RE: McAfee DAT problems
Sunbelt Software Offers McAfee Customers a Way Out Company offers six-months of free maintenance on VIPRE Enterprise to all McAfee Enterprise Customers Clearwater, FL, April 21, 2010 - Sunbelt Software, a leading provider of Windows endpoint security software, is offering McAfee enterprise customers who may be unhappy with recent events, six months of free maintenance added to any new order placed before June 30, 2010. Based on recent events, we are seeing record numbers of McAfee enterprise customers looking for an alternative solution for endpoint security, said Jim Moise, senior vice president of sales and marketing for Sunbelt Software. In order to make the transition easier, we are offering them a simple financial incentive to move to our endpoint security solution, VIPRE. In addition to the special offer, customers will also have migration tools available to move to VIPRE, which automatically uninstall the McAfee endpoint product and replace it with the VIPRE endpoint client. VIPRE Enterprise is the fastest-growing enterprise endpoint solution on the market today. In less than two years, over 17,000 enterprises in North America alone have adopted VIPRE and are benefiting from its all-new, next-generation technology to detect and remove viruses, Trojans, worms and other malware. To qualify for the special, McAfee customers can call toll free 1-800-336-3166 and ask to speak with a Sunbelt Software representative or send an email to sa...@sunbeltsoftware.com. New customers can purchase VIPRE Enterprise on a per machine basis. Pricing includes the first year maintenance with a sliding scale volume discount based on number of machines. A 50% competitive upgrade program is also in effect. 30-day evaluations of the VIPRE Enterprise products are available on Sunbelt Software's website at www.sunbeltsoftware.com. Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, April 21, 2010 6:38 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems When has the last time that a virus that any of the AV vendors failed to catch had as devestating an effect as many organizations as this malignant AV update did? As I am the only one here now at my org, the last bad Sunbelt dat before I dropped them caused me to redeploy almost every box here, simple because my ris deployments are well tuned to be hands off and all my ware except a bit is gpo deployed but I had a group of spoiled users who are used to nothing ever going wrong all standing around saying Joe's a useless fu__ing idiot, what did *he* do? So I ran out of time troubleshooting and rebooted/F12 every pc in my path. No data is stored locally either so it was the best option while my neck hairs were being breathed on... And how about 12 hours instead of 24? I wish I could do it with WSUS, I surely would... Something to look into. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
I am seeing problems with Systems reporting Wecorl.a infections and shutting down. Are you seeing the same issue? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Sorry to hear that. Nope. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 11:55 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I am seeing problems with Systems reporting Wecorl.a infections and shutting down. Are you seeing the same issue? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
http://isc.sans.org/diary.html?storyid=8656rss From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 8:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
I’ve only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don’t know if it was shutdowns or reboots, and/or different for servers and EUCs … which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Here's McAfee's official word. I got this e-mail from them about 30 minutes ago. Dave From: McAfee [mailto:mca...@connect.mcafee.com] Sent: Wednesday, April 21, 2010 9:06 AM To: David Lum Subject: McAfee SNS ALERT: w32/wecorl.a False Positive in 5958 DAT McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file April 21 at 2:00pm (GMT +1). McAfee advises NOT to download this DAT. Please disable pull tasks and update tasks. Information updates will be sent every 90 minutes to keep you advised. McAfee Support Notification Service (SNS) provides valuable information to help you maximize the functionality and protection capabilities of your McAfee products. To manage your SNS email preferences, please go to the SNS Subscription Center at http://my.mcafee.com/content/SNS_Subscription_Centerhttp://my.mcafee.com/content/SNS_Subscription_Center?elq_mid=2361elq_cid=173822elq=22a9a3ec0916400793055be7364cfb4d (NOTE: This URL ensures your previous preferences are populated for your review). For Support issues, contact your Support Account Manager (SAM), or go to https://mysupport.mcafee.comhttps://mysupport.mcafee.com?elq_mid=2361elq_cid=173822. For McAfee Security Quickstart services, go to http://www.mcafeequickstart.comhttp://www.mcafeequickstart.com?elq_mid=2361elq_cid=173822. For other questions, go to http://www.mcafee.com/us/about/contact/index.htmlhttp://www.mcafee.com/us/about/contact/index.html?elq_mid=2361elq_cid=173822 and select the appropriate contact link. McAfee, Inc. | 3965 Freedom Circle | Santa Clara, CA | 95054 | 888.847.8766 | www.mcafee.com McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. or its affiliates in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. (c) 2010 McAfee, Inc. All rights reserved. From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, April 21, 2010 9:11 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems http://isc.sans.org/diary.html?storyid=8656rss From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 8:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Yep. We got hit with it and are in the process of cleaning up. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 10:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Ouch … Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It’s putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren’t running and can’t be started. You can’t even do a system restore point. Right now we’ve removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We’re trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I’ve only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don’t know if it was shutdowns or reboots, and/or different for servers and EUCs … which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Yes, We have verified that McAFEE dat 5958 is bad, do not deploy this DAT to your systems( Windows 2000/XP). Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 12:41 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Ouch ... Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: McAfee DAT problems
We're experiencing the issue on some of our XP machines. Suggestions from McAfee's Forum for PCs continually rebooting (haven't tested this yet). run shutdown -a from command line access the VirusScan Console, select Tools, Rollback DATs http://community.mcafee.com/thread/24056?tstart=0 On Wed, Apr 21, 2010 at 9:00 AM, Ziots, Edward ezi...@lifespan.org wrote: Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com] *Sent:* Wednesday, April 21, 2010 12:33 PM *To:* NT System Admin Issues *Subject:* RE: McAfee DAT problems This is nasty. It’s putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren’t running and can’t be started. You can’t even do a system restore point. Right now we’ve removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We’re trying to find a way to streamline it. *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Wednesday, April 21, 2010 11:13 AM *To:* NT System Admin Issues *Subject:* RE: McAfee DAT problems I’ve only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don’t know if it was shutdowns or reboots, and/or different for servers and EUCs … which is why I asked. *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Don Guyer [mailto:don.gu...@prufoxroach.com] *Sent:* Wednesday, April 21, 2010 11:51 AM *To:* NT System Admin Issues *Subject:* RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Wednesday, April 21, 2010 11:48 AM *To:* NT System Admin Issues *Subject:* McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy the extra.DAT file to the following location: installation drive\Program Files\Common Files\McAfee\Engine 4. In the Services window, right-click McAfee McShield and select Start. We're writing a batch file and putting this on USB to expedite this (remember this kills network connectivity). From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
So...does anyone know what TIME McAfee releases patches? We update daily at 1am and did NOT get this DAT that was released today... From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 10:09 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy the extra.DAT file to the following location: installation drive\Program Files\Common Files\McAfee\Engine 4. In the Services window, right-click McAfee McShield and select Start. We're writing a batch file and putting this on USB to expedite this (remember this kills network connectivity). From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Got the link to the extra.dat? What version is your Mcafee saying. 5958 or 5960? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 1:09 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy the extra.DAT file to the following location: installation drive\Program Files\Common Files\McAfee\Engine 4. In the Services window, right-click McAfee McShield and select Start. We're writing a batch file and putting this on USB to expedite this (remember this kills network connectivity). From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Thanks to all for bringing this to light. Because of this list, we avoided a possible disaster. Kudos! Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 1:09 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy the extra.DAT file to the following location: installation drive\Program Files\Common Files\McAfee\Engine 4. In the Services window, right-click McAfee McShield and select Start. We're writing a batch file and putting this on USB to expedite this (remember this kills network connectivity). From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
At the end of the article previously posted: http://community.mcafee.com/thread/24056?tstart=0 It's really slow for me, guess everyone and their Grandma is downloading it. J Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 1:24 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Got the link to the extra.dat? What version is your Mcafee saying. 5958 or 5960? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 1:09 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy the extra.DAT file to the following location: installation drive\Program Files\Common Files\McAfee\Engine 4. In the Services window, right-click McAfee McShield and select Start. We're writing a batch file and putting this on USB to expedite this (remember this kills network connectivity). From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Actually, the file is at the bottom of this article (it's 6k): https://kc.mcafee.com/corporate/index?page=contentid=KB68780 Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 1:24 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Got the link to the extra.dat? What version is your Mcafee saying. 5958 or 5960? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 1:09 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy the extra.DAT file to the following location: installation drive\Program Files\Common Files\McAfee\Engine 4. In the Services window, right-click McAfee McShield and select Start. We're writing a batch file and putting this on USB to expedite this (remember this kills network connectivity). From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
: D Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 1:24 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Thanks to all for bringing this to light. Because of this list, we avoided a possible disaster. Kudos! Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 1:09 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy the extra.DAT file to the following location: installation drive\Program Files\Common Files\McAfee\Engine 4. In the Services window, right-click McAfee McShield and select Start. We’re writing a batch file and putting this on USB to expedite this (remember this kills network connectivity). From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It’s putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren’t running and can’t be started. You can’t even do a system restore point. Right now we’ve removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We’re trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I’ve only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don’t know if it was shutdowns or reboots, and/or different for servers and EUCs … which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: McAfee DAT problems
That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
On top of the millions of dollars of downtime they have caused a lot of companies, I am sure the lawsuits and the fallout is going to be equally brutal. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, April 21, 2010 4:14 PM To: NT System Admin Issues Subject: Re: McAfee DAT problems That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
I would strongly bet that there is some legalese in their software license agreement that says you agree they are not liable for problems like that. It reminds me of a problem years ago with MailEssentials where they sent out a bad signature file that caused every message to be qualified as spam. If you had a rule that to delete all the definite spam (like we did), it just sat there and deleted every mail message coming into your mail server. IIRC, it was even malformed to such an extent that subsequently released signatures would not load without you taking some manual process. We lost about a half day's mail before getting it fixed (it took a while to figure out there was a problem at all, and then what the source was). They offered everybody free upgrades to the next version as a mea culpa. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:15 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems On top of the millions of dollars of downtime they have caused a lot of companies, I am sure the lawsuits and the fallout is going to be equally brutal. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, April 21, 2010 4:14 PM To: NT System Admin Issues Subject: Re: McAfee DAT problems That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
So glad we moved away from Mcrapfee to Trend last month! Have not regretted it in the least! BTW, thanks to everyone on the list who responded for your insight into McAfee, Norton, Trend, VIPRE, etc about two months ago. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:15 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems On top of the millions of dollars of downtime they have caused a lot of companies, I am sure the lawsuits and the fallout is going to be equally brutal. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, April 21, 2010 4:14 PM To: NT System Admin Issues Subject: Re: McAfee DAT problems That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.commailto:egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
FYI. The only way we could fix this was to pull the HDD, copy the Extra.DAT and a good copy of svchost.exe onto the HDD, place HDD back in infected machine. The original svchost.exe file was there where it should be, but 0 bytes. None of the instructions to do this while the systems were running have worked for us so far. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 1:24 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Got the link to the extra.dat? What version is your Mcafee saying. 5958 or 5960? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 1:09 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy the extra.DAT file to the following location: installation drive\Program Files\Common Files\McAfee\Engine 4. In the Services window, right-click McAfee McShield and select Start. We're writing a batch file and putting this on USB to expedite this (remember this kills network connectivity). From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Yeah we are seriously looking on moving away from Mcafee also, I liked what NOD 32 ESET was showing us. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Wednesday, April 21, 2010 4:27 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems So glad we moved away from Mcrapfee to Trend last month! Have not regretted it in the least! BTW, thanks to everyone on the list who responded for your insight into McAfee, Norton, Trend, VIPRE, etc about two months ago. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com BLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.com BLOCKED::http://www.eaglemds.com/ From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:15 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems On top of the millions of dollars of downtime they have caused a lot of companies, I am sure the lawsuits and the fallout is going to be equally brutal. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, April 21, 2010 4:14 PM To: NT System Admin Issues Subject: Re: McAfee DAT problems That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
OUCH. This one is epic and made NT Times: McAfee Antivirus Program Goes Berserk, Reboots PCs http://www.nytimes.com/aponline/2010/04/21/business/AP-US-TEC-McAfee-Antivirus-Flaw.html?src=busln Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:28 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Yeah we are seriously looking on moving away from Mcafee also, I liked what NOD 32 ESET was showing us. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Wednesday, April 21, 2010 4:27 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems So glad we moved away from Mcrapfee to Trend last month! Have not regretted it in the least! BTW, thanks to everyone on the list who responded for your insight into McAfee, Norton, Trend, VIPRE, etc about two months ago. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:15 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems On top of the millions of dollars of downtime they have caused a lot of companies, I am sure the lawsuits and the fallout is going to be equally brutal. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, April 21, 2010 4:14 PM To: NT System Admin Issues Subject: Re: McAfee DAT problems That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.commailto:egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Don, These are working pretty well for us, atm., I have verified these on some serious horked up XP boxes, that had their svchost.exe chewed up. 1) Put Extra.dat and svchost.exe from directory to a CD or memory Stick. 2) Boot to safe mode, log on as local administrator, if you get prompted that the system is going to shutdown type shutdown -a at the run command which will abort the shutdown. 3) Go into Mcafee and disable the protection, this will allow you to stop the mcafee services accordingly. (Stop Mcshield, Stop Framework, Stop Engine Service, Stop Validation Service, Stop Mcafee Task Manager) Note: If you can't stop the services within services.msc do the following: Type regedit from the command line. Go to HKLM\System\CurrentControlSet\Services\McafeeEngineService (change the Start Value to 4 Decimal) Go to HKLM\SYSTEM\CurrentControlSet\Services\Mcshield (Change the start Value to 4 Decimal) Go to HKLM\System\CurrentControlSet\Services\McTaskManager (change the start Value to 4 Decimal) GO to HKLM\System\CurrentControlSet\Services\mfevtp(change the start Value to 4 decimal) (Note after you reboot the system you will need to change the Start Value to 2 to set it to automatic) 4) Copy the extra.dat to c:\program files\Common Files\Mcafee\Engine directory, copy the svchost.exe to c:\Windows\system32. (Note you might need to do this via the cmdline from the media itself) Example: If the media is the e: drive, it will look something like this. Hit Start--- RUN TYPE CMD At the command prompt type the following: E: Copy extra.dat c:\program files\common files\Mcafee\engine Copy svchost.exe c:\windows\system32 5)Reboot These are all the services running under svchost.exe that are affected. tasklist /svc /FI IMAGENAME eq svchost.exe Image Name PID Services = == = svchost.exe 960 DcomLaunch, TermService svchost.exe 1028 RpcSs svchost.exe 1124 AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, helpsvc, HidServ, LanmanServer, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, ShellHWDetection, TapiSrv, Themes, TrkWks, w32time, winmgmt, WZCSVC svchost.exe 1244 Dnscache svchost.exe 1312 LmHosts, RemoteRegistry, SSDPSRV svchost.exe 1576 WebClient Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 4:27 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems FYI. The only way we could fix this was to pull the HDD, copy the Extra.DAT and a good copy of svchost.exe onto the HDD, place HDD back in infected machine. The original svchost.exe file was there where it should be, but 0 bytes. None of the instructions to do this while the systems were running have worked for us so far. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 1:24 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Got the link to the extra.dat? What version is your Mcafee saying. 5958 or 5960? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 1:09 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy the extra.DAT file to the following location: installation drive\Program Files\Common Files\McAfee\Engine 4. In the Services window, right-click McAfee McShield and select Start. We're writing a batch file and putting this on USB to expedite this (remember this kills network connectivity). From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from
RE: McAfee DAT problems
Ed, Yeah, we tried this process (or something very similar) and we were unable to paste anything from a CD/DVD or USB stick. System would recognize the media but not allow us to paste. Didn't try command line. I'll forward this on to our Tech Team. Thx! Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:39 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Don, These are working pretty well for us, atm., I have verified these on some serious horked up XP boxes, that had their svchost.exe chewed up. 1) Put Extra.dat and svchost.exe from directory to a CD or memory Stick. 2) Boot to safe mode, log on as local administrator, if you get prompted that the system is going to shutdown type shutdown -a at the run command which will abort the shutdown. 3) Go into Mcafee and disable the protection, this will allow you to stop the mcafee services accordingly. (Stop Mcshield, Stop Framework, Stop Engine Service, Stop Validation Service, Stop Mcafee Task Manager) Note: If you can't stop the services within services.msc do the following: Type regedit from the command line. Go to HKLM\System\CurrentControlSet\Services\McafeeEngineService (change the Start Value to 4 Decimal) Go to HKLM\SYSTEM\CurrentControlSet\Services\Mcshield (Change the start Value to 4 Decimal) Go to HKLM\System\CurrentControlSet\Services\McTaskManager (change the start Value to 4 Decimal) GO to HKLM\System\CurrentControlSet\Services\mfevtp(change the start Value to 4 decimal) (Note after you reboot the system you will need to change the Start Value to 2 to set it to automatic) 4) Copy the extra.dat to c:\program files\Common Files\Mcafee\Engine directory, copy the svchost.exe to c:\Windows\system32. (Note you might need to do this via the cmdline from the media itself) Example: If the media is the e: drive, it will look something like this. Hit Start--- RUN TYPE CMD At the command prompt type the following: E: Copy extra.dat c:\program files\common files\Mcafee\engine Copy svchost.exe c:\windows\system32 5)Reboot These are all the services running under svchost.exe that are affected. tasklist /svc /FI IMAGENAME eq svchost.exe Image Name PID Services = == = svchost.exe 960 DcomLaunch, TermService svchost.exe 1028 RpcSs svchost.exe 1124 AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, helpsvc, HidServ, LanmanServer, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, ShellHWDetection, TapiSrv, Themes, TrkWks, w32time, winmgmt, WZCSVC svchost.exe 1244 Dnscache svchost.exe 1312 LmHosts, RemoteRegistry, SSDPSRV svchost.exe 1576 WebClient Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 4:27 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems FYI. The only way we could fix this was to pull the HDD, copy the Extra.DAT and a good copy of svchost.exe onto the HDD, place HDD back in infected machine. The original svchost.exe file was there where it should be, but 0 bytes. None of the instructions to do this while the systems were running have worked for us so far. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 1:24 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Got the link to the extra.dat? What version is your Mcafee saying. 5958 or 5960? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 1:09 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems McAfee has an EXTRA.DAT file out now that will fix it. This is the process: To apply the extra.DAT locally: 1. Click Start, Run, type services.msc and click OK. 2. Right-click the McAfee McShield service and select Stop. 3. Copy
Re: McAfee DAT problems
So glad that I finished up my migration to Vipre from McAfee last month. My Wednesday has been rather quiet and peaceful. On Wed, Apr 21, 2010 at 3:38 PM, Stu Sjouwerman s...@sunbelt-software.comwrote: OUCH. This one is epic and made NT Times: McAfee Antivirus Program Goes Berserk, Reboots PCs http://www.nytimes.com/aponline/2010/04/21/business/AP-US-TEC-McAfee-Antivirus-Flaw.html?src=busln Warm regards, *Stu Sjouwerman* *Co-Founder, Publisher, Sunbelt Media* P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com *From:* Ziots, Edward [mailto:ezi...@lifespan.org] *Sent:* Wednesday, April 21, 2010 4:28 PM *To:* NT System Admin Issues *Subject:* RE: McAfee DAT problems Yeah we are seriously looking on moving away from Mcafee also, I liked what NOD 32 ESET was showing us. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org *From:* Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] *Sent:* Wednesday, April 21, 2010 4:27 PM *To:* NT System Admin Issues *Subject:* RE: McAfee DAT problems So glad we moved away from Mcrapfee to Trend last month! Have not regretted it in the least! BTW, thanks to everyone on the list who responded for your insight into McAfee, Norton, Trend, VIPRE, etc about two months ago. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Ziots, Edward [mailto:ezi...@lifespan.org] *Sent:* Wednesday, April 21, 2010 4:15 PM *To:* NT System Admin Issues *Subject:* RE: McAfee DAT problems On top of the millions of dollars of downtime they have caused a lot of companies, I am sure the lawsuits and the fallout is going to be equally brutal. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, April 21, 2010 4:14 PM *To:* NT System Admin Issues *Subject:* Re: McAfee DAT problems That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? *Erik Goldoff* *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' -- Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ... -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: McAfee DAT problems
FWIW, rebooting the computers in safe mode and copying the files via command line worked for us. We did not stop the services prior to copying the files over and everything is working just fine. On Wed, Apr 21, 2010 at 1:39 PM, Ziots, Edward ezi...@lifespan.org wrote: Don, These are working pretty well for us, atm., I have verified these on some serious horked up XP boxes, that had their svchost.exe chewed up. 1) Put Extra.dat and svchost.exe from directory to a CD or memory Stick. 2) Boot to safe mode, log on as local administrator, if you get prompted that the system is going to shutdown type shutdown –a at the run command which will abort the shutdown. 3) Go into Mcafee and disable the protection, this will allow you to stop the mcafee services accordingly. (Stop Mcshield, Stop Framework, Stop Engine Service, Stop Validation Service, Stop Mcafee Task Manager) Note: If you can’t stop the services within services.msc do the following: Type regedit from the command line. Go to HKLM\System\CurrentControlSet\Services\McafeeEngineService (change the Start Value to 4 Decimal) Go to HKLM\SYSTEM\CurrentControlSet\Services\Mcshield (Change the start Value to 4 Decimal) Go to HKLM\System\CurrentControlSet\Services\McTaskManager (change the start Value to 4 Decimal) GO to HKLM\System\CurrentControlSet\Services\mfevtp(change the start Value to 4 decimal) *(Note after you reboot the system you will need to change the Start Value to 2 to set it to automatic)* 4) Copy the extra.dat to c:\program files\Common Files\Mcafee\Engine directory, copy the svchost.exe to c:\Windows\system32. (Note you might need to do this via the cmdline from the media itself) Example: If the media is the e: drive, it will look something like this. Hit Start--- RUN TYPE CMD At the command prompt type the following: E: Copy extra.dat “c:\program files\common files\Mcafee\engine” Copy svchost.exe c:\windows\system32 5)Reboot These are all the services running under svchost.exe that are affected. tasklist /svc /FI IMAGENAME eq svchost.exe Image Name PID Services = == = svchost.exe 960 DcomLaunch, TermService svchost.exe 1028 RpcSs svchost.exe 1124 AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, helpsvc, HidServ, LanmanServer, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, ShellHWDetection, TapiSrv, Themes, TrkWks, w32time, winmgmt, WZCSVC svchost.exe 1244 Dnscache svchost.exe 1312 LmHosts, RemoteRegistry, SSDPSRV svchost.exe 1576 WebClient Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org * * -- -- Michael S. White mswhite...@gmail.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
We just finished up the cleaning up. Had some issues where this shutdown network connectivity, some where the system wouldn't recognize the USB drive. In those instances we had to boot into safe mode and uninstall all the McCrappy stuff, then reload it with the previous DAT. Geeesh!!! From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 12:01 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Confirmed, this is causing widespread issues, XP and Windows 2000, We are disabling all Mcafee Services, by setting the registry keys start type to 0x4, and uninstalling Mcafee, and removing the the dat from the repository. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 12:33 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This is nasty. It's putting the svchost.exe in quarantine and causing the system to bomb. When the system comes back up the taskbar is missing, no network connectivity, half the services aren't running and can't be started. You can't even do a system restore point. Right now we've removed the latest DAT, un-quarantined the file, un-installed McCrappy, and go back to a restore point and that seems to be working. We're trying to find a way to streamline it. From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:13 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems I've only heard through the grapevine, colleagues supporting clients other than mine had to leave a conference call due to DAT issues with 5958, I don't know if it was shutdowns or reboots, and/or different for servers and EUCs ... which is why I asked. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Wednesday, April 21, 2010 11:51 AM To: NT System Admin Issues Subject: RE: McAfee DAT problems My clients are just starting to update, a handful already have it, no complaints yet. What are you seeing? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, April 21, 2010 11:48 AM To: NT System Admin Issues Subject: McAfee DAT problems Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
WTH? ''We are not aware of significant impact on consumers and believe we have effectively limited such occurrence,'' the company said in a statement. From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Wednesday, April 21, 2010 3:39 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems OUCH. This one is epic and made NT Times: McAfee Antivirus Program Goes Berserk, Reboots PCs http://www.nytimes.com/aponline/2010/04/21/business/AP-US-TEC-McAfee-Ant ivirus-Flaw.html?src=busln Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:28 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Yeah we are seriously looking on moving away from Mcafee also, I liked what NOD 32 ESET was showing us. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Wednesday, April 21, 2010 4:27 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems So glad we moved away from Mcrapfee to Trend last month! Have not regretted it in the least! BTW, thanks to everyone on the list who responded for your insight into McAfee, Norton, Trend, VIPRE, etc about two months ago. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com BLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.com BLOCKED::http://www.eaglemds.com/ From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:15 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems On top of the millions of dollars of downtime they have caused a lot of companies, I am sure the lawsuits and the fallout is going to be equally brutal. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, April 21, 2010 4:14 PM To: NT System Admin Issues Subject: Re: McAfee DAT problems That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
I have a feeling they are going to be made 'aware' very soonheh heh Bill Lambert Concuity Phone 847-941-9206 The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 4:39 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems WTH? ''We are not aware of significant impact on consumers and believe we have effectively limited such occurrence,'' the company said in a statement. From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Wednesday, April 21, 2010 3:39 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems OUCH. This one is epic and made NT Times: McAfee Antivirus Program Goes Berserk, Reboots PCs http://www.nytimes.com/aponline/2010/04/21/business/AP-US-TEC-McAfee-Ant ivirus-Flaw.html?src=busln Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:28 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Yeah we are seriously looking on moving away from Mcafee also, I liked what NOD 32 ESET was showing us. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Wednesday, April 21, 2010 4:27 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems So glad we moved away from Mcrapfee to Trend last month! Have not regretted it in the least! BTW, thanks to everyone on the list who responded for your insight into McAfee, Norton, Trend, VIPRE, etc about two months ago. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com BLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.com BLOCKED::http://www.eaglemds.com/ From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:15 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems On top of the millions of dollars of downtime they have caused a lot of companies, I am sure the lawsuits and the fallout is going to be equally brutal. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, April 21, 2010 4:14 PM To: NT System Admin Issues Subject: Re: McAfee DAT problems That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
This was posted an hour ago - McAfee antivirus program goes berserk, freezes PCs By PETER SVENSSON, AP Technology Writer Peter Svensson, Ap Technology Writer - 26 mins ago NEW YORK - Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus. McAfee Inc. confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download. We are not aware of significant impact on consumers and believe we have effectively limited such occurrence, the company said in a statement. Online posters begged to differ, saying thousands of computers running Windows XP with Service Pack 3 were rendered useless. About a third of the hospitals in Rhode Island were forced to stop treating patients without traumas in emergency rooms. The hospitals also postponed some elective surgeries, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital, the only hospital on Aquidneck Island. Jean said patients who required emergency care for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms. In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Arlington, Va., also lost computer access. Peter Juvinall, systems administrator at Illinois State University in Normal, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone. I originally thought it was a virus, he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get them working again. Such personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery. Intel Corp. appeared to be among the victims, according to employee posts on Twitter. Intel did not immediately return calls for comment. Michael Walker Senior Network Engineer Citrus Valley Health Partners 140 W. College Street, Covina, CA 91723 Phone/Fax/Pager: (888) 299-6882 mwal...@mail.cvhp.org mailto:mwal...@mail.cvhp.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
This was posted an hour ago - McAfee antivirus program goes berserk, freezes PCs So like McAfee said, I don't see the problem with Hospitals and Cops not having service? grin This has started to become an epidemic it seems with av vendors and incompetent QA. I remember years ago after that dodgy win2k terminal server patch I vowed never to simply auto approve ms updates and setup a test group, after that incident I had only seen one update give me issues in all these years (recent .NET screwup) and that was more cosmetic. The problem with this is av updates are released so frequently it's impossible to qa them internally. I suppose of you're not high risk in terms of usage/exposure, you could always lag 24 hours behind. I've never had an issue with Forefront, but I wonder how to automate a delay w/ wsus, if that's even possible? jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Thanks My company has made world news. Joy Joy. Not FUNNY J Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Walker, Michael [mailto:mwal...@mail.cvhp.org] Sent: Wednesday, April 21, 2010 5:45 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This was posted an hour ago - McAfee antivirus program goes berserk, freezes PCs By PETER SVENSSON, AP Technology Writer Peter Svensson, Ap Technology Writer - 26 mins ago NEW YORK - Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus. McAfee Inc. confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download. We are not aware of significant impact on consumers and believe we have effectively limited such occurrence, the company said in a statement. Online posters begged to differ, saying thousands of computers running Windows XP with Service Pack 3 were rendered useless. About a third of the hospitals in Rhode Island were forced to stop treating patients without traumas in emergency rooms. The hospitals also postponed some elective surgeries, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital, the only hospital on Aquidneck Island. Jean said patients who required emergency care for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms. In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Arlington, Va., also lost computer access. Peter Juvinall, systems administrator at Illinois State University in Normal, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone. I originally thought it was a virus, he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get them working again. Such personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery. Intel Corp. appeared to be among the victims, according to employee posts on Twitter. Intel did not immediately return calls for comment. Michael Walker Senior Network Engineer Citrus Valley Health Partners 140 W. College Street, Covina, CA 91723 Phone/Fax/Pager: (888) 299-6882 mwal...@mail.cvhp.org mailto:mwal...@mail.cvhp.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Given how much AV doesn't catch now, is 24 hrs behind even a choice? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, April 21, 2010 6:05 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This was posted an hour ago - McAfee antivirus program goes berserk, freezes PCs So like McAfee said, I don't see the problem with Hospitals and Cops not having service? grin This has started to become an epidemic it seems with av vendors and incompetent QA. I remember years ago after that dodgy win2k terminal server patch I vowed never to simply auto approve ms updates and setup a test group, after that incident I had only seen one update give me issues in all these years (recent .NET screwup) and that was more cosmetic. The problem with this is av updates are released so frequently it's impossible to qa them internally. I suppose of you're not high risk in terms of usage/exposure, you could always lag 24 hours behind. I've never had an issue with Forefront, but I wonder how to automate a delay w/ wsus, if that's even possible? jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: RE: McAfee DAT problems
We can only hope that there will be repurcussions for McCrappy, but probably not. Trend had a series of update issues a few years back without any major fallout. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 5:45 PM, Walker, Michael mwal...@mail.cvhp.org wrote: This was posted an hour ago - McAfee antivirus program goes berserk, freezes PCs By PETER SVENSSON, AP Technology Writer Peter Svensson, Ap Technology Writer – 26 mins ago NEW YORK – Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus. McAfee Inc. confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download. We are not aware of significant impact on consumers and believe we have effectively limited such ... Online posters begged to differ, saying thousands of computers running Windows XP with Service Pack 3 were rendered useless. About a third of the hospitals in Rhode Island were forced to stop treating patients without traumas in emergency rooms. The hospitals also postponed some elective surgeries, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital, the only hospital on Aquidneck Island. Jean said patients who required emergency care for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms. In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Arlington, Va., also lost computer access. Peter Juvinall, systems administrator at Illinois State University in Normal, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone. I originally thought it was a virus, he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get them working again. Such personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery. Intel Corp. appeared to be among the victims, according to employee posts on Twitter. Intel did not immediately return calls for comment. *Michael Walker* *Senior Network Engineer* Citrus Valley Health Partners 140 W. College Street, Covina, CA 91723 *Phone/Fax/Pager: (888) 299-6882* *mwal...@mail.cvhp.org* mwal...@mail.cvhp.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RE: McAfee DAT problems
Honestly, this is my personal opinion. I see legal battles over this one coming to pass, and fairly quickly. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, April 21, 2010 6:06 PM To: NT System Admin Issues Subject: Re: RE: McAfee DAT problems We can only hope that there will be repurcussions for McCrappy, but probably not. Trend had a series of update issues a few years back without any major fallout. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 5:45 PM, Walker, Michael mwal...@mail.cvhp.org wrote: This was posted an hour ago - McAfee antivirus program goes berserk, freezes PCs By PETER SVENSSON, AP Technology Writer Peter Svensson, Ap Technology Writer - 26 mins ago NEW YORK - Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus. McAfee Inc. confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download. We are not aware of significant impact on consumers and believe we have effectively limited such ... Online posters begged to differ, saying thousands of computers running Windows XP with Service Pack 3 were rendered useless. About a third of the hospitals in Rhode Island were forced to stop treating patients without traumas in emergency rooms. The hospitals also postponed some elective surgeries, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital, the only hospital on Aquidneck Island. Jean said patients who required emergency care for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms. In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Arlington, Va., also lost computer access. Peter Juvinall, systems administrator at Illinois State University in Normal, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone. I originally thought it was a virus, he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get them working again. Such personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery. Intel Corp. appeared to be among the victims, according to employee posts on Twitter. Intel did not immediately return calls for comment. Michael Walker Senior Network Engineer Citrus Valley Health Partners 140 W. College Street, Covina, CA 91723 Phone/Fax/Pager: (888) 299-6882 mwal...@mail.cvhp.org mailto:mwal...@mail.cvhp.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
+1, Yep I am sure they are going to be made very aware, and its going to hurt a lot from a financial standpoint and from a reputation standpoint. But until the legal battles are waged and issues resolved, who knows what the true fall-out from items. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Bill Lambert [mailto:blamb...@concuity.com] Sent: Wednesday, April 21, 2010 5:41 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems I have a feeling they are going to be made 'aware' very soonheh heh Bill Lambert Concuity Phone 847-941-9206 The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, April 21, 2010 4:39 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems WTH? ''We are not aware of significant impact on consumers and believe we have effectively limited such occurrence,'' the company said in a statement. From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Wednesday, April 21, 2010 3:39 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems OUCH. This one is epic and made NT Times: McAfee Antivirus Program Goes Berserk, Reboots PCs http://www.nytimes.com/aponline/2010/04/21/business/AP-US-TEC-McAfee-Ant ivirus-Flaw.html?src=busln Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:28 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems Yeah we are seriously looking on moving away from Mcafee also, I liked what NOD 32 ESET was showing us. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Wednesday, April 21, 2010 4:27 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems So glad we moved away from Mcrapfee to Trend last month! Have not regretted it in the least! BTW, thanks to everyone on the list who responded for your insight into McAfee, Norton, Trend, VIPRE, etc about two months ago. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com BLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.com BLOCKED::http://www.eaglemds.com/ From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 21, 2010 4:15 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems On top of the millions of dollars of downtime they have caused a lot of companies, I am sure the lawsuits and the fallout is going to be equally brutal. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, April 21, 2010 4:14 PM To: NT System Admin Issues Subject: Re: McAfee DAT problems That's a serious qa failure. And it's rather annoying that they can't remove the bad dat file from the internet in a timely fashion. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 11:48 AM, Erik Goldoff egold...@gmail.com wrote: Anyone else heard of problems with the latest McAfee DAT (5958) ??? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance
Re: McAfee DAT problems
When has the last time that a virus that any of the AV vendors failed to catch had as devestating an effect as many organizations as this malignant AV update did? And how about 12 hours instead of 24? -ASB: http://XeeSM.com/AndrewBaker On Wed, Apr 21, 2010 at 6:07 PM, Ziots, Edward ezi...@lifespan.org wrote: Given how much AV doesn't catch now, is 24 hrs behind even a choice? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, April 21, 2010 6:05 PM To: NT System Admin Issues Subject: RE: McAfee DAT problems This was posted an hour ago - McAfee antivirus program goes berserk, freezes PCs So like McAfee said, I don't see the problem with Hospitals and Cops not having service? grin This has started to become an epidemic it seems with av vendors and incompetent QA. I remember years ago after that dodgy win2k terminal server patch I vowed never to simply auto approve ms updates and setup a test group, after that incident I had only seen one update give me issues in all these years (recent .NET screwup) and that was more cosmetic. The problem with this is av updates are released so frequently it's impossible to qa them internally. I suppose of you're not high risk in terms of usage/exposure, you could always lag 24 hours behind. I've never had an issue with Forefront, but I wonder how to automate a delay w/ wsus, if that's even possible? jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
Given how much AV doesn't catch now, is 24 hrs behind even a choice? It's a conundrum, your kind of screwed one way or the other: Risk an infection or risk an outage. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: RE: McAfee DAT problems
Perhaps if someone dies because they were not serviced at a hospital in time. Perhaps. I would be surprised if anything happened. OTOH, this could have an Enron-like impact on calls for changing legislation or something. *That* wouldn't surprise me so much. -ASB: http://XeeSM.com/AndrewBaker On Wed, Apr 21, 2010 at 6:11 PM, Ziots, Edward ezi...@lifespan.org wrote: Honestly, this is my personal opinion. I see legal battles over this one coming to pass, and fairly quickly. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, April 21, 2010 6:06 PM *To:* NT System Admin Issues *Subject:* Re: RE: McAfee DAT problems We can only hope that there will be repurcussions for McCrappy, but probably not. Trend had a series of update issues a few years back without any major fallout. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 21, 2010 5:45 PM, Walker, Michael mwal...@mail.cvhp.org wrote: This was posted an hour ago - McAfee antivirus program goes berserk, freezes PCs By PETER SVENSSON, AP Technology Writer Peter Svensson, Ap Technology Writer – 26 mins ago NEW YORK – Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus. McAfee Inc. confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download. We are not aware of significant impact on consumers and believe we have effectively limited such ... Online posters begged to differ, saying thousands of computers running Windows XP with Service Pack 3 were rendered useless. About a third of the hospitals in Rhode Island were forced to stop treating patients without traumas in emergency rooms. The hospitals also postponed some elective surgeries, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital, the only hospital on Aquidneck Island. Jean said patients who required emergency care for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms. In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Arlington, Va., also lost computer access. Peter Juvinall, systems administrator at Illinois State University in Normal, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone. I originally thought it was a virus, he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get them working again. Such personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery. Intel Corp. appeared to be among the victims, according to employee posts on Twitter. Intel did not immediately return calls for comment. *Michael Walker* *Senior Network Engineer* Citrus Valley Health Partners 140 W. College Street, Covina, CA 91723 *Phone/Fax/Pager: (888) 299-6882* *mwal...@mail.cvhp.org* mwal...@mail.cvhp.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: McAfee DAT problems
When has the last time that a virus that any of the AV vendors failed to catch had as devestating an effect as many organizations as this malignant AV update did? As I am the only one here now at my org, the last bad Sunbelt dat before I dropped them caused me to redeploy almost every box here, simple because my ris deployments are well tuned to be hands off and all my ware except a bit is gpo deployed but I had a group of spoiled users who are used to nothing ever going wrong all standing around saying Joe's a useless fu__ing idiot, what did *he* do? So I ran out of time troubleshooting and rebooted/F12 every pc in my path. No data is stored locally either so it was the best option while my neck hairs were being breathed on... And how about 12 hours instead of 24? I wish I could do it with WSUS, I surely would... Something to look into. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~