McAfee's on-demand Stinger ADDS a new bit of real-time baggage

McAfee Stinger is (or was) a stand-alone, on-demand AV scanner. Nothing ran in real-time, which is the way I like it. However, a recent change to the Stinger has added a real-time component called "Real Protect" which is described by McAfee's site as follows:

If you use Stinger, Real Protect will run in the background, always on, even when Stinger's on-demand scanner itself is not being used. Some folks might like this feature. I don't.

QUESTION: Does anyone know if Real Protect is worth its salt?

 

Thanks JR. I missed that page when I researched Stinger.

 

i found it quite effective in my short test

 

Interesting. How is the realtime component on resource usage?

 

McAfee is light these days

 

Tempted to try this, but it defaults to the 32bit version when downloading. And there are two different versions of 64bit. What is ePO?

 

The "x64" version of Stinger is the one with Real Protect. ePO version of Stinger lacks Real Protect.

 

Thanks. I am on the fence on whether I will try it or not.

 

This caused me a weird file locking issue. I would try to open an Excel file, and would get a message it was in use by another program. Did not have this issue prior, and seemed to go away when I ended the McAfee process.

 

My tech support guy seems very impressed with Real Protect -- McAfee Stinger's real-time behavior monitor. Therefore, I decided to give McAfee's Stinger (on-demand scanner) PLUS McAfee's Real Protect (real-time) a 2 to 3 week try on my desktop computer.

 

Hi guys, anyone knows if this auto updates or do we need to download manually?
I mean, it runs real time after all...

/E

 

"McAfee Stinger is a standalone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but a specialized tool to assist administrators and users when dealing with infected system."

 

This is correct, but ONLY with respect to Stinger's on-demand scanner. As stated in my post #1, the Real Protect component of Stinger runs in real-time, all the time. The Real Protect component is not doing the on-demand signature-based scans referred to by the quoted portion of anon's #15 post. Instead, Real Protect is a recently added component, still in beta, and is monitoring for malicious & suspicious behavior.

IMO, Esse's question (post #14) is concerned with Real Protect and not the on-demand Stinger component.

I did an on-demand scan with Stinger a few days ago & the Real Protect component is still running today, real-time. Every time I run Stinger's on-demand component, it calls home to check for an update. Therefore, in answer to Esse's question, the only time Real Protect updates is when the on-demand scanner is used. It does not auto update.

 

Any of the weird file locking issues I was having?

 

No, she runs fine for me. No file locking whatsoever. Although I don't run Excel, I can't imagine why an antivirus would cause a lock in a spreadsheet program.

Sorry for your problems.

 

I don't know anything about McAfee Stinger, but I do run this one from McAfee, occasionally.

 

When I first ran the run-from-anywhere (aka "portable" but for its stinger.opt file) stinger64.exe, it silently installed RealProtect.exe in its C:\Program Files path and dropped it onto the system tray. There is no GUI. One can exit Real Protect and run it again without using Stinger at all.



Having interest only in Real Protect, I don't run the Stinger scan and just close it. I don't open it again unless I find a newer version (12.1.0.3116 yesterday) in the hunt for a newer Real Protect. There's a new Stinger every few days.

But RealProtect.exe has remained at 1.1.0.5176 (Beta), build date Mar 5.

I haven't had any problems with it.

It maintains a persistent port 443 connection, for me, to an Amazon AWS server in Oregon although when opening apps it makes connections to other AWS servers as well as Akamai and MCI servers, some on port 80.

Real Protect maintains db files, usually time stamped within the last 15 or so minutes. The db files are but a few KBs and dscache.db is the one that updates more often and also has a journal file that comes and goes.

I haven't found anywhere where the Real Protect executable version can be updated or checked for the latest other than to keep an eye on the next Stinger.exe update, download it, run it and check on the Real Protect version. I located a RealProtect.exe buried in their download center, but it's version 1.0.0.0 from Oct 2016.

The jury is still out. But a reliable companion real-time cloud-centric behavioral detection tool is advantageous and long overdue. I hope it rolls out of beta soon.

 

@Surt -- Good info. Thanks muchly for that.

Me, too. I also hope that, once it rolls out, it remains a companion to Stinger instead of being subsumed.

P.S. I like the quote in your signature.

 

How many malware are in the list?

 

I went about half-way down Stinger's threat list & got tired of counting. Based on what I counted, I estimate the list has ~2700 threats. It is customizable...

Other info re Stinger's scans:

NOTE: I use Stinger, on-demand, from time to time but HMP (HitmanPro) is my main on-demand scanner. I use HMP daily.

 

Thank you bellgamin.
I was expecting that very limited detection number which confirms what it is written in McAfee's webpage =
"McAfee Stinger is a standalone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but a specialized tool to assist administrators and users when dealing with infected system."

 

Yes, many "2nd opinion" security apps make similar caveats. Otherwise, who would buy their non-free products?

However, the (sig-based) threat list isn't all that Stinger employs when scanning. Please notice that Stinger also employs in-the-cloud GTI plus heuristics plus Real Protect's behavior monitor.

I do not use any real-time AV because I image often. Instead I use 3 on-demand scanners from time to time (Hitman, Housecall, & Stinger). My only persistent real-time security is OSArmor, MBAE, and a Firewall/HIPS. It works for me -- a separate HD with 2-3 months of prior clean images is THE best security, IMO. Moreover, my aging laptop is as peppy as the day I bought it, 7 years ago.

Bottom line, I find Stinger + Real Protect to be a valuable adjunct to almost any layered security set-up. It's free, with ~zero system impact, & nicely maintained by McAfee so ... why buy a cow when milk is so cheap?