McAfee released an antivirus update yesterday that crippled Windows XP computers worldwide. The DAT 5958 update affects only computers running Windows XP Service Pack 3.
Here’s how the SANS Internet Storm Center describes the mess-up:
McAfee’s “DAT” file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and [lose] all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of “ePolicyOrchestrator”, which is used to update virus definitions across a network, appears to have [led] to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update “DAT” files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.
The problem is a false positive which identifies a regular Windows binary, “svchost.exe”, as “W32/Wecorl.a”, a virus.
This is ridiculous if you ask me. The svchost.exe is a crucial Windows binary and just about everyone knows about it. Funny it should identify svchost.exe as a virus! I’ve been told this is the third mess-up from McAfee in a period of 4 years.
If you’re a McAfee customer, I have two recommendations for you:
1. Do not install the DAT 5958 update – block it. Wait for instructions from McAfee.
2. Consider implementing a state-of-the-art antivirus solution, that is more reliable and fares better in the comparative reports.
Microsoft Forefront Client Security is Microsoft’s cutting-edge client security solution which fared well in the VirusBulletin reports and many other studies. For more information, read my earlier post on “Forefront vs. the Competition”.