cancel
Showing results for 
Search instead for 
Did you mean: 
McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 1 of 25

GAM 2014.2 BETA

All we are looking for people to test the GAM 2014.2 engine.

Details here:

This thread is the one where we would you to discuss questions/problems.

thanks,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
24 Replies
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 2 of 25

Re: GAM 2014.2 BETA

Hi Michael,

are there any new additional features to the 5700engine in the new GAM?

New Version is up and running on our MWG in DMZ. Let´s see what happens. 🙂

GAMv2.jpg

Cheers,

Thorsten

Highlighted
McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 3 of 25

Re: GAM 2014.2 BETA

Thanks Thorsten

Just updated the Blog Post with "New Features"

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
feickholt
Level 10
Report Inappropriate Content
Message 4 of 25

Re: GAM 2014.2 BETA

Hi

The following URL http://cache-ams02.cdn.yandex.net/download.cdn.yandex.net/browser/yandex/ru/lite/Yandex.exe?browser=...

was detected as PUP or McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious.L!70 using the current engine.

The new Beta engine tells me the file is CLEAN.

What is right?

Frank

p.s. Happy Christmas to all of you!

feickholt
Level 10
Report Inappropriate Content
Message 5 of 25

Re: GAM 2014.2 BETA

Any idea to check files against both engines for easier comparision?

My personal idea:

Check in proxy with old engine.

If infected -> forward to second proxy, (add findings in Headerfile)

Seconds proxy analyses again and shows both results....

Frank

dstraube
Level 11
Report Inappropriate Content
Message 6 of 25

Re: GAM 2014.2 BETA

Hello Frank,

the 2014.2 engine has improved a lot when it comes to False Positives. So the number of False Positives that you have seen with the older engine should go down. The file you've mentioned had a detection ratio of 0/54 when checked using virus total, so it was a False Positive and the file is not infected.

Regards,

Dirk

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 7 of 25

Re: GAM 2014.2 BETA

Hmmm,

hi all did some testing with the file. Wrote down some explanation as well (I´m a detail freak *g*)

1) yandex.exe

the file itself seems to be clean. Also sandbox systems showing no problem. virustotal.com shows the file is clean.

But, when analyzing with ATD (executing the file) the result shows connections to a site which is categorized as Risk/Fraud/Crime.

yandex_browser.jpg

There is also content downloaded from internet. The files are stored in the user profile and the whole directory is 380MB in size. 🙂

ATD detects several malicious activity.

My conclusion:

GAM works fine as expected, because MWG never executes a file and a false/positives is removed with the new GAM version. The "malicious behavior" starts, if the file is executed on the endpoint. There are 467 files stored on disk.

TIE/DXL will close this gap, because the whole behavior will be analyzed with all involved files.

2) Files in the user profile directory

Did some behavior based analysis with the files stored in the user profile directory. No system detected malicious behavior with the samples i uploaded.

Final conclusio:

This means, if you ask the question "is this file okay or not" you will detect much well known malware and many zero-day malware with GAM. But, with this approach you will not detect sophisticated threats. 🙂

Cheers,

Thorsten

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 8 of 25

Re: GAM 2014.2 BETA

Thanks Michael for the info,

Improved Down-Selection Support for Windows Executables

Does this mean ATD integration with "Data Trickling" or "Offline Scanning"??

Installed this:

- GAM heuristics higher than 30%: Trickling page occurs

- GAM heuristics lower than 30%:supported file is sent to ATD with offline scanning.

Btw,waiting with pleasant anticipation for DXL integration. 🙂

Cheers,

Thorsten

McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 9 of 25

Re: GAM 2014.2 BETA

Hi Thorsten - happy new year 1st

So, that improved down-selection means that GAM is now taking other vectors into consideration and enable a better 'grey' detection so that you will get more 60-90 ratings as opposed to 0 and 100 as previously.

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 10 of 25

Re: GAM 2014.2 BETA

updated any proxy to the new GAM (during listening Vienna Philharmonic Orchestra - New Year's Concert).....  🙂

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community