reduce any further risks.

Many thanks

Duncan

1 Reply

Re: McAfee Virus Scan 8.7i unable to detect Trojan

If you are running ePolicy Orchestrator, there may be configuration changes you need to make with your On Access Scanning policy, or perhaps other policies. I would first check to make sure the folder in question was actually being scanned, and wasnt excluded by your On Access Policy, or anywhere else.

Furthermore with 8.7, I would make sure you are running the Anti Spyware module for additional protection. You can also leverage Artemis as well by adjusting sensativity levels of your scans.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center