Re: McAfee Anti Virus V4.5.1 SP1

• Previous message: Giancarlo Ballestracci - IT & Technical Support: "Possible worm infection or something else?"
• In reply to: Mike: "McAfee Anti Virus V4.5.1 SP1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <security-basics@securityfocus.com>
Date: Fri, 28 Nov 2003 13:37:08 -0500

not to sound full of myself, but i think everyone replying to this is wrong.
i dont know the EXACT reason as to why this is happening. however, i
encountered the same problem back when the slammer worm was going around. i
had norton on my machine actually and black ice at the same time. my
machine would appear to be toally clean except my black ice .log files which
would say they were infected with the SQL slammer virus. seeing that this
is impossible unless the code was injected into the log, i quickly convinced
myself that it was an uncooparable pair of programs working together, and
later removed black ice, and got a REAL firewal (hardware). anyway i hope
that answers your question, or atleast relieves you.
_LC-
----- Original Message -----
From: "Mike" <mjcarter@ihug.co.nz>
To: <security-basics@securityfocus.com>
Sent: Friday, November 28, 2003 1:02 AM
Subject: McAfee Anti Virus V4.5.1 SP1

> Hi All,
> I have a question and I can't get an answer from the vendor, their
support
> is not free for this question.
> We have had 3 or 4 machines come up infected with Nachi today but the on
> access scanner didn't pick it up. Carrying out a full system scan did pick
> it up.
>
> I found the infected machines by going through Black Ice logs on my local
> machine that showed RPC scans and then connecting to the remote machine's
> C:\winnt\system32\wins directory and scanning the dllhost.exe and
> svchost.exe files.
>
> I don't have access to any kind of network scanner, our security policy
> doesn't allow me to use them (I'm just a field ops support person).
>
> Anyway... I'm trying to figure out why McAfee on access scanner isn't
> picking these files up but the full system scan is. There is no difference
> in the setup we have between on access or full scan.
>
> Everything is up to date, including the MS patch levels, but that's
another
> story.
>
> Is there another variant that might be stopping the on access scanner ???
>
> Any ideas?
>
> Thanks
>
> Mike
>
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------

--
>
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Giancarlo Ballestracci - IT & Technical Support: "Possible worm infection or something else?"
• In reply to: Mike: "McAfee Anti Virus V4.5.1 SP1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]