2 Replies Latest reply on May 6, 2010 5:01 PM by sameer172006

    AntiSpyware solutions/programs that work alongside VirusScan

    twenden

      We have a corporate grant for McAfee that gives us access to the McAfee Anti-Spyware plugin. However, in all our testing, we have noticed that it does not stop/prevent the Fake AntiVirus/Rogue software pests. Being a large university, we are trying to find out what Anit-Spyware solutions that we could offer faculty/staff. The students will be already have access to free solutions like Malwarebytes etc. On university owned systems we are trying to find a legal/paid version that would work for us. The biggest amount of calls the helpdesk deals with is with thos pesky rogue software packages that infect end-users systems.

       

      What are other people running in their environments to protect against fake virus alerts etc.

       

      Thanks

        • 1. Re: AntiSpyware solutions/programs that work alongside VirusScan
          jmcleish

          Hi,

           

          We are a Uni too, and have the exact same problem. Many of our machines get infected with malware and lots of time is taken to re-image the machine. (this has now been decided rather than spending time trying to run all sorts of scans etc).

           

          We currently use Webroot Anti-Spyware Corporate Edition, but when our licence runs out next year i'm planning on changing to McAfee Total Protection for Endpoint to include the AS module. (cost and single mgmt console are benefits- neither here nor there that neither of them stop it!)

           

          Webroot doesn't stop the fake anti-virus either, and I've searched around some of the Sunbelt Vipre forums and folk there have the same problem with that not stopping it. They suggest cleaning it with malwarebytes!

           

          I'd be suprised if any one does stop it.

           

          I'm planning on testing Site Advisor. maybe that will help a bit as most of the problem is user education. As i mentioned in another post its simply no longer acceptable for a user to say "oh, i just clicked on that link or that popup".

           

          the fake scams are getting very complex in execution to fool everything.

           

          Some interesting reading from the original AntiVirus 2008 scan:

          http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack

           

          I too am interested- so let's here if anything does.

          This is one area that all AV companies need to seriously look into. and using access protection features to prevent all installs isn't really functional. The machine still needs to have software installed and working normally.

           

          Jane

           

           

          Message was edited by: jmcleish on 06/05/10 08:11:08 CDT
          • 2. Re: AntiSpyware solutions/programs that work alongside VirusScan

            Twenden,

             

            I completely agree with you about how the rogue antimalware programs have become the order of the day and it is the major issue that the IT department has to deal with. I just want to inform you that currently the variants of these rogue programs are being generated at an alarmingly fast rate. I beg to differ about McAfee completely being unable to stop these threats. However, I do acknowledge the fact that newer variants achieve in bypassing most of the AVs.

             

            This is where the users need to be a little intelligent about what sites they are visiting and what hyperlinks they are clicking on. I suggest you ponder over the following to up the ante against this tirade :-

             

            1} Start using the McAfee Site Advisor. It is a very useful tool in keeping you away from the bad websites.

             

            2} Tweak your Artemis settings. If yoru Artemis is set to Medium, Bump it up to High. If it is set to default which is Very low, Then you might want to set that to Medium.

             

            3} Try and generate a report from the ePO to check and see what is the source of these infections and assign a policy to block those websites.

             

            I am sure with the current trend, McAfee will soon better the detection rates and make sure that these rogue programs are caught.

             

             

            Thank you

             

            Sameer