iCIT team restores service after McAfee gaff

When a faulty McAfee update released last Wednesday morning caused a network-wide Windows XP crash, many iCIT employees were called on to manage restoration of computer functionality across campus.   

 “I’d like to thank each and every one of you who stepped up, putting in extra effort, time and hard work, to help manage this situation in a smooth and timely fashion, even when there were many ‘unknowns” to deal with,” said Elena Pokot, CIO.

To recap:  The security firm McAfee provides daily updates to its subscribers.   Wednesday’s update (DAT 5958),  misidentified “svchost.exe” file in Windows XP Service Pack 3 (SP3) as malware.  The false positive detection caused “svcholst.exe” to be quarantined or deleted, locking computers with Windows XP SP3 in  re-boot mode, and disconnecting them from the network.

At UW-W, the iCIT response was quick.  Distribution of the update was disabled within 40 minutes.  The fix provided by McAfee, which required machines to restart in order to restore connectivity, was in hand by 11 a.m.   The iCIT team restored computer labs by 11:15 a.m., and most personal workstations were up and running by 3 p.m.  In some cases, the affected file was deleted, and in those situations, the fix requires a technician to visit and restore the PC.   Those computers are being restored on a case-by-case basis as the Technology Service Center is being notified.

The faulty release impacted businesses and institutions across the globe, including Intel, Dish Network, several major hospitals and other institutions.   For more information, attached are links to ZDNet and Computer World:

http://blogs.zdnet.com/Bott/?p=2003

http://www.computerworld.com/s/article/9175928/The_McAfee_update_mess_explained?source=CTWNLE_nlt_pm_2010-04-22

Leave a Reply