1 Reply Latest reply on Dec 14, 2011 8:45 AM by bakerrl

    VSE not detecting, preventing, finding, or cleaning FakeAlert fraudware

    mbedford

      I've had two users get the FakeAlert (XP Antivirus 2011) virus recently. They both had recently patched Windows 7 systems with up-to-date managed VSE (v8.8) installed.

       

      While running diagnosis and scan on the machines, I directed the VSE to scan the viral executable directly: it pronounced the file clean. This concerns me greatly.

       

      I have gone through the ePO applied the changes protecting the .exe registry entries (the FakeAlert fraudware likes to change these). I will not tell the ePO to block changes to the system autorun as there are legitimate reasons our systems may need this to be modified.

       

      My question is this:

       

      Why is the McAfee VSE incapable of preventing the FakeAlert infection or, once it is installed, detecting and removing it?