DAT 595 – Faulty McAfee Anti-virus update disables computers

A recent automated update to McAfee Anti-virus software caused the software to mistaken detect a key Windows system program as malicious and move it out of its proper location to a McAfee anti-virus quarantine. Due to the critical nature of the quarantined system program, ‘svchost.com’, affected computers failed to start correctly and were sent into a rebooting loop.

According to Microsoft, the affected file ‘is a generic host process name for services that run from dynamic-link libraries’.

McAfee responded to the problem by withdrawing the definition update and later releasing a clean one. The security giant also published advice on how to manually fix affected computers. The influx of interested parties trying to look up this advice through McAfee’s forum caused the site to become unavailable for a short time on Wednesday evening.

Source: The Register

McAfee had the following to say on the matter.

McAfee is aware that a number of customers have incurred a false positive error due to this release. Corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, were not affected.
Our initial investigation indicates that the error can result in moderate to significant issues on systems running Windows XP Service Pack 3.

The faulty update was quickly removed from all McAfee download servers, preventing any further impact on customers. We are not aware of significant impact on consumers.

We recommend the use of ESET Anti-virus products including NOD32 Anti-virus and the Smart Security Suite. If you are interested in a secure, reliable anti-virus and computer security solution for you business, please feel free to contact us for more information.