Recently I`ve been testing virus detection rates of mcafee internet security using samples from various sources, and submit the missed samples via getsusp
But in the reply there`re a lot of reports indicating samples that should have been detected, but missed.
The missed detections exist in various forms, but mostly begins with prefix "RDN"， together with some other detections.
| 08.ex_ | 91b62b6cb2700902ebdd994426be0850 | detected | fareit-fcg!91b62b6cb270 | Unknown |
| 23.ex_ | 73175263ed0ca60015a7cdf515ac1dfd | detected | genericr-ete!73175263ed0c | Unknown |
| 18.ex_ | 8fc4c25a70024b2398764abc87dbd697 | detected | rdn/generic pws.y | TROJAN |
| 21.ex_ | fd80e978ee3b05ef226c686697343488 | detected | rdn/generic downloader.x | TROJAN |
| 43.ex_ | 8afecc8e61fe3805fdd41d4591710976 | detected | rdn/generic.dx | TROJAN |
| 45.ex_ | b5d6e82d9a2c83830774ae98ab1bd766 | detected | rdn/generic downloader.x | TROJAN |
| 34.ex_ | ec30c5cbca734b6c0311e5f332558606 | detected | rdn/ransom | assumed_dirty4 |
| 48.ex_ | 63821a12980a9e6b11c3dd9b9e15230e | detected | trojan-fhhb!63821a12980a | assumed_dirty4 |
| 03.ex_ | 198daed0fe23f7317a8cfb97b171d97b | detected | rdn/generic backdoor | TROJAN |
| 25.ex_ | 52299d477e0bea01a82da8142511b94d | detected | generic-fawt!52299d477e0b | TROJAN |
| 09.ex_ | badf74e12ab1921d61b11d8ef924e3f9 | detected | generic-fawt!badf74e12ab1 | TROJAN |
| 41.ex_ | 6ed422ec24ecc7afef56ba0ef3df3dfa | detected | rdn/pwcrack-winspy | PUP |
| 29.ex_ | baa0c1b7c0da0e0e3c9b5c7d6e534ff7 | detected | generic-fawt!baa0c1b7c0da | TROJAN |
So mcafee IS cannot detect a lot of malware even if mcafee think it can. And that will pose our PC into great danger.
Plz fix it ASAP.
It also depends on your definition of malware but all the ones above were detected. But best wait for comments from someone at the labs.
In all tests conducted by the media McAfee/Intel scored very highly.
my definition is the samples were detected using on-access or on-demand scan.
I`m not questioning the real detection rate, but it seems that MIS is not fully showing its capabilities on my PC.
What you're seeing is the difference between signature based detection and behaviour based detection - since most malware is one time polymorphic, the chances of seeing the same signature twice is so low that it's hardly worth recording it.
That's where behavioural detection comes in.
There`re some samples that mcafee shows they should be detected right now are missed on my PC, according to the results frome getsusp above
what else do you think do I need to provide to make this more clear?
I`ve searched some information about "RDN" detections, the readme files of DAT files says that
RDN/ Denoting the malware signature
was authored by McAfee Automation system.
So what`s the point of mentioning behavioral detection? There`s no behavioral detection in consumer products, that`s already known.