Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
McAfee
McAfee LiveSafe 16.0 R28
Message
<blockquote data-quote="ForgottenSeer 89360" data-source="post: 911151"><p>The McAfee firewall incorrectly labels “discarded packets” as suspicious connections. Every incoming connection is subject to firewall rules and firewall might reject traffic, just like any other vendor does. However, McAfee then goes ahead and labels it “suspicious connection” which is more of “look how much we did for you” tactic, rather then protection.</p><p></p><p>As for the Web Advisor vs standard antivirus, McAfee has a very comprehensive reputation calculations. I don't know how it works, because they don't release this information to the public, however different products and components kick in at different score. Standard antivirus only deletes <strong><span style="color: rgb(184, 49, 47)">known malicious</span></strong> files already blacklisted/ described in definitions or performs data mining and sends this to the cloud. If file matches any of the machine learning models it will be labelled JTI/Suspect.<modelNumber>!<partialFileHash>. Sometimes it might simply be labelled "Suspect.<partialFileHash> meaning it looks malicious, but it can't be related to anything seen before. This is usually the case with brand new malware families.</p><p></p><p>Web Advisor (due to most risks coming from the web) & ENS go a step further and delete <strong><span style="color: rgb(251, 160, 38)">suspicious</span></strong> files. They have either been executed by "patient 0" and Real Protect has reported malicious behaviour, or McAfee's sandbox reported something. McAfee is already aware of the risk and file is on the queue for analysis: after some time it will be blacklisted and in few days definition will be released. File has not matched any machine learning model. This is usually the case with evasive malware, that was discovered some hours ago, as the data mining technique will extract "noise" from the file.</p><p>Suspicious files will be removed by Real Protect post-execution.</p><p></p><p>McAfee ENS, GW and others can be configured to go even further and delete unknown files.</p><p>I am not a fan of this to be frank, that's why I prefer ENS myself.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 89360, post: 911151"] The McAfee firewall incorrectly labels “discarded packets” as suspicious connections. Every incoming connection is subject to firewall rules and firewall might reject traffic, just like any other vendor does. However, McAfee then goes ahead and labels it “suspicious connection” which is more of “look how much we did for you” tactic, rather then protection. As for the Web Advisor vs standard antivirus, McAfee has a very comprehensive reputation calculations. I don't know how it works, because they don't release this information to the public, however different products and components kick in at different score. Standard antivirus only deletes [B][COLOR=rgb(184, 49, 47)]known malicious[/COLOR][/B] files already blacklisted/ described in definitions or performs data mining and sends this to the cloud. If file matches any of the machine learning models it will be labelled JTI/Suspect.<modelNumber>!<partialFileHash>. Sometimes it might simply be labelled "Suspect.<partialFileHash> meaning it looks malicious, but it can't be related to anything seen before. This is usually the case with brand new malware families. Web Advisor (due to most risks coming from the web) & ENS go a step further and delete [B][COLOR=rgb(251, 160, 38)]suspicious[/COLOR][/B] files. They have either been executed by "patient 0" and Real Protect has reported malicious behaviour, or McAfee's sandbox reported something. McAfee is already aware of the risk and file is on the queue for analysis: after some time it will be blacklisted and in few days definition will be released. File has not matched any machine learning model. This is usually the case with evasive malware, that was discovered some hours ago, as the data mining technique will extract "noise" from the file. Suspicious files will be removed by Real Protect post-execution. McAfee ENS, GW and others can be configured to go even further and delete unknown files. I am not a fan of this to be frank, that's why I prefer ENS myself. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
