McAfee locks up Windows XP

Following an update to the McAfee antivirus solution for enterprise clients, a false positive caused grave problems for Windows XP machines.

This is a rather large mistake made by McAfee. Even more annoying is that it affects their professional clients, although it appears that home users also encountered issues with this false positive.

On Wednesday, McAfee released an update to their virus definitions, through the DAT 5958 data file. This update was made available to the VirusScan Enterprise 8.7i SP3 system, although once installed it detected a false positive of the W32/Wecorl.a virus which exploits a vulnerability in the rather old Service service, an element which Microsoft released a corrective patch for in October 2008.

This false positive had some nasty consequences for Windows XP SP3 users (although it appears that it is only this system) detecting an alleged infection in svchost.exe (Service Host Process), a generic Windows process which is used as a host for services executed from a DLL file. With the svchost.exe file relegated to quarantine, some users witnessed their computers continually rebooting.

McAfee then released version 5959 on the same day so as to avoid other users from witnessing this problem. On this page dedicated to the problem, the editor provides information about the palliative state of affected computers.

This isn’t the first time that an antivirus update has been at the root of such a problem. This was also recently the case for BitDefender, although other software editors have also committed similar errors, with iTWire coming to mind, along with Kaspersky, Trend Micro, Sophos and even Symantec.