1 2 Previous Next 13 Replies Latest reply on May 8, 2009 5:55 AM by Peter M

    Virus detected and not removed issues

      Hi,

      We are using McAfee Antivirus and Antispyware Enterprise 8.5.0i. We has been using Escan antivirus untill last 3 months when we switched over to mcafee. We can still see that McAfee is not able clean the spywares eg ; adware, when u save now adware.. and many more.. We get eh alert "Virus detected and not removed for some detections. These look very general detections but it is not able to clean or remove them.

      When done an On demand scan, it fails to find any thing but except cookies. When we do a manual scan using the Escan AV it catches lots of adwares and spywares.

      Why does a brabd product like mcafee fail to detect or clean such files where as a product lik escan does it. This is hard to digest or understand.

      Kindly help.

      Our Server details :-

      OS :-null Win 2003 Std / 4 GB RAM
      product :-null McAfee Enterprise Edition 8.5.0i (Antivirus + Antispyware)
      Programs installed :- Mcafee antispyware Enterprise module : 8.5.0163
      scan engine :-null 5200.2160
      McAfee Virus scan Enterprise Server Ver 8.5.0.781
      McAfee AutoUpdate :-null Version 3.6.0.546
      EPO server :-null Epo 3.6.1

      File System :- NTFS
      Internet Connectioon :-Server is directly connected to Leased Line. Clients connect to internet using proxy server.
      Current Location :-null Dubai / UAE.

      Kindly advice

      Santosh K
        • 1. virus detected and not removed..
          Friends......

          Any answers for this ?????? Has any one faced this isssue and was solved ?????????
          • 2. RE: virus detected and not removed..
            lfah2000
            Hi,

            Did you select to detect the unwanted programs?
            • 3. RE: virus detected and not removed..
              Peter M
              As I stated in another thread that you posted in...

              First of all, different anti-virus applications will find different "infections", often these aren't infections but rather "pups" or "Possibly Unwanted Programs" and as such may be harmful or maybe not. One A/V will find something that another doesn't ... and so on.
              That's why we recommend that people keep extra anti-spyware applications handy: http://community.mcafee.com/showthread.php?t=136913

              Also if VirusScan isn't detecting something that you feel it should and you know its location follow this procedure:

              Send a file to Avert for analysis:
              http://vil.nai.com/vil/submit-sample.aspx
              or
              https://www.webimmune.net/default.asp

              Or....

              Email file to: virus_research@avertlabs.com
              When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP should be no more than 3 megabytes in size and can contain no more than 30 files. Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.
              • 4. virus detected and not removed..
                Yes we do have unwanted programs settings configured. Also I would like to reieterate the thing that, as per the setting of virus detected and not removed, it is detecting the items as infected. There are many infections which we get the alert for. Now when it is detecting these things, why it is not cleaning or Deleting is a concern.

                Should any setting extra has to be included for this in Epo or should each time I have to enter the files found in unwanted programs configuration policy option???
                • 5. RE: virus detected and not removed..
                  Peter M
                  That's an interesting point, I'll flag it. Hopefully someone else will have a comment.
                  • 6. RE: Virus detected and not removed issues
                    I noticed this when we deployed 8.5

                    Upon further research, we discovered that McAfee is performing normal. When scan on read/write is enabled, viruses are caught and deleted as required.

                    However, what happens when a new virus comes out and the signature set has not been updated? The virus will be allowed to load. Now assume the virus is loaded and in memory.

                    A few days later updated signatures come out. The new signatures detect the virus in memory but cannot delete them because the file(s) is in use.

                    Once the host is rebooted, A/V should be able to delete any of these processes as they try to load again.

                    This is why scan on read is so important.

                    If McAfee is detecting but not deleting viruses even after a reboot, you may have other issues.
                    • 7. virus detected and not removed
                      As a user of the Enterprise level Antivirus solution, how feasible is it to reboot the systems to have the virus cleaned..??:(

                      Most of the virus detected are very common.
                      • 8. RE: virus detected and not removed..
                        Jubo

                        Can you give some examples of when you get this "virus detected and not removed" message and where these infections are found? In which file/folder?
                        • 9. RE: virus detected and not removed


                          This is where scan on write is important, virus is loaded but unable to perform any actions. Essentially quarantined until AV can clean it out.

                          I believe this is an operating system limitation more than an AV limitation. McAfee could have easily not reported anything until deleted as many vendors do.
                          1 2 Previous Next