1 Reply Latest reply on Jul 25, 2012 6:57 PM by wwarren

    Missing alerts / messages during malware attack

      Hi - I am a newbie on this forum. 

       

      I recently suffered a malware attack with Win32-Malware-gen, ZeroAccess and Downloader.  I have VurusScan Enterprise and Anti-Spyware Enterprise 8.7.0i with DAT file 6770. The On-Access Scanner, Access Protection and On Delivery Email Scanner are all enabled.  During the malware infection I did not receive any alerts or messages from VSE although the "Send messages to local user"  option is ticked under OnAccess Scanner. In fact I ended up using another product to detect and remove the infection because I thought VSE was not performing. 

       

      However when I investigated the Quarantine log I noted that VSE had detected and quarantined numberous occurences of the malware over the period of the attack.

       

      I am wondering why did I not receive any messages or alerts that VSE had detected and quarantined these files?  Am I missing a option?

       

      Many thanks for your help.

        • 1. Re: Missing alerts / messages during malware attack
          wwarren

          Most likely cause, explained here: KB69407

           

          Problem

          The On-Access Scanner messages window does not display when saving an EICAR test file, or any real malware, to a TXT file.

           

          NOTE: Detection does take place and action is taken; that is, the offending file is still cleaned or deleted as appropriate, but the scanner fails to display the expected message window.

           

           

          Cause

          A secondary process, such as the Search Indexer service, has touched the file prior to the original scan request completing. That secondary process is running under the SYSTEM account, and therefore no pop-up appears to the user because the user is not the SYSTEM account. It is the secondary process that triggers the detection.

          Solution

          This scenario occurs only outside normal operating parameters and is expected behavior. The file was detected and action taken because of the secondary process and not because of user action.