2nd layer protection for USB drives: MCShield

General Topics
21

@George Yves
Hm … Okay. :-
Interesting crashes you have received, so your logreports would be very interesting.

@schmidthouse
:wink:

22

You’re welcome.

:slight_smile:

23

Just to be sure. Is this the page to downoad MCShield ?

http://amf.mycity.rs/mcshield/downloads.html

Because all my Googling sent me to some feature McAfee has also called MCShield.

24

It’s where I got it from. :slight_smile:

Tech’s original post gave you the clue:
amf.mycity.rs/mcshield

25

Yeah, MCShield is NOT from McAfee. 8)

26

Yes, but I don’t read Serbian so I took me a while to find it in English

I know but look at these:

http://www.neuber.com/taskmanager/process/mcshield.exe.html
https://community.mcafee.com/message/240900
http://www.file.net/process/mcshield.exe.html

I just wanted to be sure it was the same program version you were taking about. Double checking I guess.

Thanks guys.

27

Well, I do not read Serbian either :-[

28

Neither do I. :slight_smile:

29

I’ve just installed it on a computer with WinXP and Avast Free without any third-party anti-spyware. Everything is OK. I’ll try to install it again at my home notebook with Vista SP2, Avast Free and SpywareTerminator 2012. I’ll do it just to send you the logs.

30

I just saw a very interesting effect on the WinXP machine I have mentioned above. I was asked to have a look on a file from a USB stick. So, I inserted the stick and MCShield prompted that it was checking it. Soon I was prompted that some malware were detected and moved to the program’s quarantine folder. But as soon as the malware files appeared there, Avast signaled that it detected malware in the folder and moved them to its own chest!

31

Not so much an interesting effect, just normal as when new files are created they will be scanned by the file system shield, if they are detected then they will be actioned as per your settings.

Whilst the files are in the USB they are inert, when run they would be scanned or in this case moved/copied to the hard disk it is a newly created file which would get scanned (depending on file type).

32

I find it interesting because it was totally unexpected. It means that MCShield’s quarantine folder occurs not to be safe for keeping removed malware.

33

Safe is a different interpretation, since any quarantine isn’t the location that the file would be if it were sent from the USB to the hard drive any command to run it wouldn’t know where it was (e.g. the quarantine location), so the risk is limited.

Yes it would be preferable if it encrypted the data and protected the folder, but that would require that the program be more active than just when you plug a USB in.

It isn’t that strange when there are many security programs that done even encrypt their virus signatures just waiting for avast to detect them ;D

34

What do you mean? Can the malware be automatically executed when moved into the quarantine?

35

@iroc9555
Yes, thats officijal. :wink:
http://amf.mycity.rs/mcshield
(you may read about us)

Or…
Softpedija - Mirror download link

PS: McShield.exe is McAfee related. :slight_smile:

@George Yves

Thank you very much for that. :wink:

@All

Files in Quarantine are completely harmless and they are not executable.

If you have any questions or concerns, be free to ask:

mcshield.support[at]gmail.com

There are many articles by others that have been written about MCShield. Some are on our language as well as English.
I currently have this link in hand:
http://www.insightsintechnology.com/2012/03/mcshield-2-shields-pc-from-usb.html

Just for records ;D

MCShield where tested on huge number of malware and worms ( even the latest one ).
Not only on our labolatory or on some virtual machines, we do in practice (schools, copy photo shops and similar institutions where the high frequency of use USB Memory drives.
We test and compare MCShield with Panda and USB Security and MCS hase convincingly beat known competition.
And its freewere.

PS: Question for all of you guys if you dont mind. :slight_smile:

Could it be someone in a mood to translate MCShield into another language?
Currently, MCShield has been translated into three languages:
English; Serbian; Polski.

Translation is easy, and if maybe someone are in the mood just let me know to PP.
Anyone who is willing to do so, will be hung a nickname ( or full name ) in the MCShield > Abaut > Credits ( of course if you want to )

Thanks for review :wink:

36

???
http://amf.mycity.rs/mcshield/about.html
Where are you seeing evidence for this affirmation?

37

Or you did not understand me or I was not clear enough.

McShield.exe ( %Program Files%\McAfee ) is McAfee related.
MCShieldRTM.exe [MC- aka MyCity] ( %Program Files%\MCShield) is MCShield Anti Malware tool related.

38

When an anti-malware program moves something into its quarantine folder, I expect that no other anti-malware program will find them dangerous. But as I have said above, Avast detected files in MCShield’s quarantine as threats and moved them into its own chest. So, if Avast found already quarantined items as threats, I supposed that MCShield’s quarantine folder is not safe.

39

Well, I didn’t find the logs in the program’s folder. Maybe it’s because I have Vista SP2, not XP. I found them in C:\ProgramData\MCShield. The files were empty: there were only their names inside them - >>> MCShield AllScans.txt <<< and >>> MCShield Summary.txt <<<.

If you need, I have dumps from the latest crashes. For every crash Windows created a set of files: AppCompat.txt, Version.txt, memory.hdmp and minidump.mdmp.

40

I just created a bootable USB drive and forgot to take it out of the computer.
When I rebooted, MCShield changed some of the files to make booting impossible…
(not a good moove. :frowning: )