1 Reply Latest reply on Feb 28, 2012 11:43 AM by pwolfe

    Trojan Not Detected, Common Standard Prevention

      I have a noticed that the Internet Security 2012 trojan does not get detected by McAfee VirusScan. It logs that the  Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate in the logfile, but does not prevent the trojan from running.


      Is there a way to set McAfee Access Prevention to prevent and app from running that tries to stop McAfee processes.

        • 1. Re: Trojan Not Detected, Common Standard Prevention

          Which Version of VSE are you running - If its VSE 8.8 AntiSpware Is bundled however you will need to set -AP- Rules,  You should Look at the Different Polices for running files from certain locations. - This does not always work, however for the most part it does and when it does not it only is running in user space / memory as all our users are Standard Users on the computer.


          I have ran for  6 Years with McAfee VSE and not had a major infection. I have had a few incidents that have dropped file to a users Application Data or Local Settings Folder. that was not caught by OAS however these are easy to clean as the users have no rights to the workstation.


          Here is a Partial List of what we have enabled. - You will need to add exclusions for your environment to these after enabling them. I would go lightly as they can cause issues with applications.


          AntiSpyware Maximum:

          Prevent all programs from running files from the Temp folder

          Prevent execution of scripts from the Temp folder


          AntiVirus Standard Protection:

          Prevent Windows Process spoofing

          Prevent hijacking of .EXE and other executable extensions


          AntiVirus Maximum Protection:

          Prevent svchost executing non-Windows executables


          Common Standard Protection:

          Prevent installation of Browser Helper Objects and Shell Extensions

          Prevent common programs from running files from the Temp folder

          Disable HCP URLs in Internet Explorer


          Common Maximum Protection:

          Prevent creation of new executable files in the Windows folder

          Prevent creation of new executable files in the Programs File  folder





          Message was edited by: pwolfe on 2/28/12 9:43:02 AM GMT-08:00