Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
771 Views 5 Replies Latest reply: Feb 8, 2013 3:21 PM by alexn RSS
realistic Newcomer 8 posts since
Jan 9, 2013
Currently Being Moderated

Feb 5, 2013 12:28 PM

Threats not getting removed

So we are using VSE 8.8, and i've been noticing in ePO that threats are detected, but several threats are not getting removed. I frequently see the Medfos trojan, and McAfee has a hard time deleting it.

 

unfortunately another IT team owns the client system, and they have granted end users local admin rights with Windows UAC turned off.

 

My question is do you think I should approach our malware issues from a McAfee issue perspective, or the fact that we have local admin / UAC turned off? I do verify that customers are receiving the latest dat, so that's not the issue.

  • alexn Veteran 722 posts since
    Aug 9, 2012
    Currently Being Moderated
    1. Feb 5, 2013 4:57 PM (in response to realistic)
    Re: Threats not getting removed

    I think,immediately you should run a full scan task on all of your client machines in any off time with archive scanning enabled.


    Post Timings: 6.00 AM to 3.00PM PDT
  • alexn Veteran 722 posts since
    Aug 9, 2012
    Currently Being Moderated
    3. Feb 6, 2013 12:35 PM (in response to realistic)
    Re: Threats not getting removed

    Verify what action is selected in VSE.

    1.Open consle

    2.Double clik Full Scan

    3.Under action conferm Delet is selected.

    4.Click Scan items and make requird changes.

    5.Click Performance tab and Set the Artimes level High.

    6.Increase the Artims level high in OAS as well.

     

    Try these and let me know.

     

    And VSe will remove this threat as it was coverd in the following DAT.

     

    http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=1435835

     

    Another thing that you have asked, Keep UAC enabled on all client machines and users shoudnt have Domain priviliges,(failing doing so will brought potential threats to yur environment, because users wil install remove, browse any thing they want.)

     

    Message was edited by: alexn on 2/6/13 12:35:46 PM CST

    Post Timings: 6.00 AM to 3.00PM PDT
  • alexn Veteran 722 posts since
    Aug 9, 2012
    Currently Being Moderated
    5. Feb 8, 2013 5:18 PM (in response to realistic)
    Re: Threats not getting removed

    I understand, I would like to add here that VSE will not work as firewall or will not stop user actions, let say if your user clicked any email having malicious link, so what would happen, your system will be compromised, in this case VSE will monitor suspious activities withen the system and will remove it, Its better idea to review VSE best practice guide and do according to that.

     

     

    Also downlod McAfee stringer tool from here and run it on machines which are compromised, you can also do it via ePo on many machine creatig a client task.

    http://www.mcafee.com/hk/downloads/free-tools/stinger.aspx

     

    Some more tools are here:

     

    http://www.mcafee.com/us/downloads/free-tools/index.aspx

     

    And I want that Run stinger tool in safe mode with networking.

     

    Please let me know if you find something.

     

    Regards

     

    Alex

     

    Message was edited by: alexn on 2/8/13 5:18:41 PM CST

    Post Timings: 6.00 AM to 3.00PM PDT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points