McAfee Antivirus Update Flaw Forces Windows XP Reboot

By Stefanie Hoffman, CRN
April 21, 2010 6:49 PM ET

Page 1 of 2

McAfee, to say the least, had its fair share of problems Wednesday when a buggy antivirus software update caused computers running Windows XP to shut down and experience serial reboots.

An initial McAfee investigation indicated that the reboot glitch is linked to an antivirus update that detects a false positive, causing XP computers, specifically those running Service Pack 3, to somehow mistake a legitimate operating system for malware.

"McAfee is aware that a number of customers have incurred a false positive error due to this release. Corporations who kept a feature called 'Scan Processes on Enabled' in McAfee VirusScan Enterprise disabled, as it is by default, were not affected," the Santa Clara, Calif.-based company said in a statement.

Windows XP users who are affected by the error are subject to the blue screen of death and an almost unending loop of shutdown messages and reboots. However, the buggy update and reboot glitch did not appear to affect Windows Vista or Windows 7.

According to a SANS Institute report, the issue stemmed from an infected McAfee DAT file version 5958, which caused Windows XP systems to enter a continual reboot cycle and lose network connectivity. The report indicated that the flawed DAT file affects both individual workstations well as user workstations connected to a network.

Apparently McAfee's prized platform ePolicy Orchestrator, which is used to update virus definitions as well as DAT files, served as a catalyst for the accelerated spread of the bad DAT file, but can't be used to reverse the damage, according to SANS researchers.

"It can not be used to undo this bad signature because affected systems will lose network connectivity," said Guy Bruneau, SANS researcher, in a blog post Wednesday.

McAfee said that it released an updated DAT file to suppress the detection, although it doesn't repair the glitch, and said that "the faulty update was quickly removed from all McAfee download servers, preventing any further impact on customers. We are not aware of significant impact on customers."

Next: Thousands Of Computers Shut Down By Bug

1 | 2 | Next >>

To continue reading this article, please download the CRN Tablet Edition app from the iPad App store.

Related: Videos | Slide Shows | ChannelCasts | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Bit9 Security Survey: Nobody Wants To Be A Headline What's keeping IT security professionals awake at night? These survey results provide insight into perceived threats and vulnerabilities, the effectiveness of security practices, and opinions about disclosure practices.
	Nix That Click: Six Scareware Scams To Watch Out For SpywareRemove.com provides a list of some of the nastiest rogue antispyware programs out there -- designed to trick people into paying to remove malware from their computers.
	Malicious Malware: Six Ways Cybercriminals Beat Security Cybercriminals have become adept at going around the latest security defenses. Here's a list of some of the most innovative malware in use today.
	More Slide Shows