|
|
2#
楼主 |
发表于 23-4-2010 10:37:38
|
只看该作者
McAfee AV Customers Have A Very Bad Day
22Apr2010 – The whole purpose of antivirus products is to protect your environment from malicious or annoying intrusions that can keep you from being productive. Unfortunately, McAfee antivirus customers had a very unproductive day yesterday, April 21, 2010, when McAfee released a virus signature that inadvertently identified a legitimate Windows operating system file (SVCHOST.EXE) as malicious. SVCHOST allows software components to communicate directly over a network and is part of the core Windows XP operating system. With McAfee’s “fix” the file was detected, quarantined and deleted from the system, causing the machine to go into an endless cycle of reboots. The situation has become a huge issue for corporations, since many have not switched to newer versions of Microsoft’s operating system.
McAfee has now retracted the signature in question and re-posted an updated signature that does not contain the false positive. However, these new signatures alone will not restore a previously deleted SVCHOST.EXE file. The file must either be restored from the product’s Quarantine (if the machine has not been rendered inoperable), or must be restored manually by a technician via a clean boot from a Windows installation CD or via Windows Safe Boot Mode.
Symantec has spent a great deal of time over the years investing in an end-to-end process to prevent false positives. Our automated processes test each new signature database against millions of known clean files before releasing them to the field. This set of files is regularly updated to make sure we have the very latest clean programs from legitimate software vendors (e.g., Microsoft, etc.). We also leverage our reputation technology to help us identify clean files not contained in our database, to ensure that we don’t incorrectly cause false positives on these files as well.
For McAfee endpoint security customers, there are a couple of Symantec solutions that can help them get back up and running.
*
Altiris Deployment Solution: Helps customers remotely remediate this problem eliminating the need for a desk-side visits. Even if you are not a current Altiris customer, this solution can be installed to address the problem.
*
Backup Exec System Recovery (BESR): Can help restore systems to last known healthy image. Re-building a system manually can take a huge amount of time. With BESR, this process is fully automated and can recover a server within minutes.
[ 本帖最后由 chubbycat 于 23-4-2010 09:39 编辑 ] |
|
发表于 23-4-2010 04:23:09
收藏
赞
踩