A flawed McAfee antivirus update sent enterprise administrators scrambling yesterday as the new signatures quarantined a crucial Windows system file, crippling an unknown number of Windows XP computers, according to messages on the company's support forum.
The forum has since gone offline.
McAfee confirmed it had pushed the faulty antivirus update to users. "McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21," said company spokesman Joris Evers in an email reply to questions. "The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2:00 P.M. GMT+1 (6:00 A.M. Pacific)."
According to users on McAfee's support forum, today's update flagged Windows' "svchost.exe" file, a generic host process for services that run from other DLLs (dynamic link libraries).
"HOW THE F*** do they put a DAT out that kills a *VITAL* system process?" asked Jeff Gerard on one thread. "This is goddamn ridiculous," added Gerard, who identified himself as a senior security administrator with Wawanesa Mutual Insurance Company of Winnipeg, Manitoba, in Canada. "Great work McAfee! GRRRRRRRRRRR."
As of 3:30 p.m. ET, McAfee's support forum was offline, with a message reading "The McAfee Community is experiencing unusually large traffic which may cause slow page loads. We apologize for any inconvenience this may cause."
Both users and McAfee said that the flawed update had crippled Windows XP Service Pack 3 (SP3) machines, but not PCs running Vista or Windows 7. "Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3," acknowledged Evers.
Affected PCs have displayed a shutdown error or blue error screen, then gone into an endless cycle of rebooting, users claimed.