1 Reply Latest reply on Sep 19, 2011 8:27 AM by greatscott

    McAfee Virus Scan 8.7i unable to detect Trojan

      Hi there,

       

      We had an issue yesterday where several of our machines on the network which are running VirusScan 8.7i were unable to detect a trojan that was on the machine.

      The issue was only brought to light when an external company virus scanned files that were removed from this machine and their software detected it.

       

      The problem is highlighted in this McAfee threat thread http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=513367

       

      The machine was running the latest Dat file at the time 6455 and running the scan engine 5400.1158

       

      Seeing as this trojan isn't new - reported by McAfee on 30/05/2011 and that we were running the latest version of the DAT's, how is it possible that this was not detected, as there are no errors on the machine logs or server logs to indicate that any trojan / viruses have been found.

       

      I had to manually remover the suspect files and delete registry setting etc on all of the affected machines, but i would still like to know how McAfee couldn't spot this one.

       

      Although the impact as low in this instance, it worries me that there are potential other trojan / virus's on these machines that McAfee is also not picking up.

       

      Any reasons as to what might have gone wrong here would be appreciated, and should there also be an equivalent McAfee product that we should be using in conjunction with VSE to help reduce any further risks.

       

      Many thanks

       

      Duncan

        • 1. Re: McAfee Virus Scan 8.7i unable to detect Trojan
          greatscott

          If you are running ePolicy Orchestrator, there may be configuration changes you need to make with your On Access Scanning policy, or perhaps other policies. I would first check to make sure the folder in question was actually being scanned, and wasnt excluded by your On Access Policy, or anywhere else.

           

          Furthermore with 8.7, I would make sure you are running the Anti Spyware module for additional protection. You can also leverage Artemis as well by adjusting sensativity levels of your scans.