Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
0
Helpful
2
Replies

McAfee DAT 4715 false positives and CSA

astroman
Level 1
Level 1

‎03-13-2006 07:21 AM - edited ‎03-09-2019 02:14 PM

Has anyone seen or heard of the effects that the McAfee DAT 4715? Was anyone running CSA - and if so, how did it respond? I'm anxious to find out if CSA would have stopped this behavior...

http://isc.sans.org/

Labels:
0 Helpful
2 Replies 2

smalkeric
Level 6
Level 6

‎03-17-2006 07:37 AM

To the best of my knowledge, the 4.5 system replaces the network worm heuristic with a user-configurable rule module. You can configure this worm rule module to display a query popup, a straight deny, or an allow.

Note: These options are similar to other configurable rule types

http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_qanda_item09186a008049ad72.shtml#qa12

0 Helpful

tsteger1
Level 8
Level 8

‎03-20-2006 11:34 AM

CSA would have stopped it only if you didn't allow deletion or renaming of the affected files (and how would you have guessed that ahead of time?).

We allow our AV software unrestricted access to all files so we would have been affected had we not switched from McAfee to another vendor last November.

Whew...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents