The problem relates to the DAT 5958 update, which detects the svchost.exe file as being a virus called W32/Wecorl.a.
Reports suggest large companies that manage many systems protected by McAfee's software are the worst affected. The Internet Storm Center notes that, "The use of 'ePolicyOrchestrator', which is used to update virus definitions across a network, appears to have lead to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update 'DAT' files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity."
McAfee is not alone in making such a mistake. In December last year Alwil (developer of Avast!) dumped a similarly-damaging update on its users and it would be a rare anti-virus company that could claim accurately never to have done the same thing at some stage.
Genius. Thank God none of my less IT-savvy relatives have McAfee. I'd have to install my own telephone hotline.
ReplyDelete