cancel
Showing results for 
Search instead for 
Did you mean: 

What is YOUR "on-access detection" message?

The VSE On Access General Policy allows you to put a custom message, when a detection occurs.

Historically, we had a quite alarming message, to try to get the message across to users - something like "VIRUS ALERT! A virus was detected, please review... blah blah".

Since deploying patch 4, there have been more BO alerts (let's not discuss that here) and so the message has not been appropriate - it wasn't considered that this message was seen for all types of alerts.

We have now changed the message to be more "generic".

However, what message do YOU use? How do you best get the user to decide what action should be taken (clean/delete/no action/contact support)?

4 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: What is YOUR "on-access detection" message?

I moved this to VSE for a quicker response.

---

Peter

Moderator

McAfee Employee wwarren
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: What is YOUR "on-access detection" message?

I've seen messages that steer people toward calling helpdesk, or even individuals.

I've seen messages that say something like "Don't move, we're coming to you - if we're not there in 5 minutes continue with other work but leave this message alone".

In most cases that I recall, there's no message provided for the User, it's suppressed. If you're getting an On Access Scanner detection, it means there is malware we know about - and it means we've denied access to the file; whether the action taken by us results in "cleaned" or "deleted" or "Clean failed/Delete failed", there was a "denied access" that occurred first. So you can be confident that particular threat is not active - but, it could be a clue that some other malware we _don't_ know about just tried to drop malware we _do_ know about.

I suspect that's why I've seen messages like the 2nd example.  Detection notifications are worth following up on; it seems like a question of Data Information Security vs. the cost to maintain the desired level of confidence in that security.

I would say much more on this about what I'd really like to have happen if I had a say in educating Users about information security, but that's off topic.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
Reliable Contributor Pmaquoi
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: What is YOUR "on-access detection" message?

sorry for my english

we have decided for our domains (9000 WKS 1200 SRV) to never display a message for a OAS action. it's denied and it's ok like that. We are following each alert from the epo in real time and we will act if necessary. Displaying a message for OAS is a time consuming process for everyone as the user panics, then call the helpdesk etc.....

Highlighted

Re: What is YOUR "on-access detection" message?

Our message states that malware has been detected, and to contact our SOC. It should always be up to the SOC to determine how to proceed.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community