Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
732 Views 6 Replies Latest reply: Jun 17, 2013 2:09 PM by Kary Tankink RSS
Dvanmeter Apprentice 341 posts since
Feb 9, 2005
Currently Being Moderated

Jun 10, 2013 1:51 PM

Hips Signature

Anyone else notice that the signature "Java Envelope - Creation of suspicious files in Temp folder" doesnt seem to trip when it should.  The signature "Java Envelope - Starting suspicious process from Temp folder" seems to work fine, but for every infection I have traced a vulnerable version of java writing the malware file to the temp directory it has never tripped.

  • greatscott Champion 283 posts since
    Jul 18, 2011
    Currently Being Moderated
    2. Jun 13, 2013 2:04 PM (in response to Dvanmeter)
    Re: Hips Signature

    its hard to say since McAfee does not publish the signature definitions. you won't be able to test accurately since you dont know what you are testing for.

  • Kary Tankink McAfee Employee 655 posts since
    Mar 3, 2010
    Currently Being Moderated
    4. Jun 17, 2013 11:33 AM (in response to Dvanmeter)
    Re: Hips Signature

    Try something like:

     

    2013-06-17 11_32_17-ePolicy Orchestrator 5.0.0 (Build_ 1160).jpg

     

     

    Change the Operations as desired.

  • Kary Tankink McAfee Employee 655 posts since
    Mar 3, 2010
    Currently Being Moderated
    6. Jun 17, 2013 2:09 PM (in response to Dvanmeter)
    Re: Hips Signature

     

    Destination File is only used for a MOVE/RENAME or a HARDLINK operation (where there is a Source/Destination file).  See the help menu on FILES class signatures.

     

    2013-06-17 14_05_51-McAfee Help Portal.jpg

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points