Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
587 Views 3 Replies Latest reply: Aug 23, 2013 8:09 AM by nofear123 RSS
nofear123 Newcomer 21 posts since
Nov 28, 2007
Currently Being Moderated

Aug 23, 2013 3:32 AM

VSE 8.8 Malware Detection by Internet Downloads

Hello Community,

 

we have a strange behaviour by VSE 8.8. Someone downloaded a private PDF File from a Freemail Provider to his desktop.

One day later our regular on demand scan started and showed that the file was infected with PDF/Blacole. The file was directly deleted.

Our VSE 8.8 is max. setted to security, all files are scanned, heuristic, macros, compress files are actived and so on...

We have no exclusions.

Why VSE did not found the infected file when downloading the file to desktop?

Does VSE 8.8 doesn´t scan file coming from the internet downloads?

 

Does anyone have an idea?

  • martin.poth Newcomer 1 posts since
    Aug 23, 2013
    Currently Being Moderated
    1. Aug 23, 2013 7:21 AM (in response to nofear123)
    Re: VSE 8.8 Malware Detection by Internet Downloads

    i have the same problem. every PDF created from word will be deleted because of PDF/Blacole virus.

    sounds like a false positive.

    how can i rollback the DAT file via EPO?

  • Corsar Newcomer 10 posts since
    Mar 12, 2008
    Currently Being Moderated
    2. Aug 23, 2013 8:07 AM (in response to nofear123)
    Re: VSE 8.8 Malware Detection by Internet Downloads

    I got a Mail from McAfee for this issue:

     

     

    Good afternoon,

     

    There is currently a False detection within the DAT for PDF/Blacole-FAD! which is triggered by some.pdf files.

     

    Please find attached the Extra Dat to suppress the detections.

     

    The detection will be corrected in DAT release 7176 (tonight).

     

    For info how to work with the Extra.dat, please have a look at the following articles:

     

    How to apply an extra.DAT locally for VirusScan Enterprise 8.5i and later

    https://kc.mcafee.com/corporate/index?page=content&id=KB50642

     

    How to manually check-in and deploy an EXTRA.DAT through ePolicy Orchestrator 4.0

    https://kc.mcafee.com/corporate/index?page=content&id=KB52977

     

    How to manually check in and deploy an EXTRA.DAT through ePolicy Orchestrator 4.5

    https://kc.mcafee.com/corporate/index?page=content&id=KB67602

     

    Please test the Extra Dat first on a non-critical machine before deploying it through the environment.

     

    An ExtraDAT is a temporary detection file created by McAfee Labs to detect and remove threats that have not yet been added to the daily DAT files. You must apply an ExtraDAT to the infected system and any systems that could potentially be compromised. ExtraDATs automatically expire and are deleted when the extra detections are added to the daily DATs.

     

    IMPORTANT: An ExtraDAT is released with limited testing and is provided with the sole purpose of addressing a specific threat. McAfee recommends that when you have to deploy an ExtraDAT to more than a few nodes, that you test with a subset of these nodes by deploying the ExtraDAT to these systems, regardless of the method used for the deployment. After you have verified that there is no problem with the ExtraDAT, only then deploy it to all affected nodes.

     

    Kind regards

     

    Kor Krol

    EMEA Gold Business Support Malware Specialist / McAfee Support Threat Escalation Group

     

    00800 122 55624 – Corporate Support Telephone https://mysupport.mcafee.com/eservice – Corporate Support Website (ServicePortal)

     

    Keep up-to-date on your McAfee products! Subscribe to McAfee's Support Notification Service (SNS) to get timely technical info.

    Go to: http://my.mcafee.com/content/SNS_Subscription_Center

     

    The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any review, dissemination, distribution or copying is strictly prohibited. If you have received this email message in error, please notify the sender by reply email and delete the message and any attachments.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points