1 2 Previous Next 16 Replies Latest reply on Jun 9, 2010 11:12 AM by Vil

    Mcafee dont Detect any Malwares

      We Have Mcafee Antivirus Enterprise 8.7 with AntiSpyware 8.7, i have notices that it is not detecting any Malwares,
      and i have forced to use Malwarebytes' Anti-Malware to solve a lot of problems.

       

      is thee any solution from Mcafee for  Malwares?

       

      i have noticed that the REAL time protection is not working i have to run the scan to detect the viruses
      otherwise the Mcafee will not detect any virusto trojans !!!

       

      Please see the attached snapshots from 2 different servers.

       

       

      Message was edited by: Yasin Yasin on 4/17/10 3:28:24 AM CDT

       

       

      Message was edited by: Yasin Yasin on 4/17/10 3:28:52 AM CDT
        • 1. Re: Mcafee dont Detect any Malwares

          Hi Yasin,

           

          I also face this problem. McAfee on-access protection does not necessariliy detect viruses unltill on-demand scan is run. On windows 7 windows 2008 systems when I do on-demand scan, I've to go to each system and click yes to the user access control prompt :-) Sometimes McAfee is disabled and cannot be enabled eventhough access protection is configured to prevent this from happening. Regarding antispyware, you are already using Malwarebytes and I would suggest that you stick to it. McAfee anti-spyware is nothing more than a joke.

           

          But I believe they are doing something about it.

           

          regards,

          1ndian

          • 2. Re: Mcafee dont Detect any Malwares

             

             

            Hi 1Indian

             

            am really upset , it is too risky as we have more than 14 servers, really this Malwarebytes software is very good and it saved our (…) so many times. I cannot believe that we cannot depend on the Mcafee (Total Protection ) to protect our servers.

            Regarding your problem with McAfee is getting disabled and cannot be enabled this was a bug in V 8.5 and they have solve it in V 8.7
            if you can upgrade it will be better.

             

            As you Said:

             

            McAfee anti-spyware is nothing more than a joke.
            McAfee anti-spyware is nothing more than a joke.
            McAfee anti-spyware is nothing more than a joke.

            • 3. Re: Mcafee dont Detect any Malwares

              I find McAfee picks up a lot of stuff in my environment, however the one thing that it always misses, which I have posted about before, ts that it always seems to miss these fake AV infections.

               

              It really is useless at picking these up.

               

              Even when I have all the policies setup as tight as they can be, without impacting on the users ability to do what they need to do, it still misses them.

               

              They often are able to disable McAfee too, even though the policies state that they shouldn't.

               

              I actually really like ePO and I quite like McAfee stuff from the managment side of things.

              But yea, I often end up having to use Malware bytes too, even when PCs are up to date and the policies are tight.

               

              Actually, for me, that is the thing that McAfee always misses.

              It has been a long time since anything else got through for me, but fake AV programs always keep popping up on a regular basis.

              Especially new ones, McAfee seems to be very far behind.

              Malware bytes always works on them, but 4 months later and McAfee still doesn't get those ones.

               

              I have attached a screenshot of something that McAfee recently missed, as usual, it was another fake AV program.

              The PC was running VSE8.7 Patch 3 and was fully up to date, McAfee was set not to allow to be disabled or services stopped, but this infection turned of McAfee and installed the fake AV.

              McAfee didn't pick it up even once the PC was scanable!

               

              Malware bytes picked stuff up straight away.

              I would be happy if McAfee purchased malware bytes and integrated it with VSE, so I could manage it from ePO.

               

              We have a number of sites and thousands of PCs, all the local techs still need to use malware bytes every now and again (they tell me about it).

              And it is nearly always for fake AV programs that have disabled McAfee.

              • 4. Re: Mcafee dont Detect any Malwares

                they dont have to buy malwarebytes. instead, they can use their technology in their productst. symantec use malwarebytes technology in their products. if mcafee is planning to buy, i would suggest websweeper over any other product. that will also help mcafee overcome lack of proper rootkit detection.

                 

                I believe its already too late for McAfee to release a web centric (file, web, IM) antivirus which is really ONLINE always. old style file read/write scanning is proving less and less beneficial.

                 

                I agree with you that ePO is one hell of a product and McAfee can really be proud of it. i just wish that the end user product also get TIMELY changes to remain valuable ot the IT Personnel.

                 

                 

                on 18/4/10 5:36:07 PM GST
                • 5. Re: Mcafee dont Detect any Malwares

                  Hi Yasin,

                   

                  May I know which level of Artemis are you using ?

                   

                  Also, When it comes to Access protection and the On Access Scanner, what settings have you implemented ?

                   

                  I do agree that there may be cases where McAfee may have plainly missed out an infection and that happens because of the new additions of the variants of such malware. However, It is not that McAfee is unaware of the goings on. We certainly are taking account of all the feedback and constructive criticism coming our way.

                   

                  As a suggestion, It might prove helpful to check and see what settingss are being used in the Full Scan mode and trying to up the ante with the On Access Scanner as well. Setting the default actions of On Access Scanner to 1} Clean and 2} Delete would help as well.

                   

                   

                  Sameer

                  • 6. Re: Mcafee dont Detect any Malwares

                    Hi Sameer

                     

                    Thanks for your reponse, as you can see it is not my problem alone and i know a lot of other people facing the same problem,

                    I dont think that all of us having problem with the settings of the VSE as most of us are System or Network Admins not an home users !!!.

                     

                    when you use Malwarebytes you don't need to do anysettings at all and it is catching hell of malwares and infected files.!!

                     

                    however it is very good to hear that Mcafee aware of it and i hope they be able to solve it ASAP.

                     

                    Regards

                     

                     

                    Yasin

                    • 7. Re: Mcafee dont Detect any Malwares
                      Attila Polinger

                      Dear Yasin and others,

                       

                      please enable Access Protection block/notify at least for the following rules (apart from that is by default or already have been set so):

                       

                      - Prevent McAfee Services from being stopped (main AP page checkbox)

                      - Prevent registry editor ans Task Manager from being disabled

                      - Prevent remote creation of autorun files

                      - Prevent installation of Browser Helper Objects and Shell Extensions

                      - Prevent termination of McAfee processes

                      - Prevent modification of McAfee files and settings/CMA files and settings/Scan engine files and settings

                      - Prevent programs registering as autorun

                       

                      These in my opinion cover most entry points where a trojan can install itself and do additional harm. You might have to define some exclusions in your enterprise environment, but it is worth even so.

                      Also enable Artemis (heuristic network check) in OAS / ODS in Medium level at least. Make sure heuristics is enable in program/macro level in OAS.

                      Make sure that antispywares scanning is enabled in OAS (detect unwanted programs) and set actions for unwanted programs. OAS without MAS will not clean delete, only notify upon detection.

                      Consider enabling "Processes on enable" in OAS. Review OAS scope of scan, too.

                       

                      Access Protection is a key component in my opinion and a must to use to prevent new strains of malware.

                       

                      Hope this helps

                       

                      Regards:

                      Attila

                      • 8. Re: Mcafee dont Detect any Malwares

                        All those rules and access protection are enabled in my environment.

                        On access scanner is enabled for read and write operations.

                        There are only a few exculsions (none of which have come into play on any malware infections)

                         

                        Without crippling the end user experience the policies are pretty tight.

                         

                        Still, I find that the fake AV programs can still often disable McAfee and infect the systems.

                         

                        As I said, I've noticed not a lot of stuff does get through, but always these fake AV programs are the ones for me.

                        With all those rules enabled, they are still often able to disable McAfee and install themeslves.

                        Once it gets to that stage McAfee is then useless basically.

                         

                        It then requires a lot of manually messing with the machine to be able to get to install Malware bytes.

                        Once you can get to that stage Malware bytes will nearly always fix the problem totally.

                        (If not totally, it at least can show the PC as infected and clear Most of the stuff, so you have only a few things left to do manually)

                         

                        As I said before, I am not ant-mcafee, I like ePO, but yea, when you have 2 spend a number of hours looking at a PC wich gets infected, when all the access protection rules are on, and on-access scanning is enabled (on read and write), you really think the product is useless at those times.

                         

                        Especially when if you just install malware bytes it cleans the machine.

                        • 9. Re: Mcafee dont Detect any Malwares
                          Attila Polinger

                          Hello,

                           

                          The following things come to mind in response to your reply:

                           

                          - some security patches are missing from the infected hosts.

                          - some OAS exclusions are in place that are missing from ODS scans.

                          - autorun is not disabled

                          - infected hosts did not get the policy or the VirusScan console was not protected with a password so users could disable modules.

                          - some exclusions exist in rules that should not be there (like Explorer.exe or svchost.exe, etc.)

                           

                          There are another AP rules: Prevent new installation of CLSID, APPID and TYPELIBs. and Prevent Internet Explorer favourites and settings. A trojan must install a CLSID so it can be loaded by references in other said places. This rule however prevents legitim installations quite often.

                           

                          Attila

                          1 2 Previous Next