What's new
By:
Filters
ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

McAfee Corporate users..



Cookie

Cookie

ClioSport Club Member
Just a heads up for anyone currently being battered via email/phone by people, there's some major issue with the latest DAT file (5958 I think) that was rolled out by McAfee

It's a false positive virus detection I believe, but it's constantly rebooting our servers/clients

It's quite funny watching the monitoring software going absolutely [word filtered] :p
 
M

McBunny

i stopped epo rolling this out at about 4:30 not that mine had actually downloaded it yet anyway it checks the repository at 7am
 
jenic

jenic

ClioSport Club Member
Weve just had the latest mcafee installed on all our work laptops.

Complete crock of s**t tbh, has caused loads of issues with our work as we have been unable to connect to some of our ethernet equipment and now I have yet another password to have to remember. Happy days :(
 
Cookie

Cookie

ClioSport Club Member
Heh, my BB is getting hammered tonight.. thankfully we have a US team online and in the office to fix it, as well as some of my colleagues in Jersey

It's still gonna be a mess in the morning, joy!
 
G

Gray

  340i
ahh I am sure our American counterparts will be enjoying this... See what happens in the morning!
 
KDF

KDF

  Audi TT Stronic
I do IT consultancy for a company in Glasgow, 1500 machines just got hit with this.. mass panic ensued lol I finished up and 5, said good luck (it's nothing to do with me) and left lol
 
ChrisR

ChrisR

ClioSport Club Member
Well I let my conscience get the better of me and logged in to disable the repository pull.

Can't be doing with the hassle tomorrow if it does screw up, that link says they've updated the dats again since, but our pull is scheduled for the evening so it might still pull the bad one down.

And I'm not even on call tonight, how nice of me (although it'd be me fixing the thing tomorrow).

Ta for the heads up :)
 
A

Andy.

  Cupra
It blew right over us. Apparently only 0.5% of all business accounts were affected. McAfee quickly released 5959 which solved the problem.
 
M

McBunny

just had one it was a laptop that was out and about yesterday so it pulled the update direct from mcafee instead of from our epo
 
Cookie

Cookie

ClioSport Club Member
It's hit our Indian office pretty hardddddddd

Apparently 5959 is knackering all sorts of services on the local machines.. woops

Edit: Evidently that's caused by svchost.exe being quarantined, the Indian office aren't too bright :p
 
Last edited:
M

McBunny

obviously lol

strangely the one affected here hadnt had it quarantined that i could tell so just copied it back over the top
 
Gareth

Gareth

  Turbo'd MX-5 MK4
3500 computers effected here, woop, lol. Thankfully I've only had to sort one of them (so far anyway)
 
Cookie

Cookie

ClioSport Club Member
Most of our desktop estate has been switched to Vista, so apparently we had far less damage than most.

India was wiped out though, they are still on XP
 
D

DMS

  A thirsty 172
FLOL. Only just noticed this topic after replying to your training one.
The support guys here have been running around all morning trying to sort this shite out. I think across 3 schools in Westminster, Nottingham and Manchester we've had a total of 380 odd client machines that will no longer boot correctly.
 
D

DMS

  A thirsty 172
Even funnier is that if you read the McAfee license agreement, it explicitly states that they will accept no responsibility, financial or otherwise, for any loss or damage that occurs as a result of using their software.
 
D

DMS

  A thirsty 172
Exactly. I bet their Execs are relieved they've got that little statement in their license agreement after all this.
 
D

DMS

  A thirsty 172
Official McAfee response to this f**k up:



McAfee takes full responsibility for what has occurred and sincerely apologizes to you for the inconvenience it has caused.
What happened?
On Wednesday, April 21, McAfee responded to a new global threat to Windows PCs and released a virus signature update that significantly impaired some of our customers' computers. Our impacted customers reported a variety of symptoms, ranging from a system “blue screen” to experiencing a perpetual state of reboot.
How did this happen?
A problem arose during our QA testing process as we were creating the DAT 5958 file. We had recently made a change to our QA environment as we were working to address a rare and urgent request from a mission-critical government defense customer. Unfortunately, the QA environment was not reverted back after we responded to the urgent request.
As a result of the changed test environment, the generic signature for W32/Wecorl.a in DAT 5958 was not tested for memory scanning on Windows XP Service Pack 3. All other tests were executed and passed on Windows XP Service Pack 3 in addition to all other supported operating system platforms. The false positive would have been detected, had the test environment been in its standard setup and properly configured for memory scanning on Windows XP Service Pack 3.
What we’re doing to help impacted customers?
Upon learning of this issue, our top priority has been to get everyone up and running as quickly as possible. Immediately upon being notified of the issue our global teams began proactively reaching out to our customers.
We promptly alerted customers, removed the incorrect DAT, replaced it with a corrected version, and have been frequently updating with customers on developments. We released information and best practices in our blog and KnowledgeBase, made tools available to help customers get back up and running, and provided corporate customers with hands-on support to repair impacted systems.
What steps are we taking to prevent this from happening again?
We have undergone a thorough root cause analysis and are implementing many failsafe process improvements to ensure this never happens again.
This includes:
· a failsafe change control process;
· expanded use of automated test system configuration tools;
· implementing additional QA protocols for any releases that directly impact critical system files;
· rolling out additional capabilities in Artemis that will provide another level of protection against false positives by leveraging an expansive white list of critical system files and their associated cryptographic hashes;
· and other critical product enhancements that will engineer safeguards into the system protection process.
If you would like more information on the root cause and the detailed steps we are taking to prevent this from happening in the future, we would be happy to schedule a call with a McAfee executive to brief you on additional details.
What we’re offering?
If you are one of McAfee’s corporate customers with PCs that have been rendered inoperable or severely impaired as a result of the faulty DAT 5958 file McAfee released, we sincerely apologize for the inconvenience this has caused.
McAfee is offering a customer commitment package that starts with a health check. The health check begins with an automated tool then is followed up by a 4 hour session with one of our remote consultants. We also commit that the results of your Health Check will be reviewed by senior members of our Engineering, Support and Theatre leadership teams. Then we will provide you with access to the online Health Check tool for a full year so you can run it as often as you like. If you are interested I would be happy to make that request for you. Or, if you’d prefer, you can make the request directly by emailing Register@McAfeeQuickstart.com by June 15, 2010.


What tools, resources, or other assistance can McAfee provide that will alert me to these as soon as you know?
Our Support Notification Service (SNS) provides valuable product information via email to help you maximize the functionality and protection capabilities of your McAfee products.
· SNS Support ALERTS – critical information sent immediately and requiring action. Includes virus/malware outbreaks; DAT file false-positives; product vulnerabilities; and critical remediation updates.
· SNS Support Notices – selected product information sent immediately. Includes updates, upgrades, patches, EOS/EOL, release notices; operational issues (password resets, portal issues; etc.).
· SNS Weekly Bulletins – include Notices and ALERT information plus updates on other category products for the preceding week.

In this particular situation, working with our McAfee Labs team, we issued an initial Support Notification Service alert within one hour to 180 thousand contacts in our database, and over the next 14 hours provided four subsequent alerts with additional, tools, procedures, recommendations, and ongoing updates on how to mitigate the issue, and when the replacement DAT was available.

Where can customers turn for the latest information on this issue?
The McAfee information library and the Knowledge Base site updated (http://www.mcafee.com/us/about/false_positive_response.html) to provide complete solutions for this issue.
United Kingdom
+800 1225 5624
+800 6247 7463


Patrick McNamara
Internal Channel Account Manager
UK & Ireland
Click to expand...
 
You must log in or register to reply here.

Similar threads

DeeKay86
My Comprehensive Notes from todays Apple WWDC Keynote!
Replies
25
Views
3K
Ay Ay Ron
Ay Ay Ron
Homer-Simpson
Bad customer service now with bad publicity
Replies
11
Views
2K
Gouldy
Gouldy
F
Server Spyware/Virus Ugh...
Replies
14
Views
686
rctempire
rctempire
G
gtruk's RSTUNER review
Replies
12
Views
2K
gtruk
G
F
No compromise Supercharged ek9 progress thread
12 13 14
Replies
535
Views
88K
gudger12345
gudger12345


Top