Educause Security Discussion mailing list archives
Re: Fwd: ATTN: McAfee DAT 4715 problem - deleting .exe files
From: "Jones, Gary" <gjones () CALSTATE EDU>
Date: Sun, 12 Mar 2006 14:25:52 -0800
A problem has been uncovered with McAfee AV and DAT 4715
McAfee confirms the problem here: http://vil.nai.com/vil/content/v_138884.htm -----Original Message----- From: Mark Wilson [mailto:wilsodm () AUBURN EDU] Sent: Saturday, March 11, 2006 6:19 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fwd: ATTN: McAfee DAT 4715 problem - deleting .exe files More info: A problem has been uncovered with McAfee AV and DAT 4715. Immediate attention is required. This is what we know: 1) DAT file 4715 is bad. It finds false positives for the W95/CTX virus in a number of OS and 3rd party files. The problem is when the system is scanned, .exe files will be deleted. Examples include but are not limited to: usersid.exe - Windows XP file imjpinst.exe - Windows XP file ecenter.exe - Dell file ntfstype.exe - Utility adobeupdatemanager.exe - Adobe Update Manager gtb2k1033.exe - Google Toolbar Installer 43gcjvgahnu44.ths - Macromedia Flash Player 7.0 r19 excel.exe - Microsoft Excel graph.exe - Microsoft Excel 2) If your machine has DAT file 4716 on it, then future scans should be okay, but it's still important to check your scan log to see if your machine ran a scan with 4715, and to see if any files were deleted. If files were deleted, they will need to be restored. 3) An EPO process has been started to push 4716 out to all machines on campus. This seems to have gone fairly quickly, but it won't touch home machines, and even if a machine has 4716 on it, there is the possibility that a scan of the machine has already taken place using 4715. Users/Administrators should check their scan log. 4) There doesn't appear to be a way to keep scans from happening through EPO or AD.
wilsodm () auburn edu 3/11/2006 8:04:39 AM >>>
We have just uncovered a problem with McAfee DAT 4715. Apparently, when a system is scanned, .exe files are deleted. It appears to be 3rd party software and no O/S files, but we are not certain. Servers and Desktops may be affected. It is advisable that you check your systems ASAP for DAT 4715 and update to DAT 4716 IMMEDIATELY. If systems have already been scanned with 4715, there could be .exe files deleted. This is all we know at the moment. Mark Wilson GCIA, CISSP #53153 Network Security Specialist Auburn University (334) 844-9347
Current thread:
- Fwd: ATTN: McAfee DAT 4715 problem - deleting .exe files Mark Wilson (Mar 11)
- <Possible follow-ups>
- Re: Fwd: ATTN: McAfee DAT 4715 problem - deleting .exe files Mark Wilson (Mar 11)
- Re: Fwd: ATTN: McAfee DAT 4715 problem - deleting .exe files Jones, Gary (Mar 12)
- Re: Fwd: ATTN: McAfee DAT 4715 problem - deleting .exe files Yung Ng (Mar 14)
- Re: Fwd: ATTN: McAfee DAT 4715 problem - deleting .exe files Yung Ng (Mar 14)