/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Smitten by bug in its antivirus program, McAfee on Friday said that it was working on additional protocols and additional capabilities in Artemis Technology to provide another level of protection against false positives.
Artemis is a McAfee technology that its desktop software uses to help identify suspicious files by matching their digital “fingerprints” with a database stored on the company's servers.
It may be recalled here that hundreds of computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves on Wednesday after an antivirus program identified a normal Windows file as a virus. Many of the customers were stated to be suffering from the bug on Friday also.
“McAfee is aware that a number of customers have incurred a false positive error due to this release. We believe that this incident has impacted less than one percent of our enterprise accounts globally and a fraction of that is within the consumer base of products such as McAfee VirusScan Plus, McAfee Internet Security Suite and McAfee Total Protection,” Nitin Jyoti, Manager, Malware Research-India, McAfee Labs said in an interview with CIOL.
However, the spokesman could not not give any numbers regarding the customers affected in India.
Impact
The spokesman said that a subset of systems running Windows XP Service Pack 3 and having specific versions of the svchost.exe file was affected. Svchost.exe files found on Windows 2000, Windows 2003, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Vista, Windows 7 and older versions of Windows were not affected.
McAfee corporate customers who have the McAfee VirusScan Enterprise product have reported a variety of symptoms, ranging from a system “blue screen” (not to be confused with BSOD, but due to the issues with Explorer and svchost.exe), loss of network connectivity, inability to use USB, and experiencing a perpetual state of reboot. Users have reported these symptoms when both the files are present on the system (in quarantine), or has been deleted entirely.
Minimal impact has been observed to McAfee’s consumer customers because McAfee rolled back the faulty DAT before the update hit the majority of consumer user systems.
Measures
Jyoti said McAfee is implementing additional QA protocols for any releases that directly impact critical system files. They are also rolling out additional capabilities in Artemis that will provide another level of protection against false positives by leveraging an expansive whitelist of critical system files and their associated cryptographic hashes.
He said the vast majority of their customers are now back up and running and McAfee remains focused on those that remain affected. “Nearly all of our 7,000 employees have been working around the clock to help customers to get back to business as usual and to make sure this never happens again.”