ETrust definition build 30.3.3054 nuking Windows Server 2003

ETrust is misdetecting lsass.exe as Win32/Lassrv.B, leaving servers unbootable.

Instructions on how to recover lsass.exe and get your server going again, and how to stop Etrust from immediately re-deleting lsass.exe can be found here:

http://supportconnect.ca.com/sc/kb/techdetail.jsp?searchID=TEC405236&docid=405236&bypass=yes&fromscreen=kbresults

I really do wonder, sometimes, how much testing happens before definition builds are released - "server down" is a seriously bad event.

Note: The SBS team have also posted about this problem on their official blog:
http://blogs.technet.com/sbs/archive/2006/09/01/453504.aspx

When you restart Windows Server 2003, the computer may display a gray screen or may appear to stop responding:
http://support.microsoft.com/?kbid=924995

Edit 10 September - more important info:
http://blogs.technet.com/edwalt/archive/2006/09/07/454647.aspx

Published Sat, Sep 2 2006 0:37 by sandi

Comments

# re: ETrust definition build 30.3.3054 nuking Windows Server 2003

Sunday, September 03, 2006 11:42 AM by Neil

We suffered from this and as it displayed the same symptoms as sasser/blaster it took a while to get to the bottom of it. Eventually on a call to Microsoft the engineer asked me what AV I was using and immediately knew the problem was caused by CA, so obviously they had dealt with a few calls. 4 hours in total to work out what was wrong and fix it, who in CA should I send the bill to?

# re: ETrust definition build 30.3.3054 nuking Windows Server 2003

Monday, September 04, 2006 10:47 PM by Don B

Yes who will pay for the support time, we had 3 servers go total support time > 12 hours. We also found out from Microsoft, CA where very quiet and didn't say much on their web site.

Spyware Sucks

Blog Recent Posts

Syndication

Search

News

Blog Archive List

Tag Cloud