Turning off McAfee AntiVirus Plus realtime protection temporarily
To temporarily turn off the realtime antivirus protection in McAfee
AntiVirus Plus, e.g., so you could move a file to another system for analysis
that it might deem malware or to scan the system with other antivirus
software, you can take the following steps:
-
Open the program and click on the gear (cog) icon at the upper, right-hand
corner of the window.
-
Under the PC Security section of the Settings, you will
see "Real-Time Scanning." When you click on "Real-Time Scanning" you will
have the option of turning off the real-time monitoring for 15 minute intervals
from 15 to 60 minutes or you can select "When I restart my PC" or "Never."
If you select a timed option, the protection will automatically turn back
on after that period of time. You can also turn on protection again
prior to that time by modifying the "Real-Time Scanning" setting again.
If you wish to view or restore items McAfee AntiVirus Plus has quarantined,
you can click on "Quarantined items" under Settings, which will show
you all files in the quarantine area, if any.
Note: these steps were tested on McAfee® AntiVirus Plus version 16.0
[/security/antivirus/mcafee]
permanent link
Turning McAfee Total Protection Real-time protection off
Sometimes you may wish to temporarily disable the antivirus software
on a system in order to scan the system with other antivirus/antispyware
software. If you are using McAfee Total Protection as the antivirus
software on a system, instructions for turning off its real-time scanning
feature are listed
here.
[/security/antivirus/mcafee]
permanent link
Vulnerability Discovered in McAfee AntiVirus
Researchers at Internet Security Systems
(ISS) have discovered a flaw in
Mcafee's antivirus software that could allow compromise of a
system running that software. The flaw affects software using versions
of McAfee's antivirus library prior to 4400. Exploitation of the flaw
could be achieved by sending a specially crafted LHA file by email or
through the download of such a file from a website, or the opening of such
a file from a shared folder on a network. The malformed LHA file can cause
a stack overflow, potentially providing access to the affected system.
McAfee products affected include the following:
- Active Virus Defense
- Active VirusScan
- Active Virus Defense SMB Edition
- Active VirusScan SMB Edition
- Active Threat Protection
- Active Mail Protection
- GroupShield for Exchange
- GroupShield for Exchange 5.5
- GroupShield for Lotus Domino
- GroupShield for Mail Servers with ePO
- LinuxShield
- NetShield for Netware
- PortalShield for Microsoft SharePoint
- SecurityShield for Microsoft ISA Server
- Virex
- VirusScan (all versions)
- VirusScan Professional
- VirusScan ASaP/Managed VirusScan
- VirusScan Command Line
- VirusScan for NetApp
- VirusScan(r) Enterprise(all versions)
- WebShield Appliances
- WebShield SMTP
References:
-
Anti-virus vulnerabilities strike again
By John Leyden, The Register
March 18, 2005
-
McAfee AntiVirus Library Stack Overflow
Internet Security Systems Protection Advisory
March 17, 2005
[/security/antivirus/mcafee]
permanent link
