Just noticed that McAfee is one of the companies subscribed to Kaspersky Threat Intelligence Feeds. That explains a lot!
McAfee Protection (Plus Plans, Total Protection, LiveSafe)
- Thread starter Trident
- Start date
- Featured
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
More like CIA+KGB alliance....same goes for AV intel sharing
No, they are a customer, these are paid feeds. Any alliances between CIA, KGB and so on would be for internal governmental projects. McAfee is not gonna get this intelligence.
I see. So McAfee gets some intel from Kaspersky but Kaspersky does not get any feeds from McAfee. No sharing or some sort of collaboration.
I'm thinking McAfee needs intel for the Russian Speaking/Writing world and the underground. Instead of reinventing the wheel and doing it themselves, just subscribe to K.
@Trident Thank you very much for the article and the topic you created on the McAfee Protection (Plus Plans, Total Protection, LiveSafe) The article is objective and very clear. I admit that I've loved McAfee in all respects since I started using it on the first day, it's very efficient, super light on resources, doesn't consume a lot of ram or CPU and without bloatware, without beating around the bush, it detects the threat and neutralises it automatically. These types of topics need to be posted a lot here on the forum, it fills an empty space here, bringing a lot of valuable information to MT members. 
F
ForgottenSeer 116559
I was not only convinced of McAfee's virtues because of my overall smooth and pleasant personal experience with Total Protection 2025, but also the truly impressive scope of McAfee Global Threat Intelligence. According to their descriptions, GTI collects data from millions of endpoints worldwide: billions of sensors across devices, networks, and cloud environments. They process petabytes of threat data daily. McAfee Labs' 2023 Threat Predictions stated that they track over 1 billion malware samples annually. Finally, this extraordinary network operates across 120+ countries for thoroughly global reach of intelligence.
- May 26, 2014
- 1,389
- 9,387
- 2,288
Very interesting, could you share the link that has this info? I am curious to see how many clients Kaspersky has with this service that by all means should be a top tier feed.
Kaspersky Cyber Threat Intelligence Services | Kaspersky
Kaspersky Threat Intelligence services supply rich and meaningful context across the entire incident management cycle and in-depth visibility into cyberthreats targeting your organization. Get support from the world-leading threat intelligence analysts.
In addition to offering lookups through Restful API, the intelligence is also offered as hashes in JSON format. Fortrinet also seems to be subscribed to ESET feeds as a lot of detection names seem to be similar to ESET.
Thanks for your message.
Just a clarification: McAfee is not a subscriber. That information means that their technologies can use Kaspersky Threat Data Feeds integrated in their SIEM - SOAR products to improve their detection capabilities.
Decoding the McAfee detections and how exactly they are produced. Demistifying the antivirus log.
McAfee uses multi-dimensional malware analysis where a bunch of engines all analyse a file and return a verdict. The overall verdict is then combined.
Here are a few examples.
Example 3: Signed malware (Signature by Valve, issuer DigiCert).
McAfee uses multi-dimensional malware analysis where a bunch of engines all analyse a file and return a verdict. The overall verdict is then combined.
Here are a few examples.
| Field | Value |
| Timestamp | 2025-07-26T14:48:40.237Z |
| Action Taken |  Infection Quarantined |
| Detection Name | ti!9CEF965A2154 |
| Malicious File (Target) | C:\Users\user\AppData\Roaming\win32lic\win32lic.exe |
| Initiating Process | powershell.exe |
| SHA256 Hash | 9cef965a21542636597c702b37147cc63a3cdc67baf5cfe5036618190e130cf0 |
| Detection Source | File Reputation | HTI Reputation |
| hti | 4 | 4 <- online reputation reports the file as malicious |
| cache | 0 | 0 <- nothing in cache, as detections are cached only once they occur, not before that |
| uwp | 0 | 0 <- not a UWP app |
| signature | 0 | 50 <- picked up by a Yara rule |
| trust-dat | 4 | 4 <- file is untrusted |
| rp-s | 4 | 4 <- minor tweaks to the final score. RealProtect static analysis deems the file suspicious |
| av | 0 | 1 <- these verdicts are minor tweaks to the final score |
| neo | 0 | 1 <- minor tweaks to the final score |
| Field | Value |
| Timestamp | 2025-07-26T14:44:02.718Z |
| Action Taken | Infection Quarantined |
| File Path | C:\Program Files\RunTime\RuntimeBroker.exe |
| SHA256 Hash | 84dafe1119847505f10f7459efef60d5d0a77df39ee810d12c8bd4865b1c8960 |
| Detection Source | File Reputation | HTI Reputation |
| hti | 2 | 2 <- suspicious file |
| cache | 0 | 0 <- again, nothing cached |
| uwp | 0 | 0 |
| signature | 0 | 50 <- picked by a Yara rule |
| trust-dat | 2 | 2 <- the file is not trusted |
| rp-s | 2 | 2 <- Real Protect Static analysis doesn’t like the file |
| av | 0 | 50 < there was a standard AV Generic detection |
| neo | 0 | 50 <- neo detected the malware |
Example 3: Signed malware (Signature by Valve, issuer DigiCert).
| Field | Value |
| Timestamp | 2025-07-26 at 4:16:05 PM BST |
| Action Taken | Infection Quarantined |
| File Path | C:\Users\user\Downloads\...\7bd7a1...exe |
| SHA256 Hash | 7bd7a1e25b131a3a1fb8cc36f763259ea956468eedf410bf670cd095c0d34ab1 |
| Detection Source | File Reputation | HTI Reputation |
| hti | 2 | 2 <- not trusted but suspicious |
| cache | 0 | 0 |
| uwp | 0 | 0 |
| signature | 0 | 50 <- picked up by a Yara rule |
| trust-dat | 2 | 2 <- not trusted |
| rp-s | 2 | 2 <- not reported as safe by static analysis |
| av | 0 | 50 <- there is a generic detection |
| neo | 0 | 50 <- Neo identifies via heuristics |
Another instance, VBE file with relatively low VT 11/61, of which some detections are by engines that typically detect everything uploaded as malware (Google, looking at you).
| Field | Value |
| Timestamp | 2025-07-26 at 4:36:27 PM BST |
| Action Taken | Infection Quarantined |
| File Path | C:\Users\user\Downloads\...\30f1ac...vbe |
| SHA256 Hash | 30f1ac88eeef485cb4ca647cccfb8f5c827e6309a4c106a6615702e2c32c6ded |
| Detection Source | File Reputation | HTI Reputation |
| hti | 15 | 15 <- this previously returned lower scores, here, it looks like the file is not on the wanted, but on the most wanted list. Probably a widespread malware that McAfee is tracking actively. |
| cache | 0 | 0 |
| uwp | 0 | 0 |
| signature | 0 | 0 <- No Yara rule |
| rp-s | 0 | 0 |
| av | 0 | 50 <- generic detection |
| neo | 0 | 1 Neo emulation returns very minor confidence that the file is malicious, perhaps it detected and attempted to evade emulation |
I've been using McAfee for the past 4 months, but now I feel more secure using Norton. But both products are very light.
I am at least and I know Digmor is a big fan
Yup.I am at least and I know Digmor is a big fan
I am not here to support fanboyism and truly don't care who's a fan or not a fan of what.
Anyway, this thread is for tests (not for people who are hurt because the thread is not about MalwareBytes appraisal) so let's get to the tests, shall we?
Another bunch of low VT files, assassinated by McAfee.
Anyway, this thread is for tests (not for people who are hurt because the thread is not about MalwareBytes appraisal) so let's get to the tests, shall we?
Another bunch of low VT files, assassinated by McAfee.
| Field | Value | ||||
| Timestamp | 2025-07-29 at 10:26:33 PM BST | ||||
| Action Taken | Infection Quarantined | ||||
| Target | C:\Users\user\Downloads\...\172f10...bat | ||||
| Initiator | explorer.exe | ||||
| Detection Name | Trojan:Script/ObfuBAT.EOFF | ||||
| SHA256 Hash | 172f10d6d541ebda465da45badd31e32ad325a8399e2ecbe4ff64e32da481222 | ||||
| TLSH | Not Provided | ||||
| Key Engines | signature (50), trust-dat (50), av (50), hti (25) |
| Field | Value | ||||
| Timestamp | 2025-07-29 at 10:23:35 PM BST | ||||
| Action Taken | Infection Quarantined | ||||
| Target | C:\Users\user\Downloads\...\761af9...js | ||||
| Detection Name | ti!761AF9448AED | ||||
| SHA256 Hash | 761af9448aedaf83e539e45fb8f9f3eefe84bbff59131397f8990f7b2adf9fa6 | ||||
| TLSH | Not Provided | ||||
| Key Engines | signature (50), av (50), neo (50) |
| Field | Value | ||||
| Timestamp | 2025-07-29 at 10:17:33 PM BST | ||||
| Action Taken | Infection Quarantined | ||||
| Target | C:\Users\user\AppData\LocalLow\...\kpbec.ps1 | ||||
| Detection Name | Trojan:Script/SuspiciousPowershell.O!1 | ||||
| SHA256 Hash | e055cf8142d621a2db4efab9abe68bc8ef3a77ac159800c38e47c41b952c5c79 | ||||
| TLSH | Not Provided | ||||
| Engines | signature (50), rp-fileless (50), av (50) |
Please help me! I bought McAfee Total Protection. It includes Scam Detector. But why is this all I see on my Windows PC?I am not here to support fanboyism and truly don't care who's a fan or not a fan of what.
Anyway, this thread is for tests (not for people who are hurt because the thread is not about MalwareBytes appraisal) so let's get to the tests, shall we?
Another bunch of low VT files, assassinated by McAfee.
Field Value Timestamp 2025-07-29 at 10:26:33 PM BST Action Taken Target C:\Users\user\Downloads\...\172f10...bat Initiator explorer.exe Detection Name Trojan:Script/ObfuBAT.EOFF SHA256 Hash 172f10d6d541ebda465da45badd31e32ad325a8399e2ecbe4ff64e32da481222 TLSH Not Provided Key Engines signature (50), trust-dat (50), av (50), hti (25)
Field Value Timestamp 2025-07-29 at 10:23:35 PM BST Action Taken Target C:\Users\user\Downloads\...\761af9...js Detection Name ti!761AF9448AED SHA256 Hash 761af9448aedaf83e539e45fb8f9f3eefe84bbff59131397f8990f7b2adf9fa6 TLSH Not Provided Key Engines signature (50), av (50), neo (50)
Field Value Timestamp 2025-07-29 at 10:17:33 PM BST Action Taken Target C:\Users\user\AppData\LocalLow\...\kpbec.ps1 Detection Name Trojan:Script/SuspiciousPowershell.O!1 SHA256 Hash e055cf8142d621a2db4efab9abe68bc8ef3a77ac159800c38e47c41b952c5c79 TLSH Not Provided Engines signature (50), rp-fileless (50), av (50)
What I marked in red is Scam Detector. That's all I can see. No email, nothing like what you have. Why is that? Does that mean the service isn't working? Or what's the problem?
Attachments
You are looking on the main console. You need to open protection.mcafee.com
Also, it’s not available in all regions/languages.
You may also like...
-
-
[Closed] Trojan:MSIL/Malgent!MSR in infinitedocsapp.exe
- Started by pt11
- Replies: 5
-
McAfee Total Protection 1 Device 4 Year €14.99- Started by Brownie2019
- Replies: 0
-
McAfee Total Protection 10-Device 2025 | 15-Months
- Started by Brownie2019
- Replies: 2
-
