For those of you unfortunate enough to be using McAfee for your anti-virus I hope you did not install the DAT file released this morning (DAT 5958). Many organizations are reporting major problems with this update, up to and including bringing entire networks down.
It appears that this update is labeling the svchost.exe file, located in the Windows\System32 folder, as the W32/Wecorl.a virus. It is unclear to me at this time what action McFee is taking on the svchost.exe file. But, as any IT person would know, the svchost.exe file is critical to Windows and nearly everything Windows needs to function.
After the update is applied and actions are taken, below is a list of what users may experience:
- Windows XP SP3 clients may be locked out
- Access denied errors
- Reboot loops
- No network connectivity
Source: SANS.org
* Update 1146hrs - McAfee.com
* Update 1642hrs - McAfee has a "labor intensive" fix. You can find the details here.
Posted by
Mike Wright
