Samker's Computer Forum - SCforum.info
Security Software Armory: => Anti-Virus (Security Suite) => Topic started by: haz on 09. March 2010., 11:48:00
-
Hello,
I use McAfee ePO 4.0 & VSE 8.5i to protect the network PCs -It wasn't me who chose to use it, its just the policy of the Mother Company- anyway; what is so good about McAfee ? Frankly (after about 1.5 years of deployment) I feel its not good enough, it happened several times that a PC is infected with a virus and McAfee (which is installed of course) doesnt detect it, I even had once to uninstall it, install a trial copy of kaspersky, remove the virus then reinstall McAfee after the trial period is finished ! I understand that no Anti-Virus is capable of detecting all the viruses out there, but still I believe it should do better for an "Enterprise" virus scanner.
So, Am I missing something ? is there a specific config that should be done ? I always use the "standard protection" while installing to allow the users to install / remove software without calling me every time ! O0
What do you think McAfee users?
-
McAfee VirusScan Enterprise is an innovative technology for PCs and servers. It proactively stops and removes malicious software, extends coverage against new security risks, and reduces the cost of responding to outbreaks. Enterprises cannot afford to wait for every threat to be identified and a signature file to be released. The time between attack and subsequent identification is critical, and the shorter, the better. It's better yet if your protection technology identifies new, unknown threats.
By blending advanced anti-virus, firewall, and intrusion prevention technologies, VirusScan Enterprise covers a broad range of threats. With advanced heuristics and generic detection it finds even new, unknown viruses, even hidden in compressed files. McAfee VirusScan Enterprise looks for exploits known to target Microsoft applications and services and will identify and block threats that take advantage of JavaScript and VisualBasic coding.
And since virus protection is only as good as its latest update, the McAfee VirusScan Enterprise database is updated daily with information from McAfee AvertĀ® Labs, one of the world's top threat research center.
I was copy this from here: http://www.mcafee.com/us/enterprise/products/system_security/servers/virusscan_enterprise.html (http://www.mcafee.com/us/enterprise/products/system_security/servers/virusscan_enterprise.html) and (what's more important) I can confirm this from my own experience.
I'm using VSE in combination with (old-good) McAfee Desktop Firewall for a years without any big problem, of course time to time I was experience some problem but almost all of them are caused if user doesn't care where they surf, if he look for some cracks, serials... and by mistake install some malware.
it happened several times that a PC is infected with a virus and McAfee (which is installed of course) doesnt detect it, I even had once to uninstall it, install a trial copy of kaspersky, remove the virus then reinstall McAfee after the trial period is finished ! I understand that no Anti-Virus is capable of detecting all the viruses out there, but still I believe it should do better for an "Enterprise" virus scanner.
Yes you got a right "no Anti-Virus is capable of detecting all the viruses out there" but in your place I'll rather try to make some investigation... which type of malware McAfee doesn't detect and how that malware get-in and spread across of your Company network?? Maybe you find some small "hole" in your protection or some user which cause all mess.
Of course every time when you find something bad and new, submit sample to to McAfee Labs ;) : http://vil.nai.com/vil/submit-sample.aspx (http://vil.nai.com/vil/submit-sample.aspx)
is there a specific config that should be done ?
If you want I'll help you with my suggestions, but please first think about reasons for network infection and if you still have data give me names of malwares which McAfee doesn't detect in specific situations...
P.S.
So sorry for my bad English. ;)
-
Thanks a lot Samker for your reply, I like the way McAfee manages the updates, its easy and smooth, also it did well detecting Conficker and preventing it from running before it was even known by preventing Buffer overflow the virus kept trying to do, but as I said, its those incidents when it was there on the machine but it couldnt detect the virus, this particular virus I mentioned ( the one I used kaspersky for ) came when one of the users downloaded a malicious file sent to him by messenger ( a user mistake ), but how can I pinpoint the infected files to send it to McAfee Labs ? I mean provided that the original downloaded file was deleted by the user ? the virus just spreads in the PC ! but I will keep a log of the detected malware to ask you about it.
If you can help me with any suggestions or "best practices" for deploying McAfee in the network i would be grateful :)
Thanks again
-
...users downloaded a malicious file sent to him by messenger ( a user mistake ), but how can I pinpoint the infected files...
...if you can help me with any suggestions or "best practices" for deploying McAfee in the network...
Most Messengers have possibility to scan downloaded files, for example in MSN that option is under Files Transfer / "scan files for viruses using" / for McAfee VSE you need to Browse this file: "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe".
Second thing (more important) is to turn-on Heuristic Scan and Scan for Compressed files:
(http://www.softpedia.com/screenshots/McAfee-VirusScan-Enterprise_10.png)
Next useful option is Unwanted Program Policy (turn-on all of them):
(http://www.softpedia.com/screenshots/McAfee-VirusScan-Enterprise_6.png)
And for the end, you can configure additional protection by Access Protection Properties. This one is especially useful "Prevent termination of McAfee processes" under Common Standard Protection. ;)
(http://www.softpedia.com/screenshots/McAfee-VirusScan-Enterprise_2.png)
Hope this will help you?
Do you have some additional question or anything else what I can do to help?
Best Regards,
S.
P.S.
For correct view of inserted screenshots, make a right click with mouse on every of them and choose "View Image" option. ;)
-
thank you very much for all informations
-
thx you very much i use mcafee
-
WOW ! I didnt know about these before ! Thanks a lot Samker :)
I think I can add these setting from the ePO Server without having to adjust them on every machine, right ? that will be very handy :) Thanks again
-
I think I can add these setting from the ePO Server without having to adjust them on every machine, right ?
You'll set this easy. ;)
cya around SCF,
S.
-
thank you. this program good.
-
How can you force custom settings from client machine, and not let EPO override them every time it checks for policies?
Thanks.
-
VSE is very good especially with the new anti-spyware module...if money is no object, i suggest he install KAV5 as primary on-access then custom install VSE as on-demand only... that way he'll have the best of both worlds...Maybe he should just get a double-engine AV and get the issue done with!
-
I totally Agree with Samker,
MC AV with MC Firewall, as long as it's set up properly "Access Protection" then you should find that even if something does attack the system it cant write itself anywhere or is allowed to run. i.e dont allow things to run from the TEMP directory!!
If you have a program that needs a temp space to write too then set one up dedicated to that program I used to have to do this all the time, I even locked the Temp Directory down to the program's .EXE in the early days and this allowed me to catch a couple of inderviduals looking to try and tunell through the network by running Putty type tools e.t.c from that Temp directory.
This was all befor we locked down Peripherals e.t.c so now I dont have to worry so much. : ) But like Samker said is someone trying to circumvent your security measure's e.t.c you really need to probe this more.
Take Samker's advice lock your system down properly and you should be fine, For a little extra protection get you company to pay for the SPYWARE module thats available for MC VirusScan, I have used it on both 8.5 and 8.7 with moderate success.
Long and Short of it, Nothing is 100%, Take a continual pro-active approach to your networks security by testing out other products in a "Test" Enviroment Inc things like Malware bytes - Im sure you can get a corp version???
Regards
HD
-
Yes. i liked that text above.Putty type tools?
I think, i need to study this tool!!
Thanx
-
Ha ha no probs Firebug, Check it out it's a great little tool and very versatile too!!
P.s - Check out the available Plugins for it Too!!
Enjoy!! ;D
-
I just like it because it's light weight and non-invasive like their home products. More importantly it works.
-
When I worked at a local Computer Service House we had tried almost every single AV product available then and MVSE topped them all - we got 10 to 20 infected computers a day from consumer and bussiness clients, most of them had tens of thousands infected items found and cleaned\deleted, McAfee VSE did the best job. However we had to use some anti-malware apps to further clean the systems afterwards. Have said, I would back McAfee with my 10 years expeirences in the IT field.
-
Yes, like what others said above I like that 'Access Protection' feature to prevent modifications to the system. But, my taste changed I no longer use McAfee VSE.
-
Nodoubt kaspersky is the best antivirus bitdefender,zonealarm,gdata are the other ones rest are just timepass so if you are purchasing go for these ones
No av is 100% secure as new threats keep on coming so you should use a security combination
a good internetsecurity
good antimalware cud be asquared or malwarebytes
link checkers like wot and norton safe web
and u can also use norton or sunbelt dns for added security
-
I have had great protection with 8.7i