1 2 Previous Next 19 Replies Latest reply on Dec 1, 2014 9:06 PM by epository

    When Will Mcafee VSE actually Acknowledge REGIN?


      Despite this laughable headline at McAfee Labs


      http://blogs.mcafee.com/mcafee-labs/intel-security-protecting-customers-takes-pr ecedence-seeking-headlines#comment-3872318


      At Intel Security, Protecting Customers Takes Precedence Over Seeking Headlines


      They obviously dont care much about us EPO admins who get called into meeting to address a threat making headlines around the world.


      Please please please McAfee ...issue some sort of statement on this so I dont walk into a meeting with just a pencil in my hand.


      sniff, sniff....smells a lot like McAfee clown response to Heartbleed.


      Not the way an Enterprise Solution behaves.

        • 1. Re: When Will Mcafee VSE actually Acknowledge REGIN?

          I do agree to some extend.

          I do miss communication from McAfee indeed to answer management that we are protected or not.  this information is in most cases not possible to find and it is an impossible task to create incidents for this who are in most cases answered with unsatisfied result.

          On the other hand I do understand McAfee that not communication about the protection is indeed protecting is more than just publish everything on the internet making it very interesting for hackers to change their behaviour.

          Maybye just an announcement that for instance "regin" is protected or not by what products is somewhere in between.

          We can answer management.  No information concerning the protection is released.

          • 2. Re: When Will Mcafee VSE actually Acknowledge REGIN?

            Malware is named differently by every anti-malware company but is this any help?  Look down to McAfee:  https://www.virustotal.com/en/file/b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e 3c23008399a4a50c047/analysis/


            The software protects against millions of different infections so they all can't be listed, especially in the blog.  I believe the answer is, they already have done so.

            • 3. Re: When Will Mcafee VSE actually Acknowledge REGIN?

              You're right

              But I also struggle like epository to find in an easy way if I have protection or not and what products (VSE DAT version, HIPS signature, cloud reputation level , ...)

              • 4. Re: When Will Mcafee VSE actually Acknowledge REGIN?

                Well, their release was on 11/26, so if it was released before my post..it was a close call..


                Secondly, their blog does address individual infections, especially when they are high-profile.


                My frustration is that they must know how high-profile this is, but do not even acknowledge it or post an expected date of remediation.


                As any Google search will show you, this has been reported on world-wide in both print and television media...so categorizing it as "just another virus" isn't really valid.

                1 of 1 people found this helpful
                • 5. Re: When Will Mcafee VSE actually Acknowledge REGIN?

                  How are we supposed to figure out if VSE addresses a specific threat?  No more DAT release notes, search engine at McAfee Threat Center is not showing anything for Regin...just seems weird we have to go to 3rd party sites like ThreatExpert or VirusTotal to find out if McAfee has a signature for a specific threat.



                  the DAT page no longer addresses specific malware anymore either as of Aug. 2014


                  SNS Weekly Roundup (August 14)



                  • Threat description pages will no longer list a “minimum DAT version” because there will no longer be a single DAT package available. Instead, they will include a ‘Protection From’ field that shows the date when McAfee originally offered protection for that threat.
                  • The DAT Release Notes page will be updated to show version information about the latest McAfee DATs only.  The remaining content on this page will be retired. Because of the way that anti-malware content is now authored and tested for V2 and V3 DATs, it is no longer possible to describe new and updated threat coverage information in a comprehensive and accurate fashion via DAT release notes.

                  So that kind of jacks things up as well.....even if you go to McAfee's Threat Center and attempt to look up a specific malware, it doesnt return anything for Regin despite its detection being named Regin!Sys

                  • 6. Re: When Will Mcafee VSE actually Acknowledge REGIN?

                    Ask the support portal for help.   I would imagine it's impossible to list all the infections covered.

                    • 7. Re: When Will Mcafee VSE actually Acknowledge REGIN?

                      For whatever hashes that have been publically posted, we've had detection as Regin!sys in the DAT files since March 2011.



                      1 of 1 people found this helpful
                      • 8. Re: When Will Mcafee VSE actually Acknowledge REGIN?

                        Thanks Vinoo ;-)

                        • 9. Re: When Will Mcafee VSE actually Acknowledge REGIN?

                          So....what is the real story here?


                          If McAfee has been detecting REGIN since 2011, why is Symantec getting so much press for finding an advanced possibly state-sponsored spyware threat?


                          Secondly, why, when I go to Mcafee's Threat Center, nothing comes up when I search for Regin?


                          Something is not adding up.....and, at the very least, the "search engine" feature of Mcafee Threat Intelligence center needs some work.


                          Vinoo, would you mind sharing what you searched for and where to find out that there were actual protections for this spyware from McAfee for at least 4 years?.


                          For instance, when I search for hash 744c07e886497f7b68f6f7fe57b7ab54 and limit search results for pre-2012, I get nothing.....


                          Same for hash ba7bb65634ce1e30c1e5415be3d1db1d

                          I do see that the link you posted, how you found it I have no idea, mentions that this description was modified yesterday.....so mind elaborating on exactly what it was detecting from 2011 up until 2 days ago?

                          Seems strange if these hashes were being detected by McAfee for several years, it would be documented somewhere.

                          1 2 Previous Next