But how did this slip through? McAfee hasn't explained everything, but it did acknowledge that " mistakes happen ," in the words of its executive vice president of support, Barry McPherson. A company spokesman didn't set a timetable for the FAQ's appearance, saying only that it would be "soon." Today, McAfee said it was planning to publish an FAQ of its own that would spell out in more detail which customers where affected, and which were not. "If it's a clean install of EPO to the latest version, then we believe the option to be off by default."ĮPO is McAfee's corporate security management platform, and is used to push out signature updates enterprise-wide. in the majority of scenarios the setting at question is enabled by default," said Davis. "Investigations today shown that if you upgrade to the latest EPO. To make matters even more confusing, Mike Davis, the managing director of Centrality, a U.K.-based network design and support firm, said that fresh installs of McAfee's Enterprise Policy Orchestrator (EPO) have the setting off by default, but upgrades do not. There's also note in the VirusScan 8.7 Patch 3 update's Readme file that says the same thing. And a McAfee support document urges users to set the feature to off after updating VirusScan 8.7 to Patch 1. One user told Robert McMillan of the IDG News Service that his installation was on by default. The setting Price referred to, "Scan Processes on enable," is off by default in most installations of VirusScan 8.7.īut not all. "I've not seen any reports from customers who had left this setting disabled," said Samantha Price, a manager of McAfee's global threat response team, in a message on the firm's support forum for VirusScan Enterprise. If you're running an older version, including the earlier Enterprise 8.5, you were in the clear.Ī McAfee manager shed some additional light on why some Windows XP SP3 systems were clobbered, while others kept on running. Only machines running VirusScan 8.7 were affected, users reported and McAfee confirmed. Why were only some crippled? Good question. There are, however, scattered reports on the McAfee support forum of Vista machines also going down. McAfee also said even older editions - such as Windows 98 - were unaffected. Other version of Windows XP, including SP1 and SP2, were not nailed by the update, nor were systems running Windows 2000, Vista, Windows 7, Windows Server 2003 and Windows Server 2008. What machines were affected? Only PCs running Windows XP Service Pack 3 (SP3), says McAfee. Most also lost all network capability, and some were unable to "see" USB drives, a major problem since recovery may require the reinstallation of svchost.exe, something that could be done more easily by walking a flash drive from one crippled computer to the next. When users applied the update, then rebooted, they were toast: The machines crashed and rebooted repeatedly. Why did the PCs crash and burn after getting the bad update? Without svchost.exe - a generic host process for services that run from other Windows DLLs (dynamic link libraries) - a Windows PC won't boot properly. Think of the snafu as if the police pinned a crime on a suspect based on flawed DNA testing, only to find out they'd got the wrong guy. In some cases, the update actually deleted the file. Instead, it went rogue, wrongly fingered the critical "svchost.exe" file in Windows XP Service Pack 3 (SP3) as malware, and then quarantined it by removing it from its normal location. Wednesday's update - McAfee pushes daily updates to its corporate customers - was meant to detect and destroy a relatively minor threat, the "W32/wecorl.a" virus. What happened? Short answer: McAfee screwed up.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |