I recently scanned a malware sample and submitted the hash to virus total with the following results
http://www.virustotal.com/file-scan/report.html?id=4241a9371023e7452475117ff1fcd 67262dab56bf1943b5e0c73ff2b2e41f876-1319226526http://www.virustotal.com/file-scan/report.html?id=4241a9371023e7452475117ff1fcd 67262dab56bf1943b5e0c73ff2b2e41f876-1319226526
It reports the malware as being recognized by McAfee, HOWEVER I am not getting the same results when scanning in my test environment with a more recent DAT file. Virus total used McAfee DAT from October 21st. I am using McAfee DAT from the 27th.
I'm at a loss as to why a less recent version would catch this malware but not the most current version.
Any insight is greatly appreciated
What McAfee product are you using so I can move this to a more appropriate spot? This area is for reporting problems with the forum interface itself.
OK I moved it there - hopefully someone from VSE will spot it soon.
I have seen this too. My only thought is to the artemis detection. VirusTotal might have artemis set to "Very high". Try to scan the same file with a custom ODS with the Heuristics set to "Very High" and see if it gives you the same detection.
Maybe but the thread is from 2 years ago so the parameters have probably changed.
I asked virustotal and the answer is:
"We use a command line version of McAfee scanners here (...). We also use cloud detections and beta dat files in that products."
Message was edited by: yemre on 3/17/13 2:49:20 PM GMT-06:00
Message was edited by: yemre on 3/17/13 2:51:53 PM GMT-06:00