1 2 Previous Next 15 Replies Latest reply on Mar 14, 2011 11:52 AM by almightyjay

    McAfee 8.7 does not detect virus when on a domain

      Hello,

       

      I have McAfee installed on all the 25 computers running Windows XP on my network. The computers are connected to a server running Windows SBS 2003 running a domain. Recently I encountered a virus attack on the system. I had the Access Protection, Buffer protection and the On Access Scanner turned on for all the computers.

       

      After digging in I discovered that the server had no virus, but the other PCs had. Moreover, when I logged in as administrator with the PCs on the Local computer (instead of the domain) - McAfee detected virus instantly. Also, it detects the virus when I do a system scan but shows it up again and again after each scan. It doesn't detect it with on access scanner though.

       

      So I am guessing that McAfee isn't detecting viruses / or has some rights issues when on a domain on the client PCs. I need to know how I should get it to work even on the client PCs.

       

      Any help would be appreciated.

       

      Thank You

      Ankit Saboo

        • 1. Re: McAfee 8.7 does not detect virus when on a domain

          I've moved this thread to our VirusScan Enterprise product area. Hopefully someone with product expertise can help you soon.

          • 2. Re: McAfee 8.7 does not detect virus when on a domain

            Very Very Interesting


            I faced the same problem in many PCs in my domain. W2K8 native domain. ePO running on W2K3 R2 and clients running XP SP2/SP3. people were complaining very slow system. I saw lots of services in the task manager. got suspicious. scanned the whole PC, caught enough viruses for lunch. another 6 or 7 PCs with same scenario. how the hell did viruses end up in the system? the only way any data can enter our network is through two IT administrator PCs. their PCs were clean. I didnt care to report it back then. We have multiple virusscaning on the email gateway.

             

            May be one more reason for McAfee to stop 'patching' and release a brand new version built from the ground up to defend new threats. Google for best antivirus or security suite; I promise, results are not in McAfee's best interest. It was OK 5 years back when enterprise used internet only for sending email. now even the office kitchen has computer. companies acknowledge internet as a business medium. slow and steady release is not going to work anymore.

             

            I've been hearing VirusScan 9.0 for a long time (even before 8.7i). The rumors were that it will have next gen antispyware and access protection. I for one, would really like that rumor to become real. Having the  largest virus signature database wouldnt help much if the program using  the engine doesnt do its job. Access protection in 8.7i was a very good start, but nothing progressed after that. I really wish to see access protection identify the files by the hash or digital signature rather than just name (which can be faked). If you create TEMP folder in any drive, access protection will block applications running from there. It was supposed to detect whether the temp folder is on a system drive; unfortunately, it doesn't. McAfee grew larger than I imagined; during the process it lost control of its products. But I still standby along with other loyal people to see it make a comeback with "enterprise" products that are made for this internet age.

             

            1ndian

             

             

            Message was edited by: easy1ndian on 3/13/10 11:15:27 AM GMT+04:00
            • 3. Re: McAfee 8.7 does not detect virus when on a domain

              You really haven't provided enough information for me to comment accurately about the situation. I'm sure many other people are in the same boat.

               

              Can you post part of the On-Demand-Scanner log file (and/or On-Access-Scanner log file) which shows the detection names and where they were found.

              • 4. Re: McAfee 8.7 does not detect virus when on a domain

                Mal09 wrote:

                 

                You really haven't provided enough information for me to comment accurately about the situation. I'm sure many other people are in the same boat.

                 

                Can you post part of the On-Demand-Scanner log file (and/or On-Access-Scanner log file) which shows the detection names and where they were found.

                 

                While all this happened, I was out of town and I still am and so I do not have access to the log file. Moreover, the problem was severe and the virus was disconnecting users from the network and so, those guys have already formatted the PCs and hence we don't have the log file.

                 

                But what I can tell you is that the scanner was not detecting any virus while on the client PC when logged in on the domain and as soon as you log out and log back in on the local computer, tadaa - it showed the viruses detected by the on-access-scanner. All the viruses were in system32.

                 

                The server did not even have a single virus which proves that the on-access-scanner (or u can say mcafee antivirus) was working well on the server.

                 

                I do not have ePO installed but should that make a difference? The installation package that I built was built with the ePO capability but I did not have ePO setup on any server. Again, should that make a difference? because the setup just had ePO capability and it never said that it won't work without an ePO server.

                 

                Thank You

                 

                 

                Message was edited by: sabooankit on 3/13/10 9:33:18 AM CST
                • 5. Re: McAfee 8.7 does not detect virus when on a domain

                  Saboo,

                   

                  I am interested in knowing the current VSE config that you have. Which engine have ypu deployed ?

                   

                  5400 or the 5300 ?

                   

                  Sameer

                  • 6. Re: McAfee 8.7 does not detect virus when on a domain
                    jgalarraga

                    I have the same problem in 200 computers. Several times my computers have been formated, because they had viruses and McAfee did not detect. I say "McAfee did not detect" because when I installed other globally recognized brand antivirus, this found several infected files.

                     

                    What can be that?

                     

                    I have a W2008Server, ePO 4.5 (patched), VS 8.7p4 engine 5400 and last DAT, AntiSpyware add on and SiteAdvisor 3

                    My clients are WinXP sp3 with VS 8.7p4 engine 5400 and last DAT, AntiSpyware add on and SiteAdvisor 3

                     

                    If you know something about this, please write me.

                     

                    Thanks,

                    • 7. Re: McAfee 8.7 does not detect virus when on a domain
                      Attila Polinger

                      Hi jgalarraga,

                       

                      from your screenshot I suspect that the trojan has placed itself in the Restore folder (which behaviour I've seen several times, when seeing ODS detections) to get planted by the opsys itself. I've searched the internet and found information that "by design" the System Restore does not allow manipulating files within the restore folder (except when a trojan writes there apparently :-( ). See: http://virusall.com/software/remrestore.php or http://www.f-prot.com/support/windows/fpwin_faq/350.html

                       

                      Therefore first thing to do is to disable System restore and then once that's done, you can start an ODS scan of the system with up to date signature and engine (and no file/folder exlusions, preferably).

                       

                      Attila

                      • 8. Re: McAfee 8.7 does not detect virus when on a domain
                        Attila Polinger

                        Hi Saboo,

                         

                        I replied to some other posters here and from what you are describing you might have the same situation: the virus or trojan sits in the System Restore folder which is enabled on PCs. The malware gets replanted to some other folder each time you run and ODS and from OAS the System Restore is inaccessible.

                        Please consider disabling System Restore and do a complete ODS and the another and see if you have the infection replanted on the second run.

                         

                        As for the users getting disconnected from the network: this could be a malware rewriting network config, which you might prevent with the appropriate Access Protection rule (some legitimate programs might be affected, though).

                         

                        If you had ePO the reconfiguration of all clients would have been more effective and the events would have been preserved centrally, I recommend using ePO.

                         

                        Attila

                        • 9. Re: McAfee 8.7 does not detect virus when on a domain
                          jgalarraga

                          Thanks so much for your answer but,

                          I want to know WHY...... If I purchased a total protection suit and it is fully installed and configured, my computers are infected?

                           

                          Therefore when uninstall mcafee and install other antivirus it detects viruses, I do not undestand.........

                           

                          I tryed with McAfee Artemis, tryed with a few options of maximun protection, but I have the same problem over my 200 pcs.

                           

                          thanks

                           

                          HELP ME PLEASE

                          1 2 Previous Next