Product Coverage and Mitigation for ICSA-14-178-01 (Havex/ICS-Focused Malware)

McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS’s) are listed below.

The Havex remote access tool is common across these associated attacks or campaigns–including Dragonfly. We have seen Havex in ICS-specific targeted campaigns. It can detect and affect ICS- and SCADA-specific services, such as OPCServer (OLE for Process Control).

McAfee Product Coverage and Mitigation

  • McAfee VirusScan (AV):  Known, associated, malware samples are covered by the current DAT set (7486).   Updated coverage will be included in the July 2 DAT set
  • McAfee Web Gateway (AV): Same as VirusScan coverage.
  • McAfee Application Control: Provides coverage via whitelisting.  Nonconforming executables will not run.


Please check back often for updated technical details and product coverage.



2 comments on “Product Coverage and Mitigation for ICSA-14-178-01 (Havex/ICS-Focused Malware)

  • Bill Hayes says:

    What are the VSE signature names for ICSA-14-178-01 related malware? These are not readily apparent in the signatures listed for DAT file set 7486,.

  • Is there, or is it planned to be released any IPS signature for Mcafee AFW?

    Best regards
    Ricardo Meireles


Leave a Comment

17 − two =