Broken McAfee DAT update cripples Windows workstations

[jalaffa]

McAfee pushed out a virus definition update, 5958, at 06:00 PDT that causes false positive identification of the critical Windows system file svchost.exe. Machines running Windows XP Service Pack 3 using the 5958 definitions will delete the file, causing many key Windows services to fail to start. The Windows file is being mistakenly detected as W32/wecorl.a. Failure to start svchost.exe causes Windows to automatically reboot, hindering repair efforts.

At the time of writing, McAfee's support forum appears to have either gone offline or collapsed under the load, making threads about the issue (edit: accessible now) inaccessbile. Before going offline, the company advised the following measures:

1. Boot the system into safe mode

2. Drop the attached extra.dat in c:/program files/common files/mcafee/engine

3. Reboot into normal mode

Rebooting into Windows normal mode type “shutdown /a” in the run line this aborts the automatic shutdown.

This will allow them to apply the exclusion.

The shutdown command must be run as an Administrator; regular users aren't able to abort shutdowns in progress.

The broken DAT should now be purged from the McAfee's distribution network (Akamai expected the purge to be completed by 09:45 PDT), and an updated version, 5959, was made available at around 10:15 PDT. This updated version is identical to 5958, with the problem definition removed.

At this point, anyone who hasn't been bitten by the problem should be safe. That may be little consolation to the estimated tens of thousands of computers damaged already. With unconfirmed reports that big customers like Intel have been hit by the problem, that number is set to grow.

View: Original Article

[Hottwire]

Silly Mcafee

[CODYQX4]

And this is why I chose NIS with trial reset over McAfee Enterprise 8 provided free by my college. Buggy, crappy reputation, and NIS never bricked my PC, I know lot of people screwed over by this, its widespread actually.

[nooooooooo]

McAfee has always sucked.

[LeetPirate]

McAfee has always sucked.

Correct! :rolleyes:

[HX1]

:lmao: ... God forbid I speak too soon with all of the problems from ESET updates lately.. but yes its funny because I despise McFAIL so much.. ripping it on out.. I mean really they must have some binding contract that was drawn up years ago to still be distributed with PC's.. :rolleyes:

[nooooooooo]

I haven't had any problems with Eset recently.

[HX1]

Everyone...here that uses the evaluation servers were experiencing update issues since Friday of last week..

[Night Owl]

Didn't McAfee have another problem similar to this just within the past few months or so? :fear:

[donizme]

And this is why I chose NIS with trial reset over McAfee Enterprise 8 provided free by my college. Buggy, crappy reputation, and NIS never bricked my PC, I know lot of people screwed over by this, its widespread actually.

This.

Very widespread it's big news in UK too. McAfee must have have upgraded their testing of patches to newer OS's. Windows XP should be given priority for their corporate customers since it's still the most used OS.

[chlorophyll]

i know already that this going to happen one day.i was totally against this fcuking mcafee(fcukafee) :lol:

[DKT27]

McAfee apologizes for antivirus update disaster

It's been a rough week for McAfee, but an even rougher one for many of its customers.

Acknowledging the chaos it caused by pushing out a buggy antivirus update on Wednesday, McAfee apologized to its customers in the form of a late-night blog on Thursday.

Barry McPherson, executive vice president of support and customer service, issued the apology on behalf of McAfee, saying the company was sorry for the headaches it caused for so many customers.

At 6 a.m. PDT Wednesday, the company released a faulty update to its antivirus software that hosed computers running Windows XP with Service Pack 3. The update, a DAT file, misidentified a key Windows file called svchost.exe as a virus, causing PCs to crash or keep rebooting. The problem affected customers worldwide, including chipmaker Intel, Rhode Island hospitals, Kentucky police, University of Michigan's medical school, and an Australian supermarket chain

In response, McAfee staffers have been working around the clock to help customers get their systems back online, McPherson said. The company believes most impacted PCs are back up.

He also detailed the fix that McAfee quickly patched together for early Thursday morning. The SuperDAT Remediation Tool stifles the updated driver that creates the false positive and then restores the svchost.exe file. McAfee said support reps are available for anyone who needs further help.

How did this problem occur in the first place? The short answer: poor testing. McAfee recently changed its quality assurance process, leading to the buggy DAT file to get past the test environment and onto the PCs of customers, MacPherson said.

To help ensure this doesn't happen again, McAfee will add new QA steps to address any update that directly affects crucial Windows system files. McPherson also said the company will beef up its Artemis system, which provides users with cloud-based virus identification, to include a more comprehensive list of Windows system files to leave alone.

McPherson closed his blog with another apology. "Again, on behalf of McAfee, I'm very sorry for how you may have been impacted by the faulty DAT file update and thank you for your continued support and cooperation as we work to remediate the situation," he said.

Will the apology and fix be enough to soothe angry customers? Based on some of the comments to the Thursday-night blog and to another McPherson blog on Wednesday, that may not be so easy.

Among the more than 100 comments to the Wednesday blog, a large number vented about lost hours of business and productivity and a lack of confidence in McAfee. Many also disparaged a company claim that the problem affected only a small number of customers.

There were only a few comments to the Thursday blog at press time, but a couple made their frustration clear.

"First of all let me say I am glad we have switched nearly 75 percent of our clients away from your product prior to this happening," wrote one commenter. "I can't imagine the chaos if we hadn't. It was chaos enough for us running all over town and billing our clients for a software glitch on a program that we recommended to them."

Wrote another: "If you expect customers to buy your product you...better make sure what you release is as solid as a rock. You shouldn't be on the list of risky software downloads!"

Source: CNET

[Night Owl]

How did this problem occur in the first place? The short answer: poor testing. McAfee recently changed its quality assurance process, leading to the buggy DAT file to get past the test environment and onto the PCs of customers, MacPherson said.

The executive vice president of support and customer service openly admitted that. Wow. He and other people high up in the company should be fired for that negligence.