Just to clarify for everyone, what happened was the following: Customers running a scan with definition versions 6272, 6273 or 6274 would often experience extremely high CPU usage when running a scan.
This became apparent when agents started running scans, in most cases at 1 AM EDT (the default time). If an agent didn't run a scan, nothing happened. The issue started with definition 6272, released yesterday evening. The issue was caused by a virus detection (Virus.VBS.Redlof.f) that caused a loop condition when hitting a file of a certain type and size. This problem was fixed in definitions version 6275, which was released at 10:30 am EDT this morning. As the KB below explains, getting out of this loop state required killing the service, or shutting down VIPRE. http://support.sunbeltsoftware.com/Default.aspx?answerid=2015 Yes, it sucks. The only positive thing I can look at is that a number of systems kicked in internally that were not there in the past and we were able to fix the problem in a few minutes and release defs once our engineers diagnosed the problem. And yes, we do test each definition that go out. The problem with this one was that the loop condition kicks in on a file of a certain size that is not in our test bed. We are expanding our test-bed and seeing what else we can do to mitigate this type of thing from happening again. Alex Alex Eckelberry, CEO Sunbelt Software 33 N. Garden Avenue, Clearwater, FL 33755 p: 727-562-0101 x220 e: a...@sunbeltsoftware.com MSN: alex...@hotmail.com w: www.sunbeltsoftware.com b: www.sunbeltblog.com -----Original Message----- From: Greg Olson [mailto:gol...@markettools.com] Sent: Friday, May 07, 2010 1:05 PM To: NT System Admin Issues Subject: RE: Computers becoming unresponsive accross entire network. No Vipre. :) -----Original Message----- From: HELP_PC [mailto:g...@enter.it] Sent: Friday, May 07, 2010 10:04 AM To: NT System Admin Issues Subject: R: Computers becoming unresponsive accross entire network. With SEP ? GuidoElia HELPPC -----Messaggio originale----- Da: Greg Olson [mailto:gol...@markettools.com] Inviato: venerdì 7 maggio 2010 18.57 A: NT System Admin Issues Oggetto: RE: Computers becoming unresponsive accross entire network. Lucky you are sir. I've got entire offices down, servers offline, and all kinds of joy. Updating them is becoming a goto each and try to run a manual update. Which is only working sometimes. Machines are so horked up that we're rebooting into safe mode, and updating from there. -Greg -----Original Message----- From: HELP_PC [mailto:g...@enter.it] Sent: Friday, May 07, 2010 9:33 AM To: NT System Admin Issues Subject: R: Computers becoming unresponsive accross entire network. I feel good with my "poor" Symantec Endpoint Protection ! GuidoElia HELPPC -----Messaggio originale----- Da: Carl Houseman [mailto:c.house...@gmail.com] Inviato: venerdì 7 maggio 2010 17.31 A: NT System Admin Issues Oggetto: RE: Computers becoming unresponsive accross entire network. Already discussed in another thread, update your Vipre defs. Is anyone keeping track of the number of bad defs out of Sunbelt for this year alone? Carl -----Original Message----- From: Luke [mailto:tesla...@gmail.com] Sent: Friday, May 07, 2010 10:57 AM To: NT System Admin Issues Subject: Computers becoming unresponsive accross entire network. The Network Administrator and I have been working on this all morning. Since about 7:00AM random machines on the Local Network have been slipping into and out of a random state of unresponsiveness ("Freezing"). The symptoms are pretty serious - I have seen it take up to 5 minutes to bring an already open window from the background to the foreground on client machines - and there are servers that are so unresponsive that I am not even able to log into them (enter Username and Password and nothing happens for the next 30min.). We have had to cold boot one server 3 times in the past hour! This problem is not specific to any user, profile, machine, OS, network switch, etc. - at least from what we have been able to Identify. So far it has affected Windows 7, XP and Server 2003. However, this issue is not affecting everyone on the network. My Colleague sitting right next to me has been having all kinds of trouble with his PC and I have not. We have found that cold booting the affected machines does help a little or at least for a while, but more often than not the machine will just return to its unresponsive state after a few minutes. On the machines that I have that are accessible I am attempting scan with Vipre. We are seriously starting to suspect that Vipre is doing something (in the background that we cant see) that is actually causing all this. We completely removed Vipre from one PC that was having trouble and it seemed to fix the problem. The PC has been running fine since. Any thoughts? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~