1 2 Previous Next 11 Replies Latest reply on Apr 12, 2011 7:25 AM by krishnajeth

    Query.............

      Hi,

       

      Dude's,

       

      Here one of the Customer using McAfee EPS Standard Edition,

       

      Platforms we Installed Windows XP(With)SP 3,WinServer 2003(With)R2,

       

      Installed components,


      McAfee EPO With Patch 3, Mcafee 8.8,McAfee Agent 4.5,and  the remove option 8.7i patch 4.......in client tasks

       

      Here the problem is .......

       

      They  using Tally in local machine.....which has mcAfee antivirus.....

       

      If they click  sortcut of Tally .....McAfee detects the tally as Malware and has been detected .......and the tally exe is been removed from the computer.........

       

      When we added the path in exculded list in EPO console the same problem esists........

       

       

      Not only the tally more geneiune software accurs the same issue......

       

      kindly go through the msg ................

       

       

       

      Regards,

      krish....................

        • 1. Re: Query.............
          Attila Polinger

          Hello,

           

          I do not know tally.exe but assume that it is considered an unwanted program, and I think then exclusion should be made based on detection name (i.e. not filename) within the Unwanted Programs policy.

           

          But if the detection is a virus/trojan, etc and not unwanted, then exclusion should be made based on filename in the OAS default or high-low processes policies, whichever you might use.

           

          Attila

          • 2. Re: Query.............

            Hi,

             

            Note:

             

            Tally.exe is not ah unwanted programs.....r virus......3

             

             

            Eventhough i have added in exclusion list...........

             

             

             

            Regards,

             

            krish

            .................

            • 3. Re: Query.............
              Attila Polinger

              Hello,

               

              could you post here the following:

               

              - screenshots of the exclusion

              - OnAccess ScanLog.txt from %DEFLOGDIR% when next time tally.exe is detected and removed as virus

               

              Also please could you check if packers detection is enabled in the policy?

               

              Thanks.

              • 4. Re: Query.............

                Hi Sir,

                Thks,

                 

                 

                 

                 

                Could u guide me where is the packers detection policy in EPO console,

                 

                I will give u the scrshot after two days ......because in customer admin is not available........

                 

                 

                Regards,

                krish.........:-)

                • 5. Re: Query.............
                  Attila Polinger

                  Hello,

                   

                  I was wrong, packers detection is in EWS and not in VirusScan, sorry about that.

                   

                  Waiting for the screenshots.

                   

                  Thanks.

                  • 6. Re: Query.............

                    Herewith i attached the screen shot for ur concern.........

                     

                    The tally.exe is not ah virus ....it is used for accounts purpose ............

                     

                    Kindly go through the screen shots........

                    mcafee 2.JPGmcafee 1.JPG

                     

                     

                    mcafee.JPG

                     

                    Regards,

                    krish.......................

                    • 7. Re: Query.............
                      Attila Polinger

                      Hello,

                       

                      I see this detection is made during a managed ODS scan. Did you exclude tally.exe in this ODS scan (Exclison tab in scan defitinon)? Also, please check if "Overwrite client exclusion is NOT selected, should you not exclude tally.exe in this managed ODS scan (same tab).

                       

                      In adition I would check how high is Heuristic network check level is set (this is Artemis). Maybe there were no need to exclude tally.exe if this heuristic network check would be lowered (depending how high it is set now, of course lowering deeper than from Low is useless).

                       

                      Attila

                      • 8. Re: Query.............

                        Hi sir,

                        ya that tally.exe is detected in ODS scan only..........

                         

                        i have excluded the exe in list...........

                         

                        wht should set in the heuristic network check high r normal..........

                         

                         

                        nw the status is high............

                         

                        the cpu performense is low............

                         

                        Regards,

                        krish.................

                        • 9. Re: Query.............
                          Attila Polinger

                          I think the heuristic network check on level Medium should be enough for daily use, High is a bit too sensitive, I guess.

                          1 of 1 people found this helpful
                          1 2 Previous Next