Skip to content
Urgent Announcement

McAfee is receiving multiple reports of modified Petya ransomware variants. McAfee Labs is receiving various samples which are in analysis, and can confirm that McAfee Global Threat Intelligence (GTI) is protecting against current known samples at the low setting.

  • Extensions currently known as being affected are:  .3ds, .7z, .accdb, .ai, .asp, .aspx, .avhd, .back, .bak, .c, .cfg, .conf, .cpp, .cs, .ctl, .dbf, .disk, .djvu, .doc, .docx, .dwg, .eml, .fdb, .gz, .h, .hdd, .kdbx, .mail, .mdb, .msg, .nrg, .ora, .ost, .ova, .ovf, .pdf, .php, .pmf, .ppt, .pptx, .pst, .pvi, .py, .pyc, .rar, .rtf, .sln, .sql, .tar, .vbox, .vbs, .vcb, .vdi, .vfd, .vmc, .vmdk, .vmsd, .vmx, .vsdx, .vsv, .work, .xls, .xlsx, .xvd, .zip
  • We have confirmed with the samples that SMB is being used as a propogation method, and are aware of reports that RDP may also be used but have yet to confirm this.
  • After encryption, impacted systems may show a ransom screen and suggest a system reboot after which the system will not be accessible.

McAfee has released an Extra.DAT to include coverage for this threat — it is attached to KB89540.


Continuing Information

McAfee will continue to post more information in Knowledge Base article KB89540 (https://kc.mcafee.com/corporate/index?page=content&id=KB89540) as available.

To receive information about McAfee product updates, sign up for the Support Notification Service (SNS) at https://sns.secure.mcafee.com/signup_login

Knowledge Center

Begin your search by entering a search term or a product. Entering both may provide more relevant search results. Search Tips
Reset|Share This Search
Search Results Feedback »
Collapse Pane
Sort By:
Sort By:
Technical Article
McAfee ePolicy Orchestrator (ePO) 5.x McAfee Performance Optimizer 2.x, 1.x. This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new
Last Modified Date:4/9/2017
Technical Article
The file ...\McAfee\ePolicy Orchestrator\Server\conf\server.xml contains unexpected characters, for example, shutdown='^/+.]NZD,['.. McAfee ePolicy Orchestrator (ePO) 5.3.1, 5.3.0, 5.1.3, 5.1.2, 5.1.1, 5.1.0. Restoring an ePO Disaster Recovery
Last Modified Date:12/10/2015
Technical Article
McAfee Logon Collector (MLC) 3.x. This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release or if
Last Modified Date:4/6/2017
Technical Article
During Agent to ePO server communications, the Agent sends a set of properties collected from the client operating system and any point products that are installed. These errors occur if one of these properties is invalid or malformed.. McAfee Agent
Last Modified Date:11/9/2016
Technical Article
McAfee ePolicy Orchestrator (ePO) 5.x, 4.x. NOTE: For more information about how to enable additional debugging, see your ePO product documentation. For a full list of product documents, go to the ServicePortal at: http://support.mcafee.com . Click
Last Modified Date:4/9/2017
Technical Article
A registry value is present on the primary node that incorrectly identifies it as a secondary node.. McAfee ePolicy Orchestrator (ePO) 5.x. When attempting to upgrade ePO in a cluster environment by running setup.exe on the primary node of the
Last Modified Date:3/9/2017
Technical Article
The file that identifies ePO 5.1 supported Extensions is released to the McAfee site and updated by ePO installations on a daily basis. Any ePO installation is able to access the file to be updated with the latest supported extensions, provided it
Last Modified Date:9/8/2015
Technical Article
This issue exists only when too much privilege has been granted to an account that is used to retrieve McAfee product updates from UNC shares and other update sites.. McAfee Agent 5.x, 4.x McAfee ePolicy Orchestrator 5.x McAfee VirusScan Enterprise
Last Modified Date:4/7/2017
Technical Article
This problem occurs because the SQL connection provider used by ePO supports only TLS 1.0. If this protocol is disabled, ePO is unable to establish a connection with the SQL server.. McAfee ePolicy Orchestrator (ePO) 5.x. If TLS 1.0 is disabled on
Last Modified Date:5/11/2017
Technical Article
The date/time values are not being properly html escaped for the report.. McAfee ePolicy Orchestrator (ePO) 5.1. When using ePO 5.1.0, running a bar chart that displays date/time on the y-axis may display garbage characters instead of the expected
Last Modified Date:8/5/2014
Page 1 of 76Next Page
Results: 1 - 10 of 757|
Per Page