Bug in McAfee patch causes system failures
A bug in patch 1 for McAfee VirusScan Enterprise v8.7i caused serious problems according to several user reports. On updated PCs, the scanner "discovered" a worm (W32/Generic.worm.aa) in several Windows XP and Vista system files and deleted or moved them. The result was that the PCs hung up or booted repeatedly when restarted.
In order to avoid further damage, McAfee initially removed the patch from its service portal and download pages. Users who had already installed patch 1 in their environments, but haven't noticed any problem yet are being advised by McAfee not to uninstall it. The DAT files that McAfee has been distributing since the 7th of June are promised to prevent the false alarm and so eliminate the problems.
Customers that have already encountered problems are advised to contact McAfee support. McAfee says the error only affected a small number of business clients, but several disgruntled administrators are discussing the subject in the McAfee forums.
The number of false alarms from virus scanners has strongly increased in the recent past. In February, Bitdefender and G DATA crippled many Windows systems by incorrectly identifying Winlogon.exe as a trojan and deleting it. Bitdefender and G Data, however, are not the only programs now finding false positives.
- False positive detection for W32/Generic.worm.aa with VirusScan Enterprise 8.7i Patch 1, advisory from McAfee.
- Bitdefender and GData delete winlogon system file, a report from The H.
- Another false alarm in AVG antivirus program, a report from The H.