Related Links

Top 5 Stories


McAfee security software flags Windows kernel code as malware

22 April 2010

Reports are coming in that McAfee's popular IT security software is tagging Microsoft Windows system files as malicious, causing serious stability problems, screen freezes and bootup loops for a large number of Windows XP users.

Reporting on the incident last night, the SANS Internet Storm Centre said they had received "dozens of reports" from McAfee users who complained that a recent anti-virus update (DAT 5958) was causing Windows XP Service Pack 3 clients severe problems.

SANS said that Windows svchost.exe executable is being flagged as malicious by McAfee, resulting in an endless reboot loop or networking features that stop working.

According to Brian Krebs, a leading US security expert, one symptom is that McAfee reports that user systems are infected with W32.Wecorl.a.

"The anti-virus program's attempts to destroy or quarantine that targeted process then forces the Windows machine into a reboot cycle", Krebs noted in his blog posting last night.

McAfee has responded to reports of the problems with confirmation that it is working urgently on a workaround and a patch for its software is in the pipeline.

"McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2pm GMT", the company said in a prepared statement.

Infosecurity notes that some versions of McAfee's software can be customized to ignore the presence of svchost.exe and 'trust' the relevant program code. This may be a workaround for some users of the firm's IT security software.

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×