Professional Documents
Culture Documents
Version 1
October 2010
Global ICT
Enterprise Architecture
800 West Chestnut Avenue
Monrovia, California 91016
Author
Version
Change Reference
27 Sept 2010
Bo Bradshaw
.1
Initial Document
26 Oct 2010
Bo Bradshaw
.2
27 Oct 2010
Bo Bradshaw
.3
03 Nov 2010
Bo Bradshaw
Final
Date
Reviewer
6 Oct 2010
Neil Cannon
GICT
.1
26 Oct 2010
Chris Prescott
GICT
.2
Reviewers
Table of Contents
REVISION AND SIGNOFF SHEET ........................................................................................................................................................... 2
CHANGE RECORD ............................................................................................................................................................ 2
REVIEWERS ......................................................................................................................................................................... 2
TABLE OF CONTENTS .......................................................................................................................................................................... 3
ABOUT THIS GUIDE ............................................................................................................................................................................. 4
INTENDED AUDIENCE .......................................................................................................................................................................... 4
DOCUMENT FEEDBACK ....................................................................................................................................................................... 4
ASSUMPTIONS ....................................................................................................................................................................................... 4
REQUIREMENTS ..................................................................................................................................................................................... 4
SUBMISSION PROCESS ........................................................................................................................................................................... 5
USING THE MALWARE SUBMISSION FORM ......................................................................................................................................... 5
USERS INFORMATION ...................................................................................................................................................... 5
USERNAME...................................................................................................................................................... 5
USERS NAME ................................................................................................................................................. 6
USERS EMAIL ADDRESS ................................................................................................................................. 6
LOCATION ......................................................................................................................................................................... 6
CURRENT COUNTRY LOCATION ................................................................................................................ 6
CURRENT OFFICE TYPE LOCATION ............................................................................................................ 6
OPERATING SYSTEM & SERVICE PACK............................................................................................................................. 7
OPERATING SYSTEM ...................................................................................................................................... 7
EDITION ......................................................................................................................................................... 7
ARCHITECTURE .............................................................................................................................................. 7
SERVICE PACK ................................................................................................................................................ 7
MALWARE INFORMATION ................................................................................................................................................ 8
DID A MCAFEE PRODUCT DETECT THE MALWARE? ................................................................................... 8
DID ANOTHER ANTI-MALWARE PRODUCT DETECT THE MALWARE?....................................................... 8
HOW WAS THIS POTENTIAL MALWARE DISCOVERED? ............................................................................... 8
WHAT MAKES THIS POTENTIAL MALWARE SUSPICIOUS? ............................................................................ 8
WHAT BEHAVIOR HAS THIS POTENTIAL MALWARE PRODUCED? .............................................................. 9
HOW MANY SYSTEMS HAS THIS POTENTIAL MALWARE BEEN DISCOVERED ON? ...................................... 9
HAS THE POTENTIAL MALWARE ACTUALLY BEEN EXECUTED?................................................................... 9
DO YOU HAVE ANY OTHER PERTINENT INFORMATION TO INCLUDE? ..................................................... 9
CLICK BROWSE TO UPLOAD THE POTENTIAL MALWARE. .......................................................................... 9
SUBMITTING....................................................................................................................................................................... 9
APPENDIX A [MALWARE SUBMISSION SCREENSHOT] ..................................................................................................................... 10
APPENDIX B [MALWARE SUBMISSION FLOWCHART] ..................................................................................................................... 11
Intended Audience
This guide is intended for World Vision IT staff that have discovered malware which McAfee does not
detect or is not able to remediate.
Document Feedback
EA welcomes your suggestions for improving documentation. If you have comments, send your
feedback to EA@wvi.org or post on the EA Community of Interest site on wvcentral.
Assumptions
The system with the potential malware has the current version of McAfees VirusScan Enterprise
(VSE) installed, the current version of McAfees AntiSpyware Enterprise (ASE) installed, and the
current version of McAfees DAT.
A full McAfee on-demand scan has been run on the system with the potential malware and one of
the following scenarios are true:
o The suspected malware was not detected by McAfee.
o Malware undetected by McAfee was detected by another anti-malware application.
o Malware was detected by McAfee but was unable to be cleaned or deleted.
Requirements
An internet connection.
A wvcentral account.
Submission Process
Once all the requirements and assumptions of this document have been met, a submission can be made
to McAfee. In order to update their definitions, McAfee needs a copy of the suspected malware which
McAfee VSE/ASE was either unable to detect or unable to remediate. The primary method for
submitting this malware to McAfee for review is via the Malware Submission form hosted on wvcentral.
To view a screenshot of the form, see Appendix A.
https://www.wvcentral.org/cop/ICT/EA/AdminLib/MalwareSubmission.aspx
Users Information
Location
Operating System & Service Pack
Malware Information
Users Information
This section contains three fields which are used to gather information about the user who is submitting
the file:
Username
Users Name
Users Email Address
Username
This field will contain the username that was used to login to wvcentral. It should be auto populated. If
the form fails to auto populate then it will have to be manually entered.
Users Name
This field will contain the submitting users full name. It should be auto populated. If the form fails to
auto populate then it will have to be manually entered.
Location
This section contains two fields which are used to gather information about the office in which the
suspected malware was discovered:
Regional Office
Support Office
National Office
Not Listed
Operating System
Edition
Architecture
Service Pack
Operating System
This field is used to select the operating system in which the suspected malware was discovered. If the
correct operating system is not listed, please select not listed and enter the operating system in the
pertinent information textbox below.
Edition
This field is used to select the edition of the operating system in which the suspected malware was
discovered. If the correct edition is not listed, please select not listed and enter the edition in the
pertinent information textbox below.
Architecture
This field is used to select the architecture of the operating system in which the suspected malware was
discovered. If the correct architecture is not listed, please select not listed and enter the architecture
in the pertinent information textbox below.
Service Pack
This field is used to select the service pack of the operating system in which the suspected malware was
discovered. If the correct service pack is not listed, an other option is available. If other is selected, a
text box will be available to manually enter the correct service pack.
Malware Information
This section contains nine fields which are used to gather information about the suspected malware. All
the information relating to the suspected malware will be provided, and the suspected malware itself will
be attached. The nine fields are:
How many systems has this potential malware been discovered on?
This field presents a textbox where a short description can be entered in regard to the number of
systems in which the potential malware has been discovered.
Submitting
Once the form has been completely filled out and the potential malware attached, it can be submitted.
Press the submit button at the bottom. If everything was filled out and submitted properly, the page will
refresh and a message will be at the top stating, Malware information entered is saved and emailed. A
copy has been emailed to you. At that point the machine with the potential malware should have the
Malware Remediation process run against it and be quarantined until McAfee responds, and a further
course of action can be determined.
10
11