{"id":82779,"date":"2017-11-28T06:00:15","date_gmt":"2017-11-28T14:00:15","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=82779"},"modified":"2025-06-04T04:02:12","modified_gmt":"2025-06-04T11:02:12","slug":"should-i-worry-about-avgater-which-exploits-some-security-products","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/","title":{"rendered":"Should I Worry About AVGater, Which Exploits Some Security Products?"},"content":{"rendered":"<p><em>This blog was written by Brook Schoenfield.<\/em><\/p>\n<p>On November 10, a researcher reported the vulnerability <a href=\"https:\/\/bogner.sh\/2017\/11\/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine\/\" target=\"_blank\" rel=\"noopener\">AVGater<\/a>, which affects some antimalware products. The vulnerability allows a user without administrative privileges to restore a quarantined file in a user\u2019s defined location.<\/p>\n<p>After internal reviews and with confirmation from the author of the blog, McAfee believes no McAfee products are affected by the privilege escalation vulnerability described in the AVGater blog.<\/p>\n<p>The mechanism that allows users to restore files from quarantine in <a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/products.html\">McAfee products<\/a> is either locked by default or is available only to users with administrative privileges, providing an additional layer of protection to our customers.<\/p>\n<p>AVGater, as described by blog author Florian Bogner, is based upon antimalware products use of a permanent storage area (folder or directory) to contain software that the antimalware program has \u201cconvicted\u201d\u2014executables believed to be malicious. Once convicted, the malicious software must be placed somewhere where it cannot execute and cause (further) harm.<\/p>\n<p>Why not just immediately delete convicted software? If files were summarily deleted, there would always be a chance the files had been incorrectly convicted and might be important to the user. Unfortunately, no software can be considered perfect.<a href=\"#_edn1\" name=\"_ednref1\">[i]<\/a> False detections occasionally occur, even with the most comprehensive and accurate software. Placing files into \u201cquarantine,\u201d the reserved safe area, mitigates the potential for an accidental removal of users\u2019 important files.<\/p>\n<p>Because of the potential of false-positive malware conviction, nearly every endpoint protection program makes use of a \u201cquarantine\u201d location, where assessed bad files are placed before deletion, just in case there has been a mistake in the identification algorithms.<\/p>\n<p>Researcher Bogner has uncovered a way that quarantined software can be restored to execute, potentially with a privilege escalation from user-level privileges to the Windows system user. He has named the technique AVGater.<\/p>\n<p>Privilege escalation is a critical step in the path to the full compromise of an operating system. Although a user may not have permission to write executable software into directories reserved for the operating system, if an attacker can execute malware from one of Windows\u2019 system directories, an attacker can begin to subvert or replace critical system software with malware. Full control of the operating system may be within reach by just a few, perhaps undetected, steps.<\/p>\n<p>Privilege escalation to the level of the Windows\u2019 system user is not an attacker\u2019s ultimate exploit, but it is a significant step that provides attackers assistance toward their goals.<\/p>\n<p>We live in a world in which techniques to get users to take a single step (click, save, open, view, read) is commonplace; there are thousands of spoofs, scams, confidence games, and social engineering techniques. If you live in the digital world, you have been exposed to many of these, maybe every day.<\/p>\n<p>It is not hard to imagine that attackers, having gotten their software placed into AV quarantine, can execute subsequent software, perhaps through tricking users in some manner.<\/p>\n<p>AVGater is not a straightforward attack. Successful quarantine removal and copying to a system directory must be proceeded by other steps for attackers to achieve their goals, whether controlling additional hosts for a botnet, gathering account information, or other ends. (See the section \u201cAVGater technique,\u201d below, for more information.)<\/p>\n<p>Getting malware onto a Windows machine is relatively uncomplicated; it happens thousands of times every day. Tricking users to proceed is also well understood by attackers with varying levels of technical skill. Thus we believe that attacks based upon AVGater are credible, if not particularly straightforward.<\/p>\n<p>AVGater has not yet been widely used by attackers. Nonetheless, it should be easy for a malware writer to drop detection defenses to force a conviction and quarantine of an attack. This step makes this attack noteworthy: Malware writers already know how to be identified by antimalware programs.<\/p>\n<p>All of AVGater\u2019s steps seem well within reasonable capabilities of competent attackers. Users whose security software is vulnerable should update to a patched version as soon as possible.<\/p>\n<p>It is a poor idea to conduct day-to-day operations from the Windows administrator account. McAfee recommends that users start with a less privileged, user-level account and elevate to administrative privileges only for necessary operations and only for as long as needed to complete a task. Consumers should set up a nonadministrator account as the usual login.<\/p>\n<p><a href=\"https:\/\/www.mcafee.com\/us\/products\/epolicy-orchestrator.aspx?eid=17DE_MINAQ4_ML_SO_ST-2&amp;elqCampaignId=22175&amp;utm_campaign=DE_MI_17Q4&amp;utm_source=mcafeeblog&amp;utm_medium=organic\" target=\"_blank\" rel=\"noopener\">McAfee\u00ae ePolicy Orchestrator<\/a>\u00ae (McAfee ePO\u2122) administrators should use the product\u2019s capabilities to reduce the privileges that users need for common tasks, and thus reduce the privilege levels required by most users.<\/p>\n<p>Always running with administrative privileges is a dangerous practice. One mistake can allow a complete compromise. Attackers do not need to go through the steps of AVGater or other privilege escalation. If attackers can execute some code as administrators, they can probably compromise Windows completely. AVGater does not lend attackers any additional advantage.<\/p>\n<p>Users who recognize social engineering attacks will have an advantage in protecting themselves, because they are much less likely to accept suspicious software and fall for tricks that execute the secondary steps required in this attack.<\/p>\n<p>As always, all users are advised to avoid public hotspots. If you must use one, be sure to make use of your company\u2019s VPN services as soon as you join, or use some other VPN technology to conduct your online activities. Always disable unneeded services; do not leave file sharing on except for highly trusted networks; do not blindly accept files from untrusted sources, especially on unsecured and untrusted networks. We should always follow these safe computing practices irrespective of the latest attack technique or the state of our computing protections.<\/p>\n<p>McAfee continues to investigate potential attack vectors related to AVGater. As of this writing, both McAfee and Florian Bogner have found no unmitigated paths through a McAfee product. If we discover additional information, we will update this post.<\/p>\n<h2><strong>AVGater Technique<\/strong><\/h2>\n<p>To promulgate this attack, the security software must identify an attacker-controlled program as malware, which will result in quarantine. The attacker must next switch the quarantined file for malware that will further the attack. Then the attacker must set up the necessary Windows file \u201cjunction\u201d so that removing the file from quarantine also copies it into a directory with Windows system privileges.<\/p>\n<p>Any number of tricks can convince at least some users into executing additional malicious software that removes the attack software from quarantine and, through the previously set-up file junction, places the software into a privileged directory. The attacker then must somehow execute the attack software from the joined system directory to proceed.<\/p>\n<p>Attackers have developed numerous methods for avoiding or fooling attempts at conviction, while antimalware makers spend a significant proportion of their efforts identifying the attackers tricks so that malware will be accurately identified.<\/p>\n<p>For malware writers to use this technique, they need obvious malware that will ensure conviction. Accompanying the \u201cred herring\u201d malware must be additional software that can hide its true intent (replace the quarantined item<em>,<\/em> set up file junction, induce the copying to system privileges, and execute the attacker\u2019s code).<\/p>\n<p>Compared with executing one or two steps against users who are running with administrative privileges, AVGater requires more steps, each of which must be executed successfully and in proper order. AVGater demands greater skill to include careful interactions between at least three steps, and at least one user-induced action. This scenario is credible, though more involved than other easy, repeatable attacks.<\/p>\n<p><a href=\"#_ednref1\" name=\"_edn1\">[i]<\/a> Software can be proven to be incorrect, but it is difficult to prove it absolutely error free. Readers may wish to investigate Alan Turing\u2019s \u201cTuring\u2019s Proof,\u201d whose math is believed to prove that an automated process cannot prove that an automated process is correct.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog was written by Brook Schoenfield. On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware&#8230;<\/p>\n","protected":false},"author":695,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,4452,338,180],"coauthors":[4136],"class_list":["post-82779","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybersecurity","tag-endpoint-protection","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Should I Worry About AVGater, Which Exploits Some Security Products?<\/title>\n<meta name=\"description\" content=\"On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware products.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Should I Worry About AVGater, Which Exploits Some Security Products?\" \/>\n<meta property=\"og:description\" content=\"On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware products.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-28T14:00:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-04T11:02:12+00:00\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"Should I Worry About AVGater, Which Exploits Some Security Products?\",\"datePublished\":\"2017-11-28T14:00:15+00:00\",\"dateModified\":\"2025-06-04T11:02:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/\"},\"wordCount\":1282,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"computer security\",\"cybersecurity\",\"endpoint protection\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/\",\"name\":\"Should I Worry About AVGater, Which Exploits Some Security Products?\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2017-11-28T14:00:15+00:00\",\"dateModified\":\"2025-06-04T11:02:12+00:00\",\"description\":\"On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware products.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Should I Worry About AVGater, Which Exploits Some Security Products?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Should I Worry About AVGater, Which Exploits Some Security Products?","description":"On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware products.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Should I Worry About AVGater, Which Exploits Some Security Products?","og_description":"On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware products.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-11-28T14:00:15+00:00","article_modified_time":"2025-06-04T11:02:12+00:00","author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"Should I Worry About AVGater, Which Exploits Some Security Products?","datePublished":"2017-11-28T14:00:15+00:00","dateModified":"2025-06-04T11:02:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/"},"wordCount":1282,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["computer security","cybersecurity","endpoint protection","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/","name":"Should I Worry About AVGater, Which Exploits Some Security Products?","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2017-11-28T14:00:15+00:00","dateModified":"2025-06-04T11:02:12+00:00","description":"On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware products.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/should-i-worry-about-avgater-which-exploits-some-security-products\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Should I Worry About AVGater, Which Exploits Some Security Products?"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/82779","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=82779"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/82779\/revisions"}],"predecessor-version":[{"id":215103,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/82779\/revisions\/215103"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=82779"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=82779"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=82779"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=82779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}