RE: McAfee Antivirus Tool Blocks Internet Access

[InfoSec News <isn () c4i org>]

Forwarded from: Marc Maiffret <marc () eeye com>
Cc: dennis_fisher () ziffdavis com

McAfee is also identifying our free rpc scanner tool as an
exploit/trojan because they are looking for the RPC negotiation
packets and not for attack data specifically. Therefore keeping
administrators from being able to use the tool to secure their
networks.

It is great that companies that profit off of worms and viruses can
use their "solution" to keep administrators from using tools to
protect their network from worms and viruses.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
 

| -----Original Message-----
| From: owner-isn () attrition org [mailto:owner-isn () attrition org]On Behalf
| Of InfoSec News
| Sent: Thursday, August 07, 2003 11:00 PM
| To: isn () attrition org
| Subject: [ISN] McAfee Antivirus Tool Blocks Internet Access
|
|
| http://www.eweek.com/article2/0,3959,1212162,00.asp
|
| By Dennis Fisher
| August 6, 2003
|
| Some Network Associates Inc. customers are up in arms over an update
| for one of the company's antivirus products that is preventing them
| from accessing the Internet.
|
| The problem is caused by an update for McAfee VirusScan Professional
| 7.0, the company's flagship enterprise antivirus application. When
| update 7.03 is installed on some machines running Windows 2000 or
| Windows XP, it prevents the PCs from connecting to the Internet after
| the suggested reboot. The problem seems to be affecting customers who
| upgraded from 7.02 to 7.03.
|
| McAfee has pulled the update from its download servers and is
| performing quality checks on it, according to information on the
| company's Web site, but has not provided customers with any
| instructions on how to fix affected machines.
|
| "I am so angry with these people it's palpable. I write software and
| cannot believe they released a patch before thoroughly testing it,"
| said Michael Shohoney, a VirusScan user who said his PC was down for
| more than six hours before he was able to restore the Internet
| connection.
|
| A spokeswoman at NAI, based in Santa Clara, Calif., said she was
| unaware of the problem and would look into it.
|
| Some users report that uninstalling the troublesome patch and
| reverting to the last known good version of VirusScan restores their
| Internet connectivity. However, others say this hasn't worked for
| them.
|
| A McAfee technical support representative writing in the site's help
| forums said that the company believes the problem lies in a DLL that
| controls the Hostile Activity Watch Kernel (HAWK), a feature that
| looks for malicious and "virus-like" behavior.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.