Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

mcafee DAT 5958 false positive

  • 22-04-2010 11:27am
    #1
    LoLth
    Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭


    updates to McAfee yesterday caused SVCHOST.exe to be detected as infected with wercoil.a

    http://isc.sans.org/diary.html?storyid=8656

    yay! macafee have released an updated DAT file 5959 which corrects this issue.


Comments

  • #2
    Ash.J.Williams
    Registered Users, Registered Users 2 Posts: 21,874 ✭✭✭✭Ash.J.Williams


    LoLth wrote: »
    updates to McAfee yesterday caused SVCHOST.exe to be detected as infected with wercoil.a

    http://isc.sans.org/diary.html?storyid=8656

    yay! macafee have released an updated DAT file 5959 which corrects this issue.
    Indeed, Had 4 pc's effected today. Obtained the correct DAT and replace svchost with a clean one from another pc, or from C:\windows\servicepackfiles....major inconvenience.


  • #3
    LoLth
    Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    restoring the affected file from quarantine also works (assuming you can get the thing to boot)


  • #4
    LoGiE
    Moderators, Computer Games Moderators Posts: 2,976 Mod ✭✭✭✭LoGiE


    Not fun when 300 pc's get bricked with there nics disappearing.... I just hope some of the people in their test lab are clearing there desks this morning.


  • #5
    ICN
    Registered Users, Registered Users 2 Posts: 1,214 ✭✭✭ICN


    Pain in the Hole.


    My Windows XP Laptop is now running with a Windows 2000 theme.

    Nothing opens up / works in general - yada yada yada..

    I had all that NT stuff & shutting down etc.. only to be replaced by that. Great.

    Read a few comments on their w.site. A Guy handing in all his final stuff for college had his PC nuked & he's obviously stressing out a little now..

    McAfee's "apology" was / is a joke..

    http://siblog.mcafee.com/support/mcafee-response-on-current-false-positive-issue/


    Just love McAfee :rolleyes:

    Definitely changing over to something else now after this.


    Any recommendations?


  • #6
    ICN
    Registered Users, Registered Users 2 Posts: 1,214 ✭✭✭ICN


    Back up & running now after about 10mins.

    Wasnt too bad in the end - but my heart goes out to anyone who doesnt know how to fix a computer by themselves.

    Bet theres a load of confused oldies around the country tonight with PC's from Harvey Norman & PC world that dont know WTF is going on.. except that its one more reason to hate technology.


  • Advertisement
  • #7
    LoLth
    Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    Yep, its a good point on the oldies but it applies to almost everyone.

    There have been a few of these "dodgy" AV updates recently and a lot more than there were say 5 years ago. Add to that the AVG linkscanner blocking innocent links before you even clicked on them and in doing so registerign your IP as having made a page impression ("so you're saying that I *did* visit the KKK website? when?"

    It brings to light the whole issue of trusting a third party and also raises the issue of having time to test new rollouts vs responding in a timely manner. Up to now I would think that the majority of IT departments would have trusted that companies like McAfee do thorough testing and only do a cursory check , if any, to make sure the update goes accordign to plan. I wonder how many security policies are being changed now to add a delay to the general rollout of new DAT files to give a test machine time not to implode.


Advertisement