amoy
New User
Mar 17, 2006, 10:24 AM
Post #1 of 1
(2290 views)
Shortcut
|
|
McAfee - A serious error with a DAT file
|
Can't Post
|
|
McAfee recently had a serious error with a DAT file that mis-identified good files as viruses. Depending on your settings, if your server did an on-demand scan when that DAT file was active, you may have either quarantined or deleted important files. These lost files may not become apparent to you until your server next reboots, which may be when patches are next applied. You are strongly recommended to review the on-demand scan logs of your McAfee to ensure that you restore any quarantined or deleted files before you reboot your system.
The documentation detailing recommended configuration settings for McAfee are as follow. T
Locating the files that were deleted or quarantined by McAfee:
First, launch the VirusScan console:
Start -> Programs -> Network Associates -> VirusScan Console
Verify that the On-Access Scanner is enabled
If it is not then right click it and click "enable".
This will ensure that you do not open a virus by accident when trying to pull items out of the quarantine. This is a safety precaution though the possibility of a virus on your system is small.
Open the On-Demand Scan log file
Right click "Scan All Fixed Disks" and select "View Log"
Once you do this a text file will open up. This is the log file that VirusScan On-Demand scanner writes to. This file is organized by date and has four columns. The first column is the date of scan. The second column is the time that the file was scanned. The third column is the action that was performed on the file, which in most cases will say deleted or quarantined. The fourth column is the path to the file that the operation was performed on.
You want to page down to 3/10/2006
Depending on when you received the update, you will have to search the list for deleted and quarantined files. If incorrect files were deleted, it most likely occurred between March 10th and 12th.
Configuring McAfee VirusScan 7.1:
Overview
With McAfee VirusScan 7.1, we have to deal with the two ways VirusScan interfaces with the protected server. VirusScan also allows us to choose TWO methods of 'handling' viral activity. If the first method fails, VirusScan will try to perform the second.
VirusScan interfaces with the protected system using two methods: On Access and On Demand. The On Access Scan intervenes when any file or process on the protected server is accessed by either a process or user and checks to see if the file or process is viral. The On Demand Scan is the file system scanner that can be scheduled to look for latent viruses on the file system.
Configuring the On Access Scan parameters
First, launch the VirusScan console:
Start -> Programs -> Network Associates -> VirusScan Console
Right click on 'On-Access Scan' and select 'Properties'
In the left column, select the 'All Processes' icon
Select the 'Actions' tab
Configure the first action to 'Clean infected files automatically' and the second action to 'Move infected files to the quarantine folder'
Press 'Apply' to save the changes.
Press 'OK' to exit.
Configuring the On Demand Scan parameters
First, launch the VirusScan console:
Start -> Programs -> Network Associates -> VirusScan Console
Right click on 'Scan All Fixed Disks' and select 'Properties'
Select the 'Actions' tab
Configure the first action to 'Clean infected files' and the second action to 'Move infected files to a folder'
Configure the 'Folder' to:
C:\QUARANTINE\
Press 'Apply' to save the changes.
Press 'OK' to exit.
Configuring McAfee VirusScan 8.0:
Overview
With McAfee VirusScan 8.0, we have to deal with the two ways VirusScan interfaces with the protected server and a unique configuration relating to how it handles 'virus-like' activity. VirusScan also allows us to choose TWO methods of 'handling' viral activity. If the first method fails, VirusScan will try to perform the second method.
VirusScan interfaces with the protected system using two methods: On Access and On Demand. The On Access Scan intervenes when any file or process on the protected server is accessed by either process or user and checks to see if the file or process is viral. The On Demand Scan is the file system scanner that can be scheduled to look for latent viruses on the file system.
Configuring the On Access Scan parameters
First, launch the VirusScan console:
Start -> Programs -> Network Associates -> VirusScan Console
Right click on 'On-Access Scanner' and select 'Properties'
In the left column, select the 'General Settings' icon
Select the 'General' tab
Make sure the 'Quarantine Folder:' is set to:
\quarantine
In the left column, select the 'All Processes' icon
Select the 'Actions' tab
Configure the Primary Action to 'Clean files automatically' and the Secondary Action to 'Move files to a folder'
Select the 'Unwanted Programs' tab
Configure the Primary Action to 'Clean files automatically' and the Secondary Action to 'Move files to a folder'
Press 'Apply' to save the changes.
Press 'OK' to exit.
Configuring the On Demand Scan parameters:
First, launch the VirusScan console:
Start -> Programs -> Network Associates -> VirusScan Console
Right click on 'Scan All Fixed Disks' and select 'Properties'
Select the 'Actions' tab
Configure the Primary Action to 'Clean files' and the Secondary Action to 'Move files to a folder'
Configure the 'Move To Folder' to:
C:\QUARANTINE\
Select the 'Unwanted Programs' tab
Configure the Primary Action to 'Clean files' and the Secondary Action to 'Move files to a folder'
Press 'Apply' to save the changes.
Press 'OK' to exit.
|
MAIN
SEARCH
WHO'S 
LOG 
