McAfee DAT 5664 - False Positives may affect Compaq/HP drivers - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

McAfee DAT 5664 - False Positives may affect Compaq/HP drivers

UPDATES on ISSUES as of 7/6/2009 -- The specific issue centers around an expired engine file 5100 is present on an older version of corporate McAfee (VS 8.0). While DATs previously worked on these expired products, the engine was 18 months past end-of-life. As a result, some very serious false positives emerged which deleted device drivers or critical Windows Files creating BSODs on servers/PCs. McAfee has resolved this issue for now with DAT 5666 or higher. Corporations should ensure they are always on the latest engines, DATs, and product versions to avoid false positives and ensure the best protection possible.

Star MORE ON THIS ISSUE
https://kc.mcafee.com/corporate/index?page=content&id=KB66225

1. McAfee corrected the false positives with DAT 5666 even with the expired engine issue

2. A better solution is that users should upgrade to engine 5300 as engine 5100 has expired.

* * *

For McAfee users, I'm sure also AVERT Labs is correcting this issue. Still, it's worthwhile to monitor developments, as I'm staying on DAT 5663 on my corporate PC until this issue is resolved.

McAfee DAT 5664 - False Positives may affect Compaq/HP drivers
http://community.mcafee.com/showthread.php?t=231901
http://www.theregister.co.uk/2009/07/03/mcafee_false_positive_glitch/

QUOTE: IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded blue screen of death. Details are still coming in, but forums here and here show that it's affecting McAfee customers in Germany, Italy, and elsewhere. A UK-based Reg reader, who asked to remain anonymous because he was not authorized by his employer to speak to the press, said the glitch simultaneously leveled half of a customer's 140 machines after they updated the latest virus signature file.

Based on anecdotes, the glitch appears to be caused when older VirusScan engines install DAT 5664, which McAfee seems to have pushed out in the past 24 hours. Affected systems then begin identifying a wide variety of legitimate - and frequently crucial - system files as malware. Files belonging to Microsoft Internet Explorer, drivers for Compaq computers, and even the McAfee-associated McScript.exe were being identified as a trojan called PWS!hv.aq, according to the posts and interviews.

Posted: Jul 04 2009, 11:01 AM by Harry Waldron | with no comments |

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.