mcafee virusscan enterprise

[u2_storm]

McAfee Virus Scan Killing SVCHOST.exe

If you have updated to Dat 5958 today your computer will reboot and you may not be able to use your computer.

We have thousands of computers affected and a team are working to get it fixed by downgrading to 5957 and restoring SVChost.exe

Is anyone having issues with mcafee virusscan enterprise 8.7i?

[u2_storm]

Anyone at all? This is getting fairly big!

[Phenom II]

When you say shutting down, do you mean Mcafee is shutting them down ?

Have you checked the machines Event Logs ?

[Stup0t]

Anyone at all? This is getting fairly big!

Yes basically, what ever you do do not reboot yours system if you managed to do the shutdown -a command to stop it as its kills ye pc and network.

[u2_storm]

http://www.google.co.uk/search?q=mcafee&hl=en&tbo=1&tbs=rltm:1&ei=JhvPS9r4N5SCOIHziPsP&sa=X&oi=tool&resnum=1&ct=tlink&ved=0CB0QpwU

VirusScan dat file 5958

It seems to kill SVCHOST.exe

[u2_storm]

If anyone had Mcafee EPO running shut it down.... Anyone else any updates?

[u2_storm]

We have received thousands of reports indicating some issues with McAfee DAT 5958 causing Windows XP SP3 clients to be locked out. Any fixes anyone?

One fix is that we change the dat, no update yet.

[u2_storm]

sorry to bump but this is affecting all Mcafee av's for our clients.

[YaZoR]

I've had many sites affected by this.

Windows XP SP3

McAfee VirusScan Enterprise 8.5 & 8.7

Taskbar disappears, no start button, no network connections.

Unable to view events in event viewer also.

I hear McAfee are rolling a new update very soon.... but how to remotely update a PC which has had it's network b0rked?

Nice. Can't wait for work tomorrow!

[u2_storm]

If anyone can stop there McAfee from updating do so otherwise your SVChost.exe file will be 0KB

[u2_storm]

@YaZoR We are working on a fix here for our clients. but it may be replacing SVHost on tons of machines...

[Panacik]

How about starting the machine in safe mode? Does that work? If so, can you have them remove the latest DAT file? If not, can you ahve them remove the antivirus and then talk them through re-installing?

Last known config? Does that restore the dat to the old version?

Have you tried speaking to Mcaffee about this at all? Are they working on a DAT update or patch? If so, when its released, can you boot to safe mode and install it?

If the machine starts and simply starts shutting down, have the user run the command "shutdown -a" as mentioned above. Does that stop it from restarting?

[u2_storm]

It's too late for most people to do the shutdown -a

We are having sucess with installing an old superdat

will keep you updated.

[1337ish]

I take it from all this that the lastest defintions mark the svchost.exe as a virus and try to quarantine it?

[Panacik]

I really dont understand what U2_Storm was posting so much for?

I thought he wanted help, but now i think he is trying to give us advise?

I use Sophos here, so it doesnt effect me... I used to use McAffee in another company though... Both products seem to fail in their own way to be honest.

[bdsams Veteran]

thanks for the tip going front page with this!

[mak123]

McAfee is also one of best antivirus.

but i always suggest for my friends to use antivirus- KASPERSKY or Avira antivir.

this antivirus only provide realtime security and safety.

try manual update for mcafee.

[u2_storm]

I really dont understand what U2_Storm was posting so much for?

I thought he wanted help, but now i think he is trying to give us advise?

I use Sophos here, so it doesnt effect me... I used to use McAffee in another company though... Both products seem to fail in their own way to be honest.

I do want your help but at the same time I am trying to fix it and organise how to fix computers remotely, I am also trying to warn people NOT to update McAfee.

The process we are trying to replacing the Engine folder and replacing SVChost.exe from a good machine via PE.

[bdsams Veteran]

sent to digg

http://digg.com/tools/diggthis/share?storyId=20754816

[Glorious]

I noticed that we got an e-mail regarding this at work just before I finished for the day. I'd better make sure with the guy that manages the EPO it isn't updating the XP workstations with 5958.

[itzwolf]

Thanks for the notice!

[u2_storm]

Hello!

We have just put up a page on our website @ http://mycentrality.com

We are currently testing a PXE boot system to fix this issue remotely for our clients if anyone wants the scripts PM me.

U2_stormy

[bane7378]

Hello!

We have just put up a page on our website @ http://mycentrality.com

We are currently testing a PXE boot system to fix this issue remotely for our clients if anyone wants the scripts PM me.

U2_stormy

Thanks for posting this information u2_storm. It was very helpful and has worked for at least one of our systems so far. Just wanted you to know that your sharing of information is very much appreciated. :)

[u2_storm]

Great :)

We have an automated system to do this via PXE if you can boot PXE & and WAIK installed let me know and I will send you all the files to fix this.

[bane7378]

That would be great u2. I'm pretty sure in most cases WAIK shouldn't be a problem as we don't lock down the systems too horribly. Anyone we want to lock down gets a thin client. I'll PM you my email address.

Thanks again.