Security → Re: Buffer Overflow blocked by AV, what should I do?

All I want to wish to know, is that when McAfee AV pops up a message that a Buffer Overflow has been blocked, then what should I do? I just want to compare the actions of a worm, trojan or virus and this is the way I usually do it:

* Disconnect the LAN cable
*Try cleaning or deleting the infected file with AV
*If that cleaning or deleting fails, then reformat the drive, or restore the OS image.

But I want to know if this can be done with a Buffer Overflow infection. But even though the AV has blocked it, is there any way to find out if it survived the restore of my OS image?

Thats all I want to know at this point.

Can a Buffer Overflow survive a clean restore of an OS image or am I safe since McAfee has blocked it?

I dont know, but this may be a "bug" in McAfee (the latest version), because I never had this from the older versions before.

Thanks.

I have not used a McAfee product in years, but in general when a security application tells me that it has detected something and that it "has been blocked", I assume that it indeed "has been blocked" (unless I see some indications that say otherwise).

Do you worry about your firewall reporting that unwanted incoming traffic "has been blocked", or are you just happy that it "has been blocked"?

If the image is from before the detection, no, it will not have any affect on the image you restore from.

You could discuss if it has affected the MBR records, and whether the image you have includes MBR records or just the partition image, but as mentioned - it was blocked. Either as a real detection or a false positive. As IE and ntdll were mentioned, I'd be more worried about a false positive and file corruption before your concerns of the detection of malware. It can be just as dangerous to system integrity.