McAfee Update Goes Bad
A ton of reports filtered into <a href="http://isc.sans.org/">SANS' Internet Storm Center</a> on Wednesday about a bad McAfee Antivirus update. Turns out McAfee antivirus is identifying "svchost.exe" as a virus, a critical systems file in Windows that it can run properly without. As a result of the antivirus misidentification, McAfee attempts to remove it, or prevent it from running. Systems that are infected will keep rebooting, or networking will no longer work, according to SANS Chief Research Officer Johannes Ullrich.
A ton of reports filtered into SANS' Internet Storm Center on Wednesday about a bad McAfee Antivirus update. Turns out McAfee antivirus is identifying "svchost.exe" as a virus, a critical systems file in Windows that it can run properly without. As a result of the antivirus misidentification, McAfee attempts to remove it, or prevent it from running. Systems that are infected will keep rebooting, or networking will no longer work, according to SANS Chief Research Officer Johannes Ullrich.
McAfee has now released a fixed definition file, and an "extra.dat" file, two files that essentially make a patch to prevent this problem from reoccurring, but for many organizations it's already too late to push the changes over the network because the problem effects networking.
"Administrators have to walk from machine to machine to fix this," said Ullrich.
For the technical nitty gritty see here. For more information from McAfee this might be useful.