8 Replies Latest reply on Dec 13, 2016 2:44 PM by catdaddy

    Not detecting malware with manual scan

    cavehomme1

      I have this weird but serious problem, not sure if it's related to earlier issues that I raised.

       

      Today I was going through a backlog of emails and there was one in my inbox that may have been from a client but I looked careful and guessed it's likely to be a scam and with a malware laden attachment. So from the Outlook 2016 client I carefully downloaded the attachment, without opening it, to my hard drive. McAfee did not kick in with any alert.

       

      So then I went to my download folder and then did a manual scan of the file. McAfee did not kick in with any alert, got a message saying no issues.

       

      I then uploaded the file to Virustotal and bang, half of the scanners INCLUDING McAfee detected the trojan!

       

      I decided to try another route. opening the same email account as webmail in IE11 and then downloaded the suspect file. This time Viruscan (rather than Webadvisor) kicked in and identified the threat.

       

      My main workflow is with Outlook and normally it isolates suspect attachments but this time it did not. This email was rom a client address and therefore I could easily have opened the attachment without thinking twice; fortunately it was the morning and I was alert. This is not an issueof whether McAfee detects or not, it's an issue of Viruscan detecting via one route but not via another plus not detecting it via a manual scan! This means 2 out of 3 vectors failed. I've run MVT and it reports all is good.

       

      I'm not going to report to the helpdesk because Level 1 (who coincidentally are normally very good) are likely to have me re-tracing steps and I'll end up wasting an hour or more. As I said, MVT says all is good with AV+ 2017.

       

      Has anyone else experienced this? Is this a known issue?

        • 1. Re: Not detecting malware with manual scan
          catdaddy

          cavehomme1,

                                     Have you opened your McAfee UI and check Navigation/Quarantined Items to see if there is a detection there? In addition to ease your mind, you can run Malwarebytes (Free) for a second opinion. This and other Superb Tools can be obtained from Here: Anti-Spyware/Malware & Hijacker Tools and they are all (Free).

           

          Hope this helps..

           

          CD

          • 3. Re: Not detecting malware with manual scan
            catdaddy

            cavehomme1,

                                          I was wondering if your issue has been resolved?

             

            Thank you,

            Cliff

            • 4. Re: Not detecting malware with manual scan
              cavehomme1

              Hi CD. Sorry for not updating earlier but I am unsure as to what to do next.

               

              I reported to Technical Support and sent them a Virustotal report of a sample of malware not detected by the manual scan, yet was detected by Webadvisor when malware downloaded from my webmail account rather than via Outlook client. McAfee under VT was also detecting it. Their reply was, eventually, that the malware is detected when executed, but not otherwise.

              ???!!!

              I did not have time to discuss this further with them, especially with someone with less than perfect English skills in India or wherever on that particular call. I think I understand them though...The malware is typically an MS Office file or pdf which has a macro. If and when the macro is executed then the next action is that it downloads the payload which is then executed and does the damage. So in itself, the trojan downloader Office file is not considered an immediate threat, until run. I don't personally agree, but that's what I think they were saying. The guys at Webroot told me something when I reported a similar non-detection on another PC.

               

              But I am puzzled, because as an idle threat, it is neverthless correctly detected by Webadvisor and VT, but not a manual scan. Of course I am not going to launch the payload and experiment....well, not until I get some time over Christmas to play with  virtual set up.

               

              Anyway, I am still left with the thought that this Viruscan situation is perhaps not intended, not by design, and that there is a fault in Virusscan which someone should be aware of and fixing, at least to be consistent with the other scans?

               

              (Updated with clarifications)

              • 5. Re: Not detecting malware with manual scan
                catdaddy

                cavehomme1,

                                             Thank you for your correspondence and concerns. Evidently you must have the 15.1 Version\Build. Which includes the New Scanning engine (LAM). Please know you are indeed protected, as the New Build will detect it , as you stated when the file is accessed.

                 

                                             You will also notice when performing a Scan, there will be notably less number of items scanned as well. The over-all changes in the Next Generation Scanning Engine enhances performance, without lacking proper protection.

                 

                                               In addition other layers of protection ( Web Advisor ) kicks in also, blocking and prompting you of a Possibly Unwanted\Dangerous Download.

                 

                                              In other words, rather than constantly scanning files on your system, which has a negative impact on your System. It now detects/protects you once a file deemed unsafe is accessed. Most Security Vendors have taken this approach as well.

                 

                                               I hope this helped...

                 

                Sincerely,

                Cliff

                1 of 1 people found this helpful
                • 6. Re: Not detecting malware with manual scan
                  cavehomme1

                  Thanks for the reassurance CD.

                  I am actually confused as to which version I have installed, or more specifically, despite downloading from my McAfee online account, different PCs each with Windows 10 appear to have different version numbers installed.

                  The one that I referred to, I can no longer check because I had to return the laptop for repair, but I think it was 15.1 and there were various .exe running that appeared to be the new lightweight ones.

                  Since then, on another laptop with McAfee AVP also installed freshly a couple of days ago, it's showing AVP as v 14.0 with Security Centre 15.0 and "Antivirus and Anti Spaware" v 19.0. I guess you were referring to the Security Centre version number?

                  How and when does it become updated to 15.1? Can I do it manually, if so, how?

                  • 7. Re: Not detecting malware with manual scan
                    Peacekeeper

                    It is being slowly added usually for new installs but not all. It will come to all when McAfee sure it is stable which as far as I see it is.

                    1 of 1 people found this helpful
                    • 8. Re: Not detecting malware with manual scan
                      catdaddy

                      Thanks PK   I seem to have missed it..