This content has been marked as final. Show 13 replies
Any answers for this ?????? Has any one faced this isssue and was solved ?????????
Did you select to detect the unwanted programs?
As I stated in another thread that you posted in...
First of all, different anti-virus applications will find different "infections", often these aren't infections but rather "pups" or "Possibly Unwanted Programs" and as such may be harmful or maybe not. One A/V will find something that another doesn't ... and so on.
That's why we recommend that people keep extra anti-spyware applications handy: http://community.mcafee.com/showthread.php?t=136913
Also if VirusScan isn't detecting something that you feel it should and you know its location follow this procedure:
Send a file to Avert for analysis:
Email file to: email@example.com
When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP should be no more than 3 megabytes in size and can contain no more than 30 files. Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.
Yes we do have unwanted programs settings configured. Also I would like to reieterate the thing that, as per the setting of virus detected and not removed, it is detecting the items as infected. There are many infections which we get the alert for. Now when it is detecting these things, why it is not cleaning or Deleting is a concern.
Should any setting extra has to be included for this in Epo or should each time I have to enter the files found in unwanted programs configuration policy option???
That's an interesting point, I'll flag it. Hopefully someone else will have a comment.
I noticed this when we deployed 8.5
Upon further research, we discovered that McAfee is performing normal. When scan on read/write is enabled, viruses are caught and deleted as required.
However, what happens when a new virus comes out and the signature set has not been updated? The virus will be allowed to load. Now assume the virus is loaded and in memory.
A few days later updated signatures come out. The new signatures detect the virus in memory but cannot delete them because the file(s) is in use.
Once the host is rebooted, A/V should be able to delete any of these processes as they try to load again.
This is why scan on read is so important.
If McAfee is detecting but not deleting viruses even after a reboot, you may have other issues.
As a user of the Enterprise level Antivirus solution, how feasible is it to reboot the systems to have the virus cleaned..??:(
Most of the virus detected are very common.
Can you give some examples of when you get this "virus detected and not removed" message and where these infections are found? In which file/folder?
This is where scan on write is important, virus is loaded but unable to perform any actions. Essentially quarantined until AV can clean it out.
I believe this is an operating system limitation more than an AV limitation. McAfee could have easily not reported anything until deleted as many vendors do.