Posted by: paragon | April 22, 2010

McAfee Response To Current False Positive Issue

In the past 24 hours, McAfee identified a new threat that impacts Windows PCs. Researchers worked diligently to address this threat that attacks critical Windows system executables and buries itself deep into a computer’s memory.

The research team created detection and removal to address this threat. The remediation passed our quality testing and was released with the 5958 virus definition file at 2.00 PM GMT+1 (6am Pacific Time) on Wednesday, April 21.

McAfee is aware that a number of customers have incurred a false positive error due to this release. We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base–home users of products such as McAfee VirusScan Plus, McAfee Internet Security Suite and McAfee Total Protection. That said, if you’re one of those impacted, this is a significant event for you and we understand that.

Our initial investigation indicates that the error can result in moderate to significant issues on systems running Windows XP Service Pack 3.The immediate impact on corporate users was lessened for corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, though those customers could also be impacted when running an on demand scan.

The faulty update was removed from all McAfee download servers within hours, preventing any further impact on customers.

McAfee teams are working with the highest priority to support impacted customers. We have also worked swiftly and released an updated virus definition file (5959) within a few hours and are providing our customers detailed guidance on how to repair any impacted systems.

Corporate Customers
– These entries in our virus information library and the knowledge baseprovide workarounds for this issue for corporate customers
– Customers are discussing the issue in our online support community

Consumers
– This support page provides information for impacted consumers
– Consumers are also discussing the topic in the online community

To contact McAfee by phone in your region, go to the “Contact Us” page on our Web site and select your country for the correct number.

We are investigating how the incorrect detection made it into our DAT files and will take measures to prevent this from reoccurring.

We sincerely apologize for the inconvenience this has caused our customers and will update this blog posting as more details become available.

Barry

PS: I just published another blog in response to some of your comments below.


(Updated at 3.35 PM PT to include statement on number of customers impacted.)
(Updated at 3.50 PM PT with a link to details for consumers who were impacted.)
(Updated at 5.13 PM PT with link to knowledge base.)
(Updated at 5.44 PM PT to correct the number of impacted consumers.)
(Updated at 8.20 PM PT removing detail on 5959 DAT capabilities.)
(Updated at 9.27 PM PT to provide additional detail on customer impact added link to new blog post.)
(UPdated at 10.01 PM PT to add a link to the support community.)

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: