This morning McAfee pushed out its latest update as it will often do, but this morning that update has caused quite a catastrophe. DAT update 5958 deletes the svchost.exe file (which is a common Windows file), which it then triggers a false-positive in McAfee itself and sets off a chain of reboots and loss of networking access.
McAfee has released this statement:
“McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2.00 PM GMT+1 (6am Pacific Time).
Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.
The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers. We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence.
McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. McAfee apologizes for any inconvenience to our customers”
The McAfee support website was temporarily down. After researching this from other websites and tweets from twitter, it seems like hundreds of thousands of machines could be affected, from several large companies. The only fix right now for these corporate users is for their IT support to fix each machine individually. Does McAfee not test these updates before releasing them into production? If you have McAfee stock, I would recommend selling!
