McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeMcAfee Labs

Threats FAQ

Here are the answers to some of the questions we hear most often about security threats and vulnerabilities.

  1. When should I contact McAfee Labs?
  2. What should I do if I believe my system has a virus, but my McAfee software hasn’t detected anything?
  3. Can you provide an analysis and tell me exactly what might be happening if I call and describe unusual behavior on my system or potentially infected files on my computer?
  4. Can McAfee Labs help me with product issues?
  5. What happens if McAfee VirusScan detects a file it cannot clean?
  6. Can JPEG, GIF, and other image files be infected?
  7. Does McAfee VirusScan detect all security exploits?
  8. Why do I need to update my virus scanning engine, as well as my .DAT files?
  9. What types of attacks typically target enterprise networks and servers?
  10. Where can I find out about the latest security threats?
  11. What are the latest spam threats?
  12. What is McAfee Artemis?
  13. What is McAfee TrustedSource?
  14. How can I dispute a reputation score if I believe McAfee TrustedSource has unfairly assigned one to my URL?

1. When should I contact McAfee Labs?
If you think your computer, server, or network may be infected with a virus or Trojan, or may have a new potentially unwanted program (PUP), you can submit a sample to us for analysis.

If you want information on a threat that is not listed in the Threat Intelligence Library, email McAfee Labs with a sample for analysis.

If you think a harmless file has been detected as a virus, you can send us a sample so we can determine whether it is a false positive or an actual virus. We will send you an automated reply stating that the sample is already detected; you will need to reply to this message, informing us you believe it is an incorrect identification.

2. What should I do if I believe my system has a virus, but my McAfee software hasn’t detected anything?
If McAfee VirusScan fails to detect or clean a known virus, it most likely means your scan engine or .DAT files are out of date. McAfee releases a new version of the scan engine approximately every three months. We highly recommend you update the scan engine as soon as the new versions become available so you have the best possible coverage.

New .DAT file updates are released every business day, Monday through Friday, at approximately 6:00 p.m. UTC. We suggest you update your .DAT files daily. Our technical support team can help you determine your current versions and assist you with updates.

3. Can you provide an analysis and tell me exactly what might be happening if I call and describe unusual behavior on my system or potentially infected files on my computer?
In most cases, it’s difficult to determine the exact threat you might have from a verbal description. For best results, we recommend you download and install the most recent scan engine and .DAT files, which will most likely detect any threat that may be active in your system. If you do not find any malware but still believe you may be infected, submit a sample to McAfee Labs for analysis.

4. Can McAfee Labs help me with product issues?
No. McAfee Labs is a threat research organization that helps detect, describe, and provide remediation for viruses, Trojans, and potentially unwanted programs (PUPS). Our research labs do not work with product-related issues.

If you are a business user and need assistance with a McAfee product, visit Enterprise Support.

If you are a home or home office user and need assistance with a McAfee product, visit Services & Support for Home & Home Office.

5. What happens if McAfee VirusScan detects a file it cannot clean?
When a virus infects a file, McAfee VirusScan cleans the virus and repairs the file. Trojans and worms behave differently — they are self-contained and do not need to be part of another program or file to spread. The best way to eliminate these types of threats is to delete them. If McAfee VirusScan has detected a threat and is unable to delete it, the best thing for you to do is run another scan to see if the file is still there. At times, even though McAfee VirusScan has deleted the malicious file, you may get a message that cleaning has failed.

For best results, make sure you download and install the latest scan engine and .DAT files. If you are running Microsoft Windows ME or XP, disable System Restore and scan again. Potentially unwanted programs (PUPS) may include multiple files that can plug into the operating system in such a way that simply deleting them can prevent your system from working properly.

Submit samples of PUPs you cannot clean to McAfee Labs so we can add proper removal code to the .DAT files. Finally, check the Threat Intelligence Library for details on the Trojan or worm you detected. Some malicious codes require special removal instructions. Before you delete any files, make sure you note the names of the files you detected. To move, copy, or delete detected files, you may need to temporarily disable your anti-virus software. Remove any associated files from the registry and INI files. Alternatively, you may choose to restore your registry or INI files from a clean backup.

6. Can JPEG, GIF, and other image files be infected?
Yes. Some software programs have vulnerabilities that contaminate JPEG files with malicious code. Contaminated JPEG files can carry or launch a virus, worm, or Trojan on unpatched systems.

7. Does McAfee VirusScan detect all security exploits?
VirusScan detects viruses, worms, and Trojans. If we discover a specific virus, worm, or Trojan that exploits a popular vulnerability, we will incorporate detection for the exploit whenever possible. We also recommend you keep all software up to date. Visit your software vendors’ websites regularly to see which patches are available for your system and applications. If you need protection from other types of security threats, McAfee offers a wide range of products. Contact your sales or support representative for assistance.

8. Why do I need to update my virus scanning engine, as well as my .DAT files?
Updating your scan engine provides the most robust detection and cleaning available. McAfee continually refines detection and repair techniques so you have the most up-to-date, efficient protection. We also regularly improve the scanning engine to support new file formats and new infection methods.

9. What types of attacks typically target enterprise networks and servers?
Large-scale network attacks generally fall into three major categories:

  • Reconnaissance — Includes host sweeps, TCP and UDP port scans, email reconnaissance, and indexing public web servers to find CGI holes.
  • Exploits — Attackers take advantage of hidden features and bugs to gain access to the system. The attacks may affect encrypted or unencrypted data. Nuisance programs like spyware can fall into this group.
  • Distributed denial-of-service (DDoS) attacks — Attackers try to crash a service or machine, overload the CPU or network links, or fill up the disk. Attackers do not always try to gain information; sometimes, they simply want to prevent you from using your computer.

McAfee offers intrusion prevention solutions so you can detect known attacks using custom signatures, new and zero-day attacks using anomaly techniques, encrypted attacks using advanced SSL decryption, and DDoS attacks using hybrid algorithms that employ statistical and heuristic methods. The combination of these techniques significantly increases the capability and accuracy of the system, reducing false positives and false negatives.

10. Where can I find out about the latest security threats?
The McAfee Threat Center has detailed research, commentary, and analysis about the latest security threats. The McAfee Labs blog includes breaking news updates on security research, threats, and solutions. Commentary from the experts at McAfee Labs includes the newest information on exploit and malware research, mobile security, unpatched vulnerabilities, and more. We also regularly update profiles of viruses, Trojans and other threats currently in circulation. Sign up to receive our free McAfee Labs Security Advisories email for the latest information on security threats.

11. What are the latest spam threats?
We can’t define the latest spam threats, because they are constantly changing. McAfee Labs tracks both spam volume and trends. Our monthly spam report gives you in-depth analysis on where spam is originating and who it is targeting. McAfee’s internet reputation system, tracks the Top Email Senders by IP address and domain name.

12. What is McAfee Artemis?
McAfee Artemis is the industry’s first real-time, “in-the-cloud” file reputation technology that protects enterprises and consumers from known and emerging malware threats. For more information, see the Global Threat Intelligence page.

13. What is McAfee TrustedSource?
McAfee TrustedSource is a real-time, “in-the-cloud” web reputation technology that protects consumers, enterprises, and service providers from known and emerging web- and email-based threats. For more information, see the Global Threat Intelligence page.

14. How can I dispute a reputation score if I believe McAfee TrustedSource has unfairly assigned one to my URL?
McAfee TrustedSource welcomes feedback. Use the McAfee TrustedSource Customer URL Ticketing System to submit a request to change the categorization of a URL. You can also track the status of your ticket on this site.

United Kingdom - English