Search:  

 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » McAfee/NAI rolls bad pattern
Search Topic:
Uniqs:
876
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
svchostH hijack »
« shockwave is f**king my a** and I know it  
AuthorAll Replies


hurleyp

join:2000-06-20
Ottawa, ON

McAfee/NAI rolls bad pattern

SANS Internet Storm Center is reporting that "NAI/McAfee today (March 10) released pattern version 4716 only hours after 4715 had come out."

"Pattern 4715 triggered false positive virus alerts for "W95/CTX" on a number of files that are part of quite prominent third party products."

Full report at »isc.sans.org/diary.php?storyid=1179

Paul
--
"I reject your reality and substitute my own."


Portmonkey
I'm Your Boogie Man
Premium
join:2004-04-09
Southern IL
Thank you very much for posting this info. I'm glad I decided to check here before allowing McAfee to start deleting or quartineing files.
--
Road to hell paved with unbought stuffed dogs. Hemingway

owlyn

join:2004-06-05
Newtown, PA
clubs:

reply to hurleyp
Just this morning I woke up to find an alleged 37 files infected with the W95/CTX virus. Fortunately, I doubted the report and looked at the Virus Help on McAfee's web site, where it said that 4715 produces FPs and to get 4716.

But I am an experienced user, and work in I.T. so I was reasonably certain that the report was false. How about the 99% of the users who would have just quaranteened the files? That's a BIG "my bad" for McAfee.


hurleyp

join:2000-06-20
Ottawa, ON

reply to hurleyp
At least if you set McAfee to quarantine "infected" files, you can go about restoring them. Not an easy job, but much better than if they were deleted. I use NAV, and after I saw this report I checked my options and sure enough, NAV was set to delete infected files. I've changed that to quarantine just in case NAV starts going false-positive crazy!

Paul
--
"I reject your reality and substitute my own."

waynemr

join:2002-01-28
Madison, WI

reply to hurleyp
Well CRAP! I had 161 files false tagged and quaratined because of this fiasco! Now I've got to go back and restore each one by hand!!!!


GlassRail
Premium
join:2000-11-02
On Track
clubs:

reply to hurleyp
Thanks for the heads up. I came home yesterday and found 48 files with W95/CTX. They were all main program files and I almost had a heart attack.

I finally restored them and everything worked fine, until I installed NOD32 My system froze up and wouldn't allow me into the safe mode What a mess that was!
--
Frankly Speaking!


hurleyp

join:2000-06-20
Ottawa, ON

reply to hurleyp
Here is a March 12 follow-up to this incident from SANS:

»isc.sans.org/diary.php?storyid=1184&rss

"Users who have moved detected files to quarantine should restore them to their original location. Windows users who have had files deleted should restore files from backup or use System Restore."

Gee, thanks.

Paul
--
"I reject your reality and substitute my own."

zteardrop

join:2005-12-20
Brooklyn, NY

reply to hurleyp
A lot of antivirus companies in an effort to get definitions out first, are compromising on the quality of their definitions. We seen that with NOD32, KAV, now McAfee. I agree that FPs do occur, but I think some needs to keep score on how many times they occur for various companies.

ForeverZero

join:2005-01-11
Hollywood, FL
reply to hurleyp
Just got done cleaning up the mess this caused at my workplace.
Good way to start a Monday!

I think we got off pretty easy tho, the 4716 release happened before a lot happened to us, did have some servers affected tho.

-ForeverZero-


hurleyp

join:2000-06-20
Ottawa, ON

reply to hurleyp
McAfee has created a cleanup tool to restore files incorrectly quarantined by the bad DAT update. Follow the link in the 13 Mar update at »vil.nai.com/vil/content/v_138884.htm
--
"I reject your reality and substitute my own."


lilhurricane
Storm Coming
Premium,Mod
join:2003-01-11
Purple Zone
clubs:
·Comcast

Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

edit:
March 14th, @01:08PM

 
said by hurleyp See Profile :

McAfee has created a cleanup tool to restore files incorrectly quarantined by the bad DAT update. Follow the link in the 13 Mar update at »vil.nai.com/vil/content/v_138884.htm
Thank you for the link...that helps

Edit: Had added this morning to SCU news as well:
»McAfee Update Breaks Hundreds Of Apps
-
Forums » Up and Running » Security » SecuritysvchostH hijack »
« shockwave is f**king my a** and I know it  


Thursday, 21-Aug 08:46:26 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [99] Was FiOS a Good Idea?
· [77] Landscaping, Courtesy of AT&T?
· [76] ISPs Whine About Network Neutrality 'Paranoia'
· [71] FCC Finally Issues Comcast Throttling Order
· [56] Google Launches White Space Broadband Website
· [56] Craig Moffett: Network Upgrades Are For Ninnies
· [52] Qwest, Unions Strike Deal
· [52] Did Apple iPhone Fix Make Problems Worse?
· [49] Olympics Didn't Cause The Exaflood
· [49] AT&T Cooking Up New VoIP Product
Most people now reading
· [Speed] Comcast to throttle individual users; all protocols [Comcast HSI]
· Criss Angel revealed. [56k lookout! (broadband heavy)]
· How I Stole Someone's Identity [Security]
· How do you file things on your computer? [General Questions]
· Anyone know how to capture NBCOlympics.com video streams [General Questions]
· DIR-655 Firmware 1.20 Released [D-Link]
· Ecobill - Comcast sent email pushing paperless bills [Comcast HSI]
· Extjs grid combo box. [Webmasters and Developers]
· Philly Metro VHO8 Update [Verizon FIOS TV]
· Neighbor Yanks a Power Line & Voltage Overloads the Block [Home Repair & Improvement]