Mcafee dats not updating

A malware definitions update pushed by antivirus giant Mc Afee to its customers yesterday contained a buggy detection routine that caused millions of computers to go into a reboot loop.

mcafee dats not updating-54

Mc Afee released a corrected update, DAT 5959, hours after the bogus definition went out.

However, the fix has to be deployed to affected systems manually in Safe Mode, a nightmare for IT staff in large enterprises with thousands of computers.

Additionally, if the file has been deleted or quarantined, it must be restored from backup locations.

The procedure is described in more detail in a Mc Afee knowledge base article associated with this incident.

The obvious question is why an update affecting such an important file made it through the Quality Assurance (QA) process, which normally involves scanning a known clean set of files, containing system ones.

"Mc Afee's DATs use techniques to avoid scanning and causing false positives on Microsoft files in the majority [of] situations, for example if this was a simple scan of the file as it was accessed on the file system these would have prevented the false positive.

Because this was a memory scan of the running process that then caused a subsequent scan of the file on disk these mitigation techniques were unfortunately circumnavigated," the company explains.

But Mc Afee is certainly no stranger to false positive incidents.

In June 2009, the company withdrew a service pack-like patch for its Virus Scan Enterprise 8.7i product, after it deleted several system files and left thousands of computers unbootable.

Comments are closed.