cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kevin_27
Level 7
Report Inappropriate Content
Message 1 of 4

McAfee is not detecting if an USB is plugged

Jump to solution

Hi Team,

                 We are managing an environment with around 2000 computers. We are using ePO 4.6 to manage the Mcafee Clients. Issue what we are facing is that when we plug an USB to any of the machine, we dont see or get a message that McAfee is scanning it. We also belive that the scanning is not happeningat all. Any thoughts?

1 Solution

Accepted Solutions
rmetzger
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: McAfee is not detecting if an USB is plugged

Jump to solution

Hi Kevin,

kevin_27 wrote:

                  We are managing an environment with around 2000 computers. We are using ePO 4.6 to manage the Mcafee Clients. Issue what we are facing is that when we plug an USB to any of the machine, we dont see or get a message that McAfee is scanning it. We also belive that the scanning is not happeningat all. Any thoughts?

'We also believe that the scanning is not happening at all.'

Scanning will take place as long as you have 'Scanning on Read' ON. This is critical!

When files are read from the USB drive, the files read are scanned at time of the read. This happens in the background and no 'message' is displayed. Scanning should happen on Autorun.inf launched files as well. Again, Scanning on Read is essential.

'we dont see or get a message that McAfee is scanning it.' Yes. I prefer it this way. I don't want to interrupt anyone to say, 'Yes - I am slowing you down with a scan.' I don't need to report, 'things are normal' filling up my logs with information that is not helping with an outbreak.

Imagine inserting the USB cable to a 3 TB backup drive. Scanning the entire drive or even a half filled drive would be extremely performance draining and time consuming. I regularly insert and soon thereafter remove a 128 GB flash drive. I could not 'properly' remove the drive until the entire scan completed. So, I could wait, then eject correctly, or I could remove the flash drive early and potentially corrupt it's file structure. Neither is beneficial to securing the system against transferring malware, from the flash drive to the system.

Again the true protection is based on making Sure that 'Scanning on Read' is ON.

You may also want to block 'Autorun' from happening, but that is debatable.

A bigger question might be, 'What information may be Leaking via a USB attached drive?' With that in mind, consider McAfee's DLP program.

So, check your settings to make sure that 'Scanning on Read' is On.

Hope this helps.

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

3 Replies
rmetzger
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: McAfee is not detecting if an USB is plugged

Jump to solution

Hi Kevin,

kevin_27 wrote:

                  We are managing an environment with around 2000 computers. We are using ePO 4.6 to manage the Mcafee Clients. Issue what we are facing is that when we plug an USB to any of the machine, we dont see or get a message that McAfee is scanning it. We also belive that the scanning is not happeningat all. Any thoughts?

'We also believe that the scanning is not happening at all.'

Scanning will take place as long as you have 'Scanning on Read' ON. This is critical!

When files are read from the USB drive, the files read are scanned at time of the read. This happens in the background and no 'message' is displayed. Scanning should happen on Autorun.inf launched files as well. Again, Scanning on Read is essential.

'we dont see or get a message that McAfee is scanning it.' Yes. I prefer it this way. I don't want to interrupt anyone to say, 'Yes - I am slowing you down with a scan.' I don't need to report, 'things are normal' filling up my logs with information that is not helping with an outbreak.

Imagine inserting the USB cable to a 3 TB backup drive. Scanning the entire drive or even a half filled drive would be extremely performance draining and time consuming. I regularly insert and soon thereafter remove a 128 GB flash drive. I could not 'properly' remove the drive until the entire scan completed. So, I could wait, then eject correctly, or I could remove the flash drive early and potentially corrupt it's file structure. Neither is beneficial to securing the system against transferring malware, from the flash drive to the system.

Again the true protection is based on making Sure that 'Scanning on Read' is ON.

You may also want to block 'Autorun' from happening, but that is debatable.

A bigger question might be, 'What information may be Leaking via a USB attached drive?' With that in mind, consider McAfee's DLP program.

So, check your settings to make sure that 'Scanning on Read' is On.

Hope this helps.

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

kevin_27
Level 7
Report Inappropriate Content
Message 3 of 4

Re: McAfee is not detecting if an USB is plugged

Jump to solution

Hi Metzger,

                          First of all thanks for your reply and for making me understand. I have a question here, if i turn this feature 'Scanning On Read' on wont the system experinece an performance degradation. Whether we insert an USB or not, the hardisk will scan the system for read operations as well. Ami i right or have i completely misunderstood?

rmetzger
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: McAfee is not detecting if an USB is plugged

Jump to solution

Hi Kevin,

kevin_27 wrote:

                          First of all thanks for your reply and for making me understand. I have a question here, if i turn this feature 'Scanning On Read' on wont the system experinece an performance degradation. Whether we insert an USB or not, the hardisk will scan the system for read operations as well. Ami i right or have i completely misunderstood?

Good question. The short answer: Yes.

One must always balance performance and security. On 'average,' there are 4 to 8 reads to every write. So, yes there is going to be an impact.

However, McAfee's VSE v8.8 may help mitigate some of the impact.

Five years ago, one could argue that turning Off Scan on Read was OK, but since the introduction of Conficker and similar malware, the requirement must be to have Scan on Read ON. Stopping the spread of malware via USB attached drives also require Scan on Read. (Stuxnet was successful at infecting Internet isolated networks, via USB.) Unfortunately, this is the world we live in, in my humble opinion.

I might suggest a good read: https://kc.mcafee.com/corporate/index?page=content&id=KB74059&pmv=print&viewlocale=en_US

At the bottom of the document you will find links to the 'VirusScan Enterprise 8.8 Best Practices Guide.'

Hopefully this is helpful.

Ron Metzger

Message was edited by: rmetzger on 7/24/13 10:22:26 AM EDT

on 7/24/13 10:33:58 AM EDT
Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community