Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
500 Views 3 Replies Latest reply: Apr 17, 2013 8:10 AM by Attila Polinger RSS
ollie_321 Newcomer 2 posts since
Apr 17, 2013
Currently Being Moderated

Apr 17, 2013 5:00 AM

VSE 8.7 8.8 failing to detect Autorun worm

Has anyone else seen VSE 8.7i or 8.8i failing to detect or partialy failing to detect w32.changeup W32/Autorun.worm.aaeh!gen ??

 

I have two client machines one with 8.8 and one with 8.7 which quarantined 3 files marked as the above worm, but still have about 10 or more infected files on each machine.

 

Norton (free trial!) immediately detected the additional files and removed - VSE 8.8 just sat there saying that "All was well, nothing detected ".

 

both 8.7 and 8.8 were fully updated as of today (5400 engine and dats as of 16-04-2013). I started going through the sample submission process to submit to McAfee but it was so long winded i gave up in the end !!

 

Capture.JPG Capture2.JPG

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    1. Apr 17, 2013 7:38 AM (in response to ollie_321)
    Re: VSE 8.7 8.8 failing to detect Autorun worm

    Hi,

     

    what I see in your first picture is that Norton has quarantined 4 files 3 of which were identically named (wonder if it is the same file).

    Further, two detections by Auto-Protect (that is OAS in their terminology) and one by SONAR heuristics. This could be just one file after all, could you confirm that? (no file paths are displayed)

     

    Also scope and strength of scan could be different I assume Norton has come with full armour whereas VirusScan config is unknown.

     

    The devil is in the details I can say, I have seen a Symantec endpoint protection management console showing "All is well" and green checkmark, while the criteria based on which it showed this were like this: do not alert until signatures are 30 days old, etc.

     

    Attila

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    3. Apr 17, 2013 8:10 AM (in response to ollie_321)
    Re: VSE 8.7 8.8 failing to detect Autorun worm

    Well, defaults can be different for each products and may mean different strength after all: for example the level of heuristics.

    I think the recommended setting of heuristic sensitivity for VSE is Medium (please try setting this, and also try setting it even higher - until something happens - for single scans of those undetected files).

     

    Please also try an ODS with memory, registry and folder scanning (a folder in which such a problem file resides.) and heuristic settings as above.

     

    In addition, please submit such an - undetected - file to virustotal.com to see if the config of the McAfee engine there makes a difference.

     

    And please if possible patch up both Virusscans to the latest patch.

     

    Thanks.

     

    Attila

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points