Hi Frank,

Afaict, the jsp is sane so far apart from the redirect to the malware.

the below is likely why you get no conviction now. Can you access the payload from your company?

thanks,

Michael

Hi,

the JSP file is also included in the regular DAT file on endpoint.

Cheers

, extended the GAM Test to the whole company. Actually we see no problem or no problem was reported to me. 🙂

Thanks for the info, Thorsten!

Hi Frank,

The transferred file contained a virus and was therefore blocked.  URL:

So we catch that with Artemis.

But why did not virtustotal detect the malware using the MWG Engine?

Now I can see the site is rated as malicious....  (I was unrated this morning). Also the GAM detect now the object....

Is there a process where MC checked virustotal findings? 🙂

This is with all objects I've tested here. I've tested a few untested findings a few minutes ago (also findings from yesterday), there I've the same result. GAM did not find anything. Virtustotal has findings with 5-8 different virusengines.

Ok here is the next one....

http://dl2.vip0installer.com/download/Base/450233/candide/java.exe

Site is uncategorized by McAfee

Using Virus Total

Java.exe

ist PUP using Current Enging

Nothing using New GAM

(

URL: http://dl2.vip0installer.com/download/Base/450233/candide/java.exe

Media Type: application/executable /

WebSite Reputation: Unverified (16)

WebSite Category:

Avira Version: Avira-Engine=8.3.28.16|Avira-VDF=7.11.209.128|Avira-Savapi=1.5.0.34

McAfee Version: AM-DAT=3516|AM-Engine=7001.1402.1890|MFE-DAT=7708|MFE-Engine=5700|Avira-Engine=8.3.28.16|Avira-VDF=7.11.209.128|Avira-Savapi=1.5.0.34

MGAM VersionAM-DAT=3516|AM-Engine=7001.1402.1890|MFE-DAT=7708|MFE-Engine=5700

)

Chrome Browser said "Potential Malicious"

and Virus Total

As you can see Mc detects also the file. But our Proxy says: CLEAN!!!

URL:

I'll give you a call Frank, to check some options.

According to your screenshot - there is detection by GAM on VT.

I'm on the latest and greatest 7.5.1 btw.

Hello,

all the detection issues here are Artemis (Cloud Lookup) related. With the GAM v2014 the way the Artemis lookups are done has been changed and if you need to import a rule to activate those lookups in MWG. The ruleset is in the Rule Library, you can find it under the Common Rules. The name is "Set URL Filter Internal Settings".

Fresh MWG 7.4 (and higher) installation have this ruleset by default. If you upgraded from older MWG versions this ruleset might not exist and needs to be imported. This should be done, even if you still use the v2013 GAM engine version, as it will enable the engine to use Trusted Source reputation and categorization information for the detection. The v2014 GAM engine requires this rule also for the file reputation, the v2013 did the file reputation in a different way.

Regards,

Dirk