Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

McAfee software causes havoc

Excel identified as virus.

Article comments

McAfee's virus-scanning products wreaked havoc on corporate and consumer systems on Friday, after a buggy virus definition file triggered the quarantine or deletion of a long list of executable files - including Microsoft Excel.

The problem began when virus definition file, or DAT file, number 4715 was released on Friday morning, US Pacific Time (about 6:30 pm GMT), as part of a standard daily updating routine. The file was designed to refine McAfee products' ability to catch the W95/CTX virus, McAfee said.

By 9 pm GMT the company's customers began reporting an unusual number of files being quarantined or deleted by scans using DAT file 4715. "We think McAfee's latest DAT file may be bad," said one user in a report released by the SANS Institute's Internet Storm Center (ISC). "They improved the detection for several variants of the W95/CTX virus, and now our scanners are detecting supposedly infected executables all over our network, including on an original Microsoft Office 11 CD."

While excel.exe was the most high-profile false positive, the list of wrongly identified files later released by McAfee was seven pages long. The list was regarded as incomplete by some ISC readers, who said the McAfee tools attempted to remove files such as Dell OpenManage, Cygwin, Perl, Sysinternals' PsTools suite, various Oracle binaries, and the SuperCACLS administration suite.

The files were either deleted or moved into a different folder, according to settings determined by the user. The files were only moved or deleted during scheduled or manual scans, and not during background scanning, according to McAfee.

"If... your readers have quarantine or delete set as the default action, the virus scan will do more damage than a real virus would," wrote the ISC user.

McAfee said about 100 customers reported problems. The company released an updated definition file, DAT 4716, to enterprises at about 11:30 pm GMT, McAfee said. McAfee also released a tool designed to automatically restore wrongly quarantined files, according to SANS, an arduous process if carried out manually.

"Hundreds of files per machine were incorrctly identified as virus-infected and (were) quarantined," wrote another user in an ISC report. "Many hours will be spent restoring these files from quarantine."

According to SANS, affected products included VirusScan Enterprise 8.0i, VirusScan Enterprise 7.1, VirusScan Enterprise 7.0, Managed VirusScan 4.0, Managed VirusScan 3.5, VirusScan Online 11, VirusScan Online 10, LinuxShield and the consumer-oriented VirusScan 7.03.



Share:

More from Techworld

More relevant IT news

Comments

Javahead said: I see no one has replied I have spent the last two days and nights reading downloading uninstalling reinstalling scanning removing to no avail Im desperately trying to figure out what protection software I can use to protect my computer McAfee has been a pain Apple maybe



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *