ZeroAccess-FBI!A31AA84A91E0 threat is come under rootkit stealth trojan..I recommanded that remove the machien from network , reimage the machine and reset the user roaming profile/pwd.
Mcafee has updated this fix in 7177 DAT.
Does McAfee not handle Malware? I keep geting these email and then have to run malwarebytes to clean. I shouldn't need 2 product. Is there something I need to setup in EPO that I am missing in order for McAfee to clean these?
Some malware just cannot be (easily or automatically) removed.
We get a lot of these "Malware detected and not handled". Quite often, it's simply because the malware was detected (and blocked) on a CD or DVD and no antivirus can delete or fix a CD...
Then, there are the cases where the AV showed a warning to the user and the user clicked on "ignore" or just didn't click on "delete" or "repair"... so the AV and ePO are warning you (the ePO admin) that there was an issue.
As for solutions, we don't know how you've configured VSE (I suppose you use VSE as antivirus), you may want -- I know I wouldn't -- to configure VSE so it doesn't ask for permission before "fixing" an infection, then you'll probably see less of those "not handled".
But then, some infections cannot be fixed while the system is running...
Just a word of caution...Malwarebytes is NOT a good method to remove remnants of malware. We've done extensive testing in our malware lab and found the standard viruses usually modifies around 30ish registry entries. When running malwarebytes to "clean", malwarebytes would only remove about 8 of those entries. As mentioned by Ranz HAT, the best option is to remove from network and reimage.
Malwarebytes is the only thing that removes the problem. Again McAfee is not doing anything. I have been using Malwarebytes for years with no issues. I also use another program to fix the registry. I would like to use just 1 but McAfee just keeps reporting the Malware and cant do anything.
I am afraid I must agree with dcobes
I have found MB to be a liability in the Enterprise!
Whilst not being an expert with MB, I find that its lack of granularity does not help.
I have had instances where cosha applications have been trashed as a result of running it.
Usually down to Heuristic scans.
While Mcafee, with correctly configured exclusions via ePO Policy, it leaves them untouched.
As I have stated I would prefer to use just 1 product but McAfee does not seem to remove the malware. It just reports detected and not handled. If I need to configure something in EPO let me know.
Malwarebytes has been nothing but a life saver at this point for me. I have used it at all my job locations and I never had an issue with applications crashing or anything else. It removes the malware and the PC is back to normal. It is just frustrating when I get a bunch of Emails from EPO stating Malware detected and not handled.
If you're going to use just one tool to "fix" malware, then it should only be wiping the drive and re-imaging (while not a tool, it's a 100% full-proof method). You are never going to find a single product that will find and remove every piece of malware. If you find a company that advertises that, they are lying. Malware changes too much and too often for anyone technology to "fix" every piece of malware. Now, in your case for the pieces being detected and not handled you'd have to do some detective work on the systems to determine why it wasn't removed. OR Try and obtain a sample of the malware and submit it McAfee Labs stating McAfee is not able to remove it. They will usually turnaround within 24 horus - 5 business days a new extradat which will resolve the issue.
In addition, to what Jonesthemilk was saying regarding Malwarebytes crashing applications...If you read every detection that malwarebytes says it's removing, I can guarantee you will find at least one false-positive that your customer's systems needs. When I've run this before, Malwarebytes wanted to remove serveral registry settings we use for basic applications. Also, if you are using it in an enterprise environment, it goes against the EULA (not that they'd know, but just thought I'd put that out there)
Our environment also suffers from this issue and we grab samples of what we can to submit, but our goto process is currently wipe & re-image. I'm developing a tool I'll later share in the tool exchange to perform log and sample extraction to automate the gathering of data for submissions to mcafee labs.
I know it's not the answer you were probably hoping for, but know you aren't the only one suffering.
I would say that at least VirusScan is detecting it and letting you know it cannot handle it. Not many others admit that. It is unlikely to be a day zero infection and more than likely an heuristic detection or actually located on an inaccessible drive as previously mentioned.
After such a notification, Our process is to track down a sample and a) submit to McAfee and b) VirusTotal.com where 45+ different vendors scan engines will also check it out. Finally, we trash the machine and re-build anyway, if the results indicate an infection.