Educause Security Discussion mailing list archives
Re: errant McAfee DAT update causing widespread issues on WinXP comput
From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Wed, 21 Apr 2010 15:02:39 -0400
Thanks for sharing Alex, (Related info) I'm attaching a screenshot sent to \me yesterday wherein Mcafee was detecting Deef Freeze as a virus. (This seemed to be only on new installations. The lab manager called the vendor (Faronics) and they read of the filename (00139138.EXE) and said they knew of the issue and Mcafee was working on a patch. I exempted the filename (not the path) since it was apparently always the same and that fixed the problem. However, I was just forwarded a voicemail a few minutes ago from Faronics saying that McAfee released an update to fix this issue and to update signatures to fix the issue. Perhaps it was the same definition as the one you mentioned. Not sure. It does not say which dat version was affected so I apologize for not including here. Thanks, Dexter alkeller () sfsu edu writes:
for those of you running McAfee Virusscan it would appear that an errant DAT update is causing serious issues for a large number of computers running WinXP SP3. [ http://isc.sans.org/ ]http://isc.sans.org/ [ http://abcnews.go.com/Technology/wireStory?id=10437730 ]http://abcnews.go.com/Technology/wireStory?id=10437730 more info from McAfee below. McAfee's websites are extremely slow right now. best, alex --------------------------- UPDATE McAfee is aware that a number of corporate customers have incurred a false positive error due to incorrect malware alerts. Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3. The 5958 DAT has been removed from McAfee download servers, preventing any further impact to corporate customers. McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. You can view information at [ https://kc.mcafee.com/corporate/index?elq_mid=2362&elq_cid=118534&page=content&id=KB68780 ]https://kc.mcafee.com/corporate/index?elq_mid=2362&elq_cid=118534&page=content&id=KB68780 (NOTE: system is currently slow) or the McAfee Community at [ http://community.mcafee.com/docs/DOC-1374/ ]http://community.mcafee.com/docs/DOC-1374/ <[ http://community.mcafee.com/docs/DOC-1374/?elq_mid=2362&elq_cid=118534 ]http://community.mcafee.com/docs/DOC-1374/?elq_mid=2362&elq_cid=118534> We will notify you of an emergency update when available, or in 90 minutes. ORIGINAL EMAIL (11:06am US/CDT) McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file April 21 at � 2:00pm (GMT +1). McAfee advises NOT to download this DAT. Please disable pull tasks and update tasks. � Information updates will be sent every 90 minutes to keep you advised. -- Alex Keller Systems Administrator Academic Technology, San Francisco State University Office: Burk Hall 153 Phone: (415)338-6117 Email: [ mailto:alkeller () sfsu edu ]alkeller () sfsu edu
Current thread:
- Re: errant McAfee DAT update causing widespread issues on WinXP comput Dexter Caldwell (Apr 21)