NAI/Mcafee, one of the biggest Anti Virus Vendors, goofed and sent out a bad virus definition update. This happened on 4/21 in the early afternoon.
The problem is a false positive which identifies a regular Windows binary, “svchost.exe”, as “W32/Wecorl.a”, a virus. The affected systems will enter a reboot loop and [lose] all network access.
We caught it pretty early and manually pushed out a fix @ approximately 3:45.. If you happen to have received the bad definition file, and shutdown your computer before you got the fix, then your computer may not start properly and will need a bit of work to repair. Unfortunately the bad definition file told the virus scan software that one of the critical system files had a virus. Bummer!
We used our epolicy console to push out the new DAT and verified that each computer got the update and installed it. The console is great for reports. Out of 500 computers, we only had one user hosed. And we fixed it in 10 minutes. BAM!
See https://kc.mcafee.com/corporate/index?page=content&id=KB68780
Friday, April 23, 2010
Subscribe to:
Posts (Atom)
