"The issue is well over 24 hours old now, and it's been 'officially' confirmed for nearly 24. That's a very long time to have AV [antivirus] in a faulty state," a user named mjmurra wrote hours before McAfee released VSE 8.8 Hotfix 793640 to remediate the issue. "At least one saving grace is that many customers had their machine switched off over the weekend," he said in a later post.
VSE 8.8 Hotfix 793640 is mandatory and includes the full DAT 6809 package, McAfee said.
Because of this the file is approximately 100MB in size and deploying it to thousands of machines posed a challenge for some administrators.
"McAfee is working on a smaller solution that will remediate the issue without the need to include the full DAT package," the company said. "There is no current ETA for this release."
In the meantime, McAfee recommended that the hotfix be deployed in stages on networks with offsite branches, where it might cause bandwidth issues. "For example, schedule the update task to run for one group at a time," the company said.
Another problem encountered by administrators was determining which of the systems under their care were affected. The ones with the buggy DAT files should report a DAT and antivirus engine version of 0.0000 to the central ePolicy Orchestrator (ePO) server.
However, after the hotfix is deployed, some computers can continue to report this bogus information because of caching until they are forced to provide full property data to the ePO server, McAfee said.
Even though the hotfix does not force a reboot, the company recommended that administrators reboot all client systems at their earliest convenience in order to validate that the fix was successfully installed.
Some users whose affected systems include servers were not happy with this. "This has predominantly affected our servers and rebooting them isn't an option," a customer named harris_s said on the McAfee forum on Tuesday.
"I work in a very tightly controlled environment and rolling out a 100mb hotfix that MAY require a reboot ASAP is not going to happen," a user named Superhoop said.
This is not the first time that McAfee has issued a bad DAT file. In April, a DAT update for McAfee email gateway security products resulted in system crashes and message scan failures.
However, McAfee is not the only antivirus company that was forced over the years to deal with buggy updates that affected their customers' computers in a serious manner.
"Since these events are becoming a worrying trend, should we implement test procedures inside our organizations as we do with other updates like the ones deployed by Microsoft with Windows Update?" Manuel Humberto Santander Pelaez, a security incident handler at the SANS Internet Storm Center, asked in a blog post on Monday.
Some users who responded to his blog post believe that testing every antivirus update would cost too much time and resources compared to the possible benefits. Others said that delaying the update deployment by 24 hours or deploying the updates in stages starting with the least critical systems would limit the impact of a bad update.
Delaying antivirus updates increases a computer's window of exposure to the latest threats. However, this is a calculated risk that some administrators are apparently willing to take.