Loading...
Skip to content
 
Urgent Announcement

McAfee is receiving multiple reports of modified Petya ransomware variants. McAfee Labs is receiving various samples which are in analysis, and can confirm that McAfee Global Threat Intelligence (GTI) is protecting against current known samples at the low setting.

  • Extensions currently known as being affected are:  .3ds, .7z, .accdb, .ai, .asp, .aspx, .avhd, .back, .bak, .c, .cfg, .conf, .cpp, .cs, .ctl, .dbf, .disk, .djvu, .doc, .docx, .dwg, .eml, .fdb, .gz, .h, .hdd, .kdbx, .mail, .mdb, .msg, .nrg, .ora, .ost, .ova, .ovf, .pdf, .php, .pmf, .ppt, .pptx, .pst, .pvi, .py, .pyc, .rar, .rtf, .sln, .sql, .tar, .vbox, .vbs, .vcb, .vdi, .vfd, .vmc, .vmdk, .vmsd, .vmx, .vsdx, .vsv, .work, .xls, .xlsx, .xvd, .zip
  • We have confirmed with the samples that SMB is being used as a propogation method, and are aware of reports that RDP may also be used but have yet to confirm this.
  • After encryption, impacted systems may show a ransom screen and suggest a system reboot after which the system will not be accessible.

McAfee has released an Extra.DAT to include coverage for this threat — it is attached to KB89540.

 

Continuing Information

McAfee will continue to post more information in Knowledge Base article KB89540 (https://kc.mcafee.com/corporate/index?page=content&id=KB89540) as available.

To receive information about McAfee product updates, sign up for the Support Notification Service (SNS) at https://sns.secure.mcafee.com/signup_login

Knowledge Center

Begin your search by entering a search term or a product. Entering both may provide more relevant search results. Search Tips
Reset|Share This Search
Search Results Feedback »
Collapse Pane
Sort By:
Sort By:
Technical Article
This is caused by missing or deleted files located in /var/tmp/.msgbus on non-Windows machines. Confirm the issue by checking the contents of /var/tmp/.msgbus - if there are no files present in this location, this article likely applies.. McAfee
Last Modified Date:12/10/2015
Technical Article
During Agent to ePO server communications, the Agent sends a set of properties collected from the client operating system and any point products that are installed. These errors occur if one of these properties is invalid or malformed.. McAfee Agent
Last Modified Date:11/9/2016
Technical Article
This issue exists only when too much privilege has been granted to an account that is used to retrieve McAfee product updates from UNC shares and other update sites.. McAfee Agent 5.x, 4.x McAfee ePolicy Orchestrator 5.x McAfee VirusScan Enterprise
Last Modified Date:4/7/2017
Technical Article
Some or all configurations with Microsoft Direct Access do not allow communication using IPv4. When MA attempts to communicate with ePolicy Orchestrator (ePO), it may first attempt to connect using the IPv4 address of the ePO server and then fail
Last Modified Date:2/29/2016
Technical Article
McAfee Agent (MA) 4.8. This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release or if additional
Last Modified Date:4/8/2017
Technical Article
McAfee Agent (MA) 4.8. MA can delay the Windows shutdown process if the Run at every policy enforcement option in the client tasks is enabled.. MA 5.0 clients do not honor the checkbox to allow Run at every policy enforcement for reasons not related
Last Modified Date:4/9/2017
Technical Article
The MA macompatsvc process runs slowly on systems with MA 5.0.3.272 installed, which leads to slow policy enforcement.. McAfee Drive Encryption (DE) 7.1.x and later McAfee Agent (MA) 5.0.3.272 For details of DE 7.1.x supported environments, see
Last Modified Date:11/21/2016
Technical Article
The ePO Server service binds to the first IP address enumerated by the operating system. Agents receive that IP address configuration when they connect to the ePO server. This might not be the correct IP address for a given networking environment..
Last Modified Date:3/7/2017
Technical Article
McAfee Agent (MA) 4.8 McAfee Host Intrusion Prevention (Host IPS) 8.0. The McTray icon (McAfee icon in the systray) is terminating unexpectedly when Host IPS 8.0 is installed. You see the following error in the Windows Application log file: Faulting
Last Modified Date:2/17/2016
Technical Article
MA sent either return code 33 or failed to send any return code for the agent update script before the FrameworkService was restarted.. McAfee Agent (MA) 4.8 Patch 3, 4.8 Patch 2 McAfee ePolicy Orchestrator (ePO) 5.x. An upgrade from MA 4.6 Patch 3
Last Modified Date:10/21/2016
Page 1 of 43Next Page
Results: 1 - 10 of 424|
Per Page