1 2 3 Previous Next 25 Replies Latest reply on May 8, 2014 4:58 PM by Manish KS

    McAfee Threat Detection and Remediation Process ?

    jmaxwell

      Just throwing out a general question here regarding how the McAfee Threat Detection process is supposed to work - from a threat appearing out there on the web through to getting protection against it via a new DAT signature (for example) for McAfee AV.

       

      Anyone know what the general process is as I can't seem to find it documented anywhere ?

       

      Looking to see if anyone knows the formal process but also how members think it should work.

       

      I'm thinking about it from a couple of aspects  - looking to understand the "theory" which for me is along the lines of the process by which McAfee learns of new malware, analyzes the emerging threat, develops DATs etc. but also how that works in practice.

       

      So for example if someone out there develops a new piece of malware or a variant of an existing known malware (is the process any different in this case?) and a non-mcafee customer (for example) is attacked by it and discovers the cause to be an infected file that hasn't been picked up by their protection and then notifies their AV supplier - meanwhile the new threat gets detected in the wild and gets named "ScrewyerSystems2014" and is detected by someone - what happens from then on regarding McAfee customers getting protected and their ability to tell if they are protected against "ScrewyerSystems2014" because they've just read an online article on a security forum about the detection of this new threat and how serious it could be?

       


      Hoping for further discussion about certain aspects of the process as feedback comes in.

       

      Jim

        • 1. Re: McAfee Threat Detection and Remediation Process ?
          catdaddy

          By me being a McAfee Consumer myself. Should I experience such, I simply run the latest "Getsusp Tool", which can be found in the (2nd) link below my Signature. This is one method of sending "Suspicious Files" to McAfee Labs.

           

          In addition, please make certain you select "Preferences", and fill in your Email address, before running the scan. You should then receive a notification from McAfee that said detections, if any. Are being analyzed. Furthermore, given the appropiate amount of time for McAfee Labs to process. Record the (Work Item #) and post back the (Work Item id-#) and generally someone will do their best to further assist you.

           

          Just My personal Thoughts...

          All the very best,

          • 2. Re: McAfee Threat Detection and Remediation Process ?
            jmaxwell

            Thanks Cliff - I appreciate that should I actually encounter  a suspicious or infected file I can submit it to McAfee for analysis but I'm interested in the larger process as I don't want to wait to experience a problem before I get protection or even to wait until some other unfortunate McAfee customer hist an infected file before the process kicks off.

             

            Jim

            • 3. Re: McAfee Threat Detection and Remediation Process ?
              catdaddy

              Thanks Jim- I can certainly understand your thoughts.I guess I failed to mention, that in addition to my (weekly) scheduled scan, I generally run the Getsusp Tool as well, just in case my RTS for some reason missed it.

               

              Should it be the case that McAfee detected such as "Artemis!", then there is no need to send it via "Getsusp"

               

              For then I would use the other method of submittal, in regards to informing McAfee of such. If I feel that it was safe. Having said all this...I am in  full agreement with your statements.

               

              All the very best,

              • 4. Re: McAfee Threat Detection and Remediation Process ?
                Peter M

                To answer your original question.

                 

                The way McAfee Labs gather their knowledge and build their database is a trade secret I'm afraid so you wont find that sort of information anywhere.  They don't even tell us how they do things.

                 

                They also have methods for manual submission of suspicious files and for appealing incorrect diagnoses as do all major A/V software makers.

                 

                Sorry but that's about it  !!

                • 5. Re: McAfee Threat Detection and Remediation Process ?
                  jmaxwell

                  Thanks Cliff - I appreciate where you're coming from - I guess what I'm looking for is not so much how my AV supplier may "bale me out" in the event of an infection but more convincing me that they have adequate quality controld and processes in place to pick up new malware before it becomes an issue for me  - especially if it has already been reported in the wild.

                   

                  Additionally not all organisations will be able to use/depend on GTI type solutions.

                   

                  Jim

                  • 6. Re: McAfee Threat Detection and Remediation Process ?
                    jmaxwell

                    I sincerely hope that you are wrong Peter - by which I mean I'm (obviously?) not looking for "Trade Secrets" but an indication of the processes in place that are used to monitor emerging threats and respond to them appropriately.

                     

                    Surely that's not too  much to ask of your AV vendor - "how do you protect me from emerging threats and how can I easily tell if I'm protected against a threat I've seen mentioned ?"

                     

                    Jim

                    • 7. Re: McAfee Threat Detection and Remediation Process ?
                      Peter M

                      You can ask as you have done, and hope one of their staff answers here, but it's rare as these forums are mainly peer-to-peer support and I still think that discussion of their information gathering processes would not be fruitful.

                      • 8. Re: McAfee Threat Detection and Remediation Process ?
                        jmaxwell

                        Still interested in what others think the process involves or even how they think it should work.

                         

                        Obviously a response from McAfee would be possibky nore accurate and informative so no harm in asking.

                         

                        And at the end of the day it's nothing that a McAfee Salesman shouldn't expect to be asked I suppose by a prospective customer.

                         

                        Jim

                        • 9. Re: McAfee Threat Detection and Remediation Process ?
                          Peter M

                          Well these forums are really for discussion of McAfee products and problems people have with them and we are here to steer people in the best direction to obtain help with said products.  Esoteric discussions about what may or may not go on behind corporate doors is really just speculation and belongs perhaps in an independent forum, not one owned by Intel/McAfee.

                           

                          You wont be successful in eliciting any information on how McAfee works anywhere here.   In this insecure world where everyone is trying to cut each others' corporate throats, I doubt they would give anyone a 'guided tour' of what goes on behind the scenes.

                           

                          What is already published on the labs main page and associated links is all the information they are likely to give.  http://www.mcafee.com/us/mcafee-labs.aspx

                           

                          Sorry to be the voice of doom, but you know as much as I do about the subject, believe me.

                          1 2 3 Previous Next