Security Basics mailing list archives
RE: McAfee Anti Virus V4.5.1 SP1
From: LordInfidel <LordInfidel () Directionweb com>
Date: Sat, 29 Nov 2003 11:17:25 -0500
I'm going with the misconfiguration. In it's default install state, NAI's AV will not do the trick. Just enabling the system scan is not enough, in fact the system scan is worthless when it comes to picking up incoming viruses. For that you need to set the following. 1. E-mail scan (corporate if you are running group ware, Internet for pop/imap) a. I enable both. It gives you more options. b. Scan all atachments and compressed files c. Advanced 1. enable heuristics 2. enable macro and program file heuristics 2. Download Scan a. All files b. compressed files c. Advacned (same as above) 3. Internet filter a. Check all 5 boxes. (although the filters are purely optional) Also set your automatic updates to daily and enable randomization -----Original Message----- From: Mike [mailto:mjcarter () ihug co nz] Sent: Friday, November 28, 2003 1:02 AM To: security-basics () securityfocus com Subject: McAfee Anti Virus V4.5.1 SP1 Hi All, I have a question and I can't get an answer from the vendor, their support is not free for this question. We have had 3 or 4 machines come up infected with Nachi today but the on access scanner didn't pick it up. Carrying out a full system scan did pick it up. I found the infected machines by going through Black Ice logs on my local machine that showed RPC scans and then connecting to the remote machine's C:\winnt\system32\wins directory and scanning the dllhost.exe and svchost.exe files. I don't have access to any kind of network scanner, our security policy doesn't allow me to use them (I'm just a field ops support person). Anyway... I'm trying to figure out why McAfee on access scanner isn't picking these files up but the full system scan is. There is no difference in the setup we have between on access or full scan. Everything is up to date, including the MS patch levels, but that's another story. Is there another variant that might be stopping the on access scanner ??? Any ideas? Thanks Mike --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: McAfee Anti Virus V4.5.1 SP1 LordInfidel (Dec 01)
- <Possible follow-ups>
- RE: McAfee Anti Virus V4.5.1 SP1 David Gillett (Dec 03)