Discussion in 'other anti-virus software' started by stapp, Apr 21, 2010.
Some info here
here the solution for those who were affected by this FP:
plz avoid downplays like "they just need to restore the affected files from quarantine..."
That page never seems to load IBK.
Does it for you?
Yes, but its slow (I copied it, see below). Probably too many users loading it right now (on another mcafee subsite I get the message:
Site Undergoing Maintenance
This site is currently down, but will be back shortly.
Please wait a few minutes, and try doing whatever it was that you were doing again.
Thank you for taking the trouble to copy and paste the details, it may help a McAfee user here who reads it here.
Being a former McAfee user, this doesn't surprise me.
Just one of those broken DATs. This time with more impact than usual.
If memory serves me correctly, this isn't the first time something major like this has happened with a McAfee update.
How is the average person expected to cope with this, and command prompts etc ? Or is this just a corporate AV fiasco ?
If it's not just corporate, then a heck of a lot of people will be screwed, with no easy way out. Glad i don't know anyone with McAfee, otherwise my phone would be red hot.
McAfee response: http://siblog.mcafee.com/support/mcafee-response-on-current-false-positive-issue/
It's in the TV news here in Ontario, Canada Constant reboots they say!
McAfee deleting the SVCHOST.EXE file from the SYSTEM32 directory.
not good at all
I was to post about the same theme:
My corporation was affected by this. Lets just say its been a long day fixing the thousand users affected in our company. No way to auto deploy fix as svchost.exe corruption prevents network access. The fix isn't so bad as you can boot up into PE usb drive and copy over a healthy svchost.exe and extra.dat in appropriate location, restart machine and its good to go. Problem is when it affects thousands of users in big corporations or not as computer knowledgeable users. That being said...I was never a big fan of McAfee and now even more so.
Safe mode doesn't always work to copy over the needed files. That's why I recommend booting up with a BartPE/WinXPPE/ubcd4win cd or usb drive.
Where are the posters who said programs with less FP's are less effective?
owned in the face.
This is a very interesting article: http://isc.sans.org/diary.html?n&storyid=8671
Exactly. FP's are a VERY big deal.
Agree completely. There are a lot of so call "security consultants" or "security experts" here that claim that they rather have an FP than have a missed detection. Frankly I dont know what they are smoking, because in the real-world FPs do matter. They affect business much more than your average missed rogueAV.
McAfee false positives bricks enterprise PCs worldwide
More at above Link
Things go from bad to worse as McAfee probes why
"The remediation passed our quality testing ..."
Trojan/Rouge try to keep your machine running to steal, FPs try to kill it ASAP.
This would be a good time for competitors to provide "switch offers". Eset looks attractive esp. with their buyout clause.
What is the purpose of this alert?
Microsoft has been made aware of an issue with a McAfee DAT file update - released Wednesday, April 21, 2010 - that has been causing stability issues on Windows XP client systems. The symptom is caused by a false-positive detection on a core Windows file (svchost.exe). Once the file is quarantined by McAfee, the system may encounter one of the following symptoms:
· The computer shuts down when a DCOM error or a RPC error occurs
· The computer continues to run without network connectivity.
· The computer triggers a Bugcheck (Blue Screen).
The DAT file version that that caused the problem is McAfee DAT 5958. This file was propagated to client machines that conduct automatic updates of definition files. McAfee updated the DAT file soon after the problem was identified with a new version that does not cause the problem.
Latest updated article
McAfee can by this situation lose a lot of their previous clients. But problems like that happend before and will happen in the future. Everyone big company is exposed for trouble like that.
It all depends on the kind of false positives (Windows system files ?) and how the AV handles it.
In my case, Avira will prompt me before doing anything.
I always worry about this happening. I have McAfee but I'm using Vista. Knowing my luck, if I switch to another AV it will do something like this!
Separate names with a comma.