2 Replies Latest reply on Feb 12, 2010 12:50 PM by wwarren

    VirusScan Enterprise 8.5.0i not detecting viruses

      We run several different virus scanners across the networks in my organization.  Each virus scanner setup on the different networks is independent from the others.  On one of our networks, running VirusScan Enterprise 8.5.0i, we found that people are getting infected frequently.  We have no issues on our other networks.  I removed the hard drive out of one of the infected computers and connected it to a stand alone computer we have.  I scanned the hard drive with norton and with VirusScan Enterprise 8.7.0i.  The virus files are detected with both those scanners.  I booted the hard drive on a virtual machine and ran the virus, nothing was detected.  I ran a full system scan and nothing was detected.  The virus dats are up to date, the same date as the 8.7.0i scan engine.  I can't figure out why the virus is detected by the other scan engines, but not the 8.5.0i.  We have are over 100 computers on this particular network running VirusScan 8.5.0i, and it seems that they are unprotected from viruses.  Any help on this would be much appreciated.

       

      Thanks

      Matt

        • 1. Re: VirusScan Enterprise 8.5.0i not detecting viruses

          Hi Matt,

           

          It would help you can provide detection names from other vendors. Also note that some malware are VM aware, so they wouldn't run the same code as when installed on physical.

          Try running McAfee command line scanner to check if you are missing something in the configuration.

           

          HTH.

          Redouane

          • 2. Re: VirusScan Enterprise 8.5.0i not detecting viruses
            wwarren

            The most common reasons for missed detection by my reckoning, are -

            1. Incorrect scanning configuration

            2. Inadequate DAT and/or Engine

            3. Invalid testing methodology

            4. A root-kit has compromised the system

             

            1 & 2 are easiest verified by examining the registry settings for the product. This is collected by the Support minimum escalation requirements tool (MER).

            # 3 requres a step-by-step explanation of what you do to reproduce the problem.

             

            This type of need is best solved by contacting McAfee Support.