cancel
Showing results for 
Search instead for 
Did you mean: 
kenobe
Level 10
Report Inappropriate Content
Message 1 of 4

Postalreceipt.exe Only Found During OAS or ODS

Jump to solution

Hi all,

I have a user that unwisely downloaded the postalreceipt.zip file and unzipped it.  SCCM shows the file existed on the system 22 Jan.  It wasn't until a scan was run 7 days later that VSE found and deleted the Trojan.

I have noticed this wtih several recent detections - SCCM shows the files as of one date but VSE doesn't detect the files until a scan is run. 

Shouldn't VSE hit on these files as they are downloaded to the machine, not just during a scan?

Thanks

Ken

1 Solution

Accepted Solutions
Highlighted

Re: Postalreceipt.exe Only Found During OAS or ODS

Jump to solution

It is very possible the file was not known as a threat when originally written to the system; dats update daily.

It is also possible your ODScan is set to scan archive files where your OAScan is not.

This is one reason I like to schedule daily scans for user folders only; low utilization, targeted scans to reduce complaints.  Should take about 5 minutes to complete.

View solution in original post

3 Replies
Highlighted

Re: Postalreceipt.exe Only Found During OAS or ODS

Jump to solution

It is very possible the file was not known as a threat when originally written to the system; dats update daily.

It is also possible your ODScan is set to scan archive files where your OAScan is not.

This is one reason I like to schedule daily scans for user folders only; low utilization, targeted scans to reduce complaints.  Should take about 5 minutes to complete.

View solution in original post

kenobe
Level 10
Report Inappropriate Content
Message 3 of 4

Re: Postalreceipt.exe Only Found During OAS or ODS

Jump to solution

Great idea about scanning user folders daily.

I did check the policy yesterday and found .zip files were excluded from scans.  That's enabled now

Re: Postalreceipt.exe Only Found During OAS or ODS

Jump to solution

I like running the daily scans on user folders, temps & recycle bin.  Set the GTI to high or very high; exclude files older then 30 days and set the resource utilization to very low.. Scans should go undetected by users.

You will be very surprised what is found in Java and temp folders.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community