McAfee Anti Virus V4.5.1 SP1

From: Mike (mjcarter_at_ihug.co.nz)
Date: 11/28/03

  • Next message: Corey Scott: "RE: filter ssl traffic" 
    To: <security-basics@securityfocus.com>
Date: Fri, 28 Nov 2003 19:02:20 +1300

    Hi All,
    I have a question and I can't get an answer from the vendor, their support
    is not free for this question.
    We have had 3 or 4 machines come up infected with Nachi today but the on
    access scanner didn't pick it up. Carrying out a full system scan did pick
    it up.

    I found the infected machines by going through Black Ice logs on my local
    machine that showed RPC scans and then connecting to the remote machine's
    C:\winnt\system32\wins directory and scanning the dllhost.exe and
    svchost.exe files.

    I don't have access to any kind of network scanner, our security policy
    doesn't allow me to use them (I'm just a field ops support person).

    Anyway... I'm trying to figure out why McAfee on access scanner isn't
    picking these files up but the full system scan is. There is no difference
    in the setup we have between on access or full scan.

    Everything is up to date, including the MS patch levels, but that's another
    story.

    Is there another variant that might be stopping the on access scanner ???

    Any ideas?

    Thanks

    Mike

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Corey Scott: "RE: filter ssl traffic"