F
Quick Play with McAfee
- Thread starter Trident
- Start date
Just download the new installer through your McAfee Account, if you install this one, you have the newest version.I'm still on 1.33, I've obviously upset someone, (this happens often so used to it)
- Dec 4, 2014
- 3,504
- 1
- 19,047
- 4,479
- 52
That doesn't work for me. I'm still on 1.33.
Oh, haha thats the tip i heard from @Trident
It worked 3-4 times for me…
Seems to be working for the users on kafan forum too.
- Dec 4, 2014
- 3,504
- 1
- 19,047
- 4,479
- 52
I just booted my PC with McAfee installed and checked for updates, and I got the 1.34 update.
Oh yeah, I’ve long worked them out.
Anything in particular that you are curious about?
Like a guide. For example, if a file has been detected and you open the log to check it, using the guide you can break down and see the overall picture of the detection
There is no really guide that can be created, there are many engines and every engine has offline and online verdict. You will probably need to read this 3-4 times.Like a guide. For example, if a file has been detected and you open the log to check it, using the guide you can break down and see the overall picture of the detection
All the engines are linked to a fusion framework. This fusion framework although patented decision matrix, follows widely adopted understandings:
Every detection that is machine validated for false positives -> strong classifier.
Every detection that cannot be so thoroughly tested (this is ML/AI) -> weak classifier.
So all engines are executed on all files. Each one of the engines returns verdict. Several engines take into account the reputation of the certificates/signatures (all of them) and the reputation of the URL when the file is downloaded.
This alters the verdict they produce.
You then need to look in the json where it says final detection source. This is the engine whose verdict McAfee considered more reliable.
The engines are:
HTI (heuristic threat intelligence). This is the Artemis/JTI that uses mixture of reputation and heuristic. E.g low reputation file in user space used to be 196612 heuristic. The boolean conditions of this heuristic will not be met if the file was in C:/Windows or it had favourable rating. Obviously it’s not one rule, the list of rules used to be readable in the legacy version and there were hundreds of rules.
The most confusing part is HTI is listed as separate entity, but then every engine in this decision matrix has offline and HTI column. Likely, after every engine findings, HTI goes and looks for any rules matched. Without these rules confidence is x, if there is a match m, confidence is X + now the new value of Y.
Example: real protect static outputs confidence of 4. HTI contains rules that look for executables with low reputation, suspiciously modified timestamps, located in user space. The HTI value of the Real Protect Static engine is now higher.
Trust dat: this is local repository of rules and other data that allow McAfee to determine the trust level of a file when the cloud doesn’t have enough information.
Then you’ve got the quick winners:
AV: these are highly optimised generic detections that target very prevalent malware families significant enough to get profiles + generic tactics and techniques.
Neo: this is your in-memory sandbox emulator based on heuristics that also look for generic malicious behaviour. Based on the matched indicators, neo outputs different score.
Signature: McAfee no longer does signatures, they do Yara rules. Yara rules have quality level based on the noise they generate. This affects the final score (0-50).
Rp-s(tatic): this is the Real Protect static analysis, which is local but when the local model is in doubt, it consults the cloud one. This has been the case since Real Protect was introduced.
Then we come to the behavioural detections:
RP-fileless: this is the model that deals with fileless malware.
Cache: this is the database that McAfee uses to write the process actions
RP-d(ynamic): this is the core behavioural blocking.
It’s a very complex decision matrix and the JSON format doesn’t help.
I suggest you paste the log on AI and ask it to build a nice table.
Last edited:
I reinstalled McAfee on fresh Windows a few days ago. I think I just encountered the AI-generated threat description for the first time.
I have to admit I am not hating that, it is quite unique.
Mitre ATT&CK for beginners.
Yeah, but the description is not there yet... same for me. I've got this screen but no description generated as of yet.
R1.135.147.1 Released. The neo engine enables the trust library.
Last edited:
R1.135.148.1 Released. Finally, it switched to the dark theme, but the white bar remained at the top of the app.
@Sunqfu thanks for posting, I just did a manual update and now have dark mode. It adjusts to your Windows theme, as I didn't see an additional setting for it. And since McAfee has minimal settings, that falls in line with its "set it and forget it", approach.
The update needed the app restart, but didn't need a Windows restart.
The update needed the app restart, but didn't need a Windows restart.
Both McAfee and I in my projects use Web View hahah
The launch speed of mine is a bit more optimised, I spent over 12 hours optimising it.
McAfee needs to recompile their UI to .net 10 which eventually will happen soon.
Is the white line a reminder that it was once a white app
LOL, it's baby steps my friend, baby steps, we're not talking about the depth and quality of the Eset or Kaspersky UIIs the white line a reminder that it was once a white app
You may also like...
-
-
McAfee Protection (Plus Plans, Total Protection, LiveSafe)
- Started by Trident
- Replies: 413
-
Deep Research: McAfee GTI, JTI, Artemis and Other Technologies Explained
- Started by Trident
- Replies: 2
-
Best Paid Antivirus in Late 2025 – Norton, Bitdefender, or What?- Started by Bot
- Replies: 63
-
Testing Orion Malware Cleaner Designed by Me
- Started by Trident
- Replies: 8