Security, Account Blocked, Rootkit
Security information from Technology Services Privacy and Information Security team.
Technology Services will no longer support McAfee and McAfee ePO after 12/31/2016
After 12/31/2016, antivirus and full disk encryption cannot be managed via ePO. On the endpoint, the software will continue to function; however, it will need to be managed at the endpoint. That means it will no longer be logging virus and encryption information centrally. When the McAfee software reaches end of life, it will require manual intervention at each endpoint. The University will continue to support other popular antivirus software like Malwarebytes, which will not be affected by this change. The personal version of McAfee antivirus for Windows or Mac, previously downloaded from the WebStore, will also not be affected by this change. However, moving forward, we will no longer be offering a personal version of McAfee antivirus. Instead, the University of Illinois makes the following recommendations for antivirus software: https://answers.uillinois.edu/illinois/page.php?id=67971.
What you can do
We recommend that you begin to transition to other software solutions on your University machines.
For a list of available antivirus and encryption software, as well as instructions for use, please see our blog post: https://techservices.illinois.edu/news/2016/ending-support-mcafee-products-university-computers.
For questions or concerns, please contact the Technology Services Help Desk at 217-244-7000 or by email at email@example.com.
The steps below should be performed by an IT Professional
This process catches rootkits (a program or program kit that hides malware on a system).
Before running any antivirus scans:
- Download and run TDSSKiller http://support.kaspersky.com/downloads/utils/tdsskiller.zip
- Download and run Norton Power Eraser: http://security.symantec.com/nbrt/npe.aspx
- Run an McAfee scan (or comparable program) from safe mode
- Have user change passwords
For Unix and BSD based systems (like Mac OS X):
- Run Rootkit Hunter http://www.rootkit.nl/projects/rootkit_hunter.html
- Run chkrootkit http://www.chkrootkit.org/