Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

McAfee antivirus update causes problems for home and enterprise customers

DAT 6807 and 6808 updates crippled antivirus programs and left some computers without an Internet connection

Article comments

A buggy update released last week by security vendor McAfee for its consumer and enterprise antivirus products, left the computers of its customers unprotected and, in some cases, unable to access the internet.

The incident affected both home and business users, some of whom were still trying to sort out the problems caused by the updates on Monday and Tuesday, according to messages posted on McAfee's community forums and Facebook page.

The problems were introduced by McAfee updates DAT 6807, released on August 17, and the subsequent DAT 6808, depending on which product was used.

After installing these updates some home users started encountering errors when accessing the McAfee Security Center console, which prevented them from performing any action inside the program. Other users experienced a loss of internet connection on their computers.

McAfee confirmed these problems on Sunday in a technical document that described two possible solutions, both requiring users to update to a newly released DAT 6809 file.

One workaround, intended for users who lost internet connectivity on their computers, involved uninstalling the product, rebooting the computer, downloading an updated version of the product from McAfee's website and installing it.

The other solution described automatic and manual methods of updating existing installations to DAT 6809. Users who continued to encounter errors after updating to this DAT version were advised to uninstall the product using a specialised tool called McAfee Consumer Product Removal (MCPR) and then install the updated version of the product.

Users of McAfee VirusScan Enterprise (VSE) 8.8.x, the company's flagship enterprise antivirus product, had to wait until Monday for a so-called superDAT hotfix that wouldn't require them to reinstall the product on thousands or hundreds of affected computers.

For VSE, the bad updates caused issues with the on-access scanner (OAS), a critical component that checks all files accessed by the system for signs of malware, the company said in a support document published on August 20.

Some administrators in charge of antivirus deployment in corporate environments expressed concern that while the OAS remains disabled a user could get infected and the malware could spread to other computers on the network.

"I have 46 out of 152 computers, having this issue," said a user on the McAfee community forum for business products. "I currently have over 3000 endpoints with this problem - solution asap please McAfee," another user said.

"The issue is well over 24 hours old now, and it's been 'officially' confirmed for nearly 24. That's a very long time to have AV [antivirus] in a faulty state," one wrote hours before McAfee released VSE 8.8 Hotfix 793640 to remediate the issue. "At least one saving grace is that many customers had their machine switched off over the weekend," he said in a later post.

VSE 8.8 Hotfix 793640 is mandatory and includes the full DAT 6809 package, McAfee said.

Because of this the file is approximately 100MB in size and deploying it to thousands of machines posed a challenge for some administrators.

"McAfee is working on a smaller solution that will remediate the issue without the need to include the full DAT package," the company said. "There is no current ETA for this release."

In the meantime, McAfee recommended that the hotfix be deployed in stages on networks with offsite branches, where it might cause bandwidth issues. "For example, schedule the update task to run for one group at a time," the company said.

Another problem encountered by administrators was determining which of the systems under their care were affected. The ones with the buggy DAT files should report a DAT and antivirus engine version of 0.0000 to the central ePolicy Orchestrator (ePO) server.

However, after the hotfix is deployed, some computers can continue to report this bogus information because of caching until they are forced to provide full property data to the ePO server, McAfee said.

Even though the hotfix does not force a reboot, the company recommended that administrators reboot all client systems at their earliest convenience in order to validate that the fix was successfully installed.

Some users whose affected systems include servers were not happy with this. "This has predominantly affected our servers and rebooting them isn't an option," a customer said on the McAfee forum yesterday.

"I work in a very tightly controlled environment and rolling out a 100mb hotfix that MAY require a reboot ASAP is not going to happen," another user said.

This is not the first time that McAfee has issued a bad DAT file. In April, a DAT update for McAfee email gateway security products resulted in system crashes and message scan failures.

However, McAfee is not the only antivirus company that was forced over the years to deal with buggy updates that affected their customers' computers in a serious manner.

"Since these events are becoming a worrying trend, should we implement test procedures inside our organizations as we do with other updates like the ones deployed by Microsoft with Windows Update?" asked Manuel Humberto Santander Pelaez, a security incident handler at the SANS Internet Storm Center.

Some users who responded to Pelaez believe that testing every antivirus update would cost too much time and resources compared to the possible benefits. Others said that delaying the update deployment by 24 hours or deploying the updates in stages starting with the least critical systems would limit the impact of a bad update.

Delaying antivirus updates increases a computer's window of exposure to the latest threats. However, this is a calculated risk that some administrators are apparently willing to take.



Share:

More from Techworld

More relevant IT news

Comments

McAfee said: On Friday McAfee issued an update that resulted in disruption ofInternet service and McAfee product functionality errors for some customers Wedeeply regret any impact this may have had and offer our sincere apologies forany inconvenience and concern that this may have caused youOur first priority was and continues to be helping our customersget their PCs running reliably confidently and securely We are continuing towork diligently to help customers get up and runningConsumers experiencing Internet connectivity issues should reboottheir computers in safe mode in most cases as the computer is booting pressand hold the F8 Key Once in safe mode the consumer shouldhave Internet connectivity In the browser they should type httpmvtmcafeecom to run the McAfeeVirtual Technician Once the MVT has been run the consumer may reboot inregular mode and the issue should be resolvedAlternately the issue can be resolved by uninstalling the currentMcAfee software re-booting the computer and re-installing the updated McAfeesoftware via the instructions outlined in the Knowledge Base Article publishedby McAfee Technical Support at httpservicemcafeecomFAQDImpacted ISP customers may need to log-in to the ISP portal toaccess and reinstall the current McAfee softwareFor users experiencing an error message when they open McAfeeconsole McAfee recommends running the MVT utility available for download at mvtmcafeecom This tool willautomatically update the user and address the error messages they see in McAfeeconsoleOnce this process has been completed the issues includingInternet access should be restored Please note that this knowledge basearticle will continue to be updated on an ongoing basisAgain we offer our sincere apologies and know that we are workingto help our customers



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *