CA Names Windows Component As Virus, Then Recants

Server malware

According to a technical note on its support site, CA said that eTrust Antivirus 7.0, 7.1, and 8.0 were updated with a skewed definition file last week that wrongly sniffed out Windows' LSASS service as the "Lassrv.b" virus.

By quarantining the service's "lsass.exe" executable, the virus update caused servers to crash, and in some cases made them unusable.

CA posted instructions on its support site for users whose Windows Server 2003 systems would not reboot, not even in Safe mode. It also issued a corrected definition file, dubbed "30.3.3056," to replace and fix the error.

Although commonplace, anti-virus false positives usually don't impact widely-used software, but rather little-known applications or games. In some cases, however, poor quality definition updates have caused major problems. In March, for example, a McAfee update erroneously flagged hundreds of legitimate files as malware and broke popular programs such as Microsoft Excel.

Sponsored post