Updating antivirus dat files on diskette
Essentially, most of the company's computers were frozen and computer work -- such as email and word processing -- could not be done.As I was driving to the incident response location, I thought through what might be happening: Perhaps a logic bomb had been implemented or a botnet distributed denial-of-service (DDo S) attack was in progress.This anomaly has been used maliciously, explicitly to ...Mc Afee Virus Scan On-Access General Policies must be configured to not exclude any URL scripts from being scanned unless the URL exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.Mc Afee Virus Scan On-Access General Policies must be configured to not exclude any script processes from being scanned unless the process exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.In fact, that very scenario played out in many IT departments just recently.It can not be used to undo this bad signature because affected system will lose network connectivity. Mc Afee's support web sites currently respond slowly and are down at times, likely due to the increased load caused by this issue. One fix is to delete the bad DAT file the client at "C:\Program Files\Common Files\Mc Afee\Engine". No reboot loop, no message, but about nothing was working. Application working with windows XP SP3 not running. We are currently sitting on version 5960 and use Sonicwall to push our updates out to the workstations. And so, when I discovered that one of our systems was missing its network connections, I attempted to repair the operating system using a Windows setup disk.The problem is a false positive which identifies a regular Windows binary, "svchost.exe", as "W32/Wecorl.a", a virus. Several readers reported that this procedure worked to recover: 1 - Boot the system in "Safe Mode" 2 - copy in c:/program files/common files/mcafee/engine 3 - reboot. I have contacted Technical Support by chat on another machine (without Mc Afee) and I have never been told that there was any problem with the latest update although I asked for directly. When the news broke, I was cringing waiting for the phone to start ringing off the hook.....silence IS golden! The repair made it to the Installing Devices portion and then rebooted. it wants to continue running the repair, but it can't.
The e Policy Orchestrator is used to update "DAT" files throughout enterprises. We also had some laptop users get the DAT file from home or while coming into the office. We now have about 100 machines that are in a reboot loop. While it is a less convenient method, it is probably the best way. It is not like reported in thi blog, but the has been deleted and windows got in real problem.However, learning from such events can help you be better prepared should any sort of major network outage occur. Hayden (Ernie), CISSP, CEH, is the founder and owner of 443 Consulting, LLC, an enterprise focused on providing quality thought leadership in the areas of information security, cybercrime/cyberwarfare, business continuity/disaster recovery planning, and research.Most recently, Ernie was Information Security Strategic Advisor in the Compliance Office at Seattle City Light.The Mc Afee Virus Scan Managed Client STIG is published as a tool to improve the security of Department of Defense (Do D) information systems.The requirements are derived from the NIST 800-53 and related documents.