windows/shell/reverse_tcp detected by McAfee Ent 8
I have recently found that McAfee Enterprise 8 detects the MSF binary payload windows/shell/reverse_tcp (being the skinny version of windows/shell_reverse_tcp). It also does not matter if you encode it with the excellent shikata_ga_nai encoder with as many iterations as you like it still finds it. McAfee doesn't report the payload correctly but enough to delete the file (if that's the McAfee policy). :mad:
Does anyone have any ideas or suggestions using the MSF framework to counter this detection other than using an external payload encrypter or a handcrafted XOR stub?