3 Replies Latest reply: Aug 23, 2013 8:09 AM by nofear123 RSS

    VSE 8.8 Malware Detection by Internet Downloads

    nofear123

      Hello Community,

       

      we have a strange behaviour by VSE 8.8. Someone downloaded a private PDF File from a Freemail Provider to his desktop.

      One day later our regular on demand scan started and showed that the file was infected with PDF/Blacole. The file was directly deleted.

      Our VSE 8.8 is max. setted to security, all files are scanned, heuristic, macros, compress files are actived and so on...

      We have no exclusions.

      Why VSE did not found the infected file when downloading the file to desktop?

      Does VSE 8.8 doesn´t scan file coming from the internet downloads?

       

      Does anyone have an idea?

        • 1. Re: VSE 8.8 Malware Detection by Internet Downloads
          martin.poth

          i have the same problem. every PDF created from word will be deleted because of PDF/Blacole virus.

          sounds like a false positive.

          how can i rollback the DAT file via EPO?

          • 2. Re: VSE 8.8 Malware Detection by Internet Downloads
            Corsar

            I got a Mail from McAfee for this issue:

             

             

            Good afternoon,

             

            There is currently a False detection within the DAT for PDF/Blacole-FAD! which is triggered by some.pdf files.

             

            Please find attached the Extra Dat to suppress the detections.

             

            The detection will be corrected in DAT release 7176 (tonight).

             

            For info how to work with the Extra.dat, please have a look at the following articles:

             

            How to apply an extra.DAT locally for VirusScan Enterprise 8.5i and later

            https://kc.mcafee.com/corporate/index?page=content&id=KB50642

             

            How to manually check-in and deploy an EXTRA.DAT through ePolicy Orchestrator 4.0

            https://kc.mcafee.com/corporate/index?page=content&id=KB52977

             

            How to manually check in and deploy an EXTRA.DAT through ePolicy Orchestrator 4.5

            https://kc.mcafee.com/corporate/index?page=content&id=KB67602

             

            Please test the Extra Dat first on a non-critical machine before deploying it through the environment.

             

            An ExtraDAT is a temporary detection file created by McAfee Labs to detect and remove threats that have not yet been added to the daily DAT files. You must apply an ExtraDAT to the infected system and any systems that could potentially be compromised. ExtraDATs automatically expire and are deleted when the extra detections are added to the daily DATs.

             

            IMPORTANT: An ExtraDAT is released with limited testing and is provided with the sole purpose of addressing a specific threat. McAfee recommends that when you have to deploy an ExtraDAT to more than a few nodes, that you test with a subset of these nodes by deploying the ExtraDAT to these systems, regardless of the method used for the deployment. After you have verified that there is no problem with the ExtraDAT, only then deploy it to all affected nodes.

             

            Kind regards

             

            Kor Krol

            EMEA Gold Business Support Malware Specialist / McAfee Support Threat Escalation Group

             

            00800 122 55624 – Corporate Support Telephone https://mysupport.mcafee.com/eservice – Corporate Support Website (ServicePortal)

             

            Keep up-to-date on your McAfee products! Subscribe to McAfee's Support Notification Service (SNS) to get timely technical info.

            Go to: http://my.mcafee.com/content/SNS_Subscription_Center

             

            The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any review, dissemination, distribution or copying is strictly prohibited. If you have received this email message in error, please notify the sender by reply email and delete the message and any attachments.

            • 3. Re: VSE 8.8 Malware Detection by Internet Downloads
              nofear123

              Hello,

               

              yes we also get this message by McAfee. Importing now the extradat. I will test if the fix is working correctly. Stay tuned!