VirusScan 8.5i updates for reporting

Ahhh, grasshopper there will come a day of reckoning.

It seems that the settings we had previously been using [1, 2] for our VirusScan setting files was excellent for a VirusScan 8.0i install and survived and upgrade to 8.5i if it had been pre-installed. The settings did not work when applied to VS 8.5i because the registry keys have changed … *crunch*

Blocking P2P with VirusScan8.5i
A registry change, modify the UserDefinedDetection settings to suit your needs, remember the more you add the slower the file processing so ‘think smart’

Windows Registry Editor Version 5.00
;Contributor: Me
;Created: 15 September 2005
;Updated: 25 May 2007 (path for VS 8.5i)
;Status: Current
;
;Subject: Registry file to add Virus Scan v8.5i – User Defined Unwanted Programs
; Removal of selected P2P applications

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VSCore\NVP]
“DetectJokes”=dword:00000001
“DetectSpyware”=dword:00000001
“DetectPotentiallyUnwantedApps”=dword:00000001
“DetectPasswordCrackers”=dword:00000001
“DetectAdware”=dword:00000001
“DetectRemoteAdminTools”=dword:00000001
“DetectionExclusions”=””
“DetectDialers”=dword:00000001
“DetectKeyLoggers”=dword:00000000
“UserDefinedDetection_0″=”BitLord.exe:BitLord (Torrent Client)”
“UserDefinedDetection_1″=”g3torrent.exe:G3 Torrent Client”
“UserDefinedDetection_2″=”Btdownloadgui.exe:BitTorrent (Torrent Client)”
“UserDefinedDetection_3″=”Btmaketorrentgui.exe:BitTorrent (Torrent Client)”
“UserDefinedDetection_4″=”Azureus.exe:Azureus (Torrent Client)”
“UserDefinedDetection_5″=”Azureus2.jar:Azureus (Torrent Client)”
“UserDefinedDetection_6″=”BitComet.exe:BitComet (Torrent Client)”
“UserDefinedDetection_7″=”Emule.exe:eMule (P2P Client)”
“UserDefinedDetection_8″=”Edonkey2000.exe:eDonkey 2000 (P2P Client)”
“UserDefinedDetection_9″=”klrun.exe:Kazaa Lite Resurrection (P2P Client)”
“UserDefinedDetection_10″=”khancer.exe:KaZaa Lite / K-Lite (P2P Client)”
“UserDefinedDetection_11″=”Morpheus.exe:Morpheus (P2P Client)”
“UserDefinedDetection_12″=”Shareaza.exe:Shareaza (P2P Client)”
“UserDefinedDetection_13″=”LimeWire.exe:LimeWire (P2P Client)”
“UserDefinedDetection_14″=”LimeWire.jar:LimeWire (P2P Client)”
“UserDefinedDetection_15″=”BearShare.exe:BearShare (P2P Client)”
“UserDefinedDetection_16″=”KCeasy.exe:KCeasy (P2P Client)”
“UserDefinedDetection_17″=”Gnucleus.exe:Gnucleus (P2P Client)”
“UserDefinedDetection_18″=”Ares.exe:Ares (P2P Client)”
“UserDefinedDetection_19″=”warez.exe:Warez P2P (P2P Client)”

VirusScan 8.5i Central reporting
we have a registry key change for this one too.

Windows Registry Editor Version 5.00
;Contributor: Me
;Created: 15 September 2005
;Updated: 25 May 2007 (path for VS 8.5i)
;Status: Current
;
;Subject: Configure Virus Scan v8.5i – to use REDMOND as Alert server

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VSCore\Alert Client\VSE]
“SuppressAlertsBelow”=dword:00000001
“bLocalEventLog”=dword:00000001
“LocalConfig”=dword:00000001
“RemoteConfig”=dword:00000001
“Centralized Alerting Path”=””
“Alert Manager Server Path”=”\\\\REDMOND”
“AlertType”=dword:00000004
“bSendSNMP”=dword:00000000
“SuppressAlerts”=””
“bXMLForwarding”=dword:00000001

[1] Blocking P2P with VirusScan8.0i
[2] VirusScan 8.0i Central reporting

This entry was posted in security, soe, virusscan. Bookmark the permalink.

3 Responses to VirusScan 8.5i updates for reporting

  1. Chris says:

    Well… I’m using Bearshare – superb tool for fast downloading! Limewire not bad too…

  2. Sakhile says:

    How do i get 8,5i updates on mcafee

  3. @Sakhile
    For the McAfee Enterprise products you can download updates from
    https://secure.nai.com/apps/downloads/my_products/login.asp
    You will need your current NAI Grant number to access the updates.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.