So we are using VSE 8.8, and i've been noticing in ePO that threats are detected, but several threats are not getting removed. I frequently see the Medfos trojan, and McAfee has a hard time deleting it.
unfortunately another IT team owns the client system, and they have granted end users local admin rights with Windows UAC turned off.
My question is do you think I should approach our malware issues from a McAfee issue perspective, or the fact that we have local admin / UAC turned off? I do verify that customers are receiving the latest dat, so that's not the issue.
But the problem is that the scan is detecting threats, it's just not able to remove them. I did confirm that they have the latest DAT update.
Message was edited by: realistic on 2/6/13 12:07:37 PM CST
Verify what action is selected in VSE.
2.Double clik Full Scan
3.Under action conferm Delet is selected.
4.Click Scan items and make requird changes.
5.Click Performance tab and Set the Artimes level High.
6.Increase the Artims level high in OAS as well.
Try these and let me know.
And VSe will remove this threat as it was coverd in the following DAT.
Another thing that you have asked, Keep UAC enabled on all client machines and users shoudnt have Domain priviliges,(failing doing so will brought potential threats to yur environment, because users wil install remove, browse any thing they want.)
Message was edited by: alexn on 2/6/13 12:35:46 PM CST
I turned up artimes to high on our full scan (ran once a week), and medium on our daily quick scan. It was set to Low on both scans before, so i'll see how this works out.
You can also define a user account to use for the scans, and I entered in the local admin credentials (it was blank before), so that might help as well.
I'm also working on getting UAC turned on, although it's not my decision and may be a lengthy battle. For now i'm going through the best practise document for VSE and see if we can make any improvements. We have made lots of improvements since the previous admin, but I have a feeling we still have a long way to go.
I understand, I would like to add here that VSE will not work as firewall or will not stop user actions, let say if your user clicked any email having malicious link, so what would happen, your system will be compromised, in this case VSE will monitor suspious activities withen the system and will remove it, Its better idea to review VSE best practice guide and do according to that.
Also downlod McAfee stringer tool from here and run it on machines which are compromised, you can also do it via ePo on many machine creatig a client task.
Some more tools are here:
And I want that Run stinger tool in safe mode with networking.
Please let me know if you find something.
Message was edited by: alexn on 2/8/13 5:18:41 PM CST