When a faulty McAfee update released\u00a0last Wednesday morning caused a network-wide Windows XP crash, many iCIT employees were called on to manage restoration of computer\u00a0functionality\u00a0across campus.\u00a0 \u00a0<\/p>\n
\u00a0“I’d like to thank each and every one of you who stepped up, putting in extra effort, time and hard work, to help manage this situation in a smooth and timely fashion, even when there were many ‘unknowns” to deal with,” said Elena Pokot, CIO.<\/p>\n
To recap:\u00a0 The security firm McAfee\u00a0provides daily updates to its subscribers.\u00a0\u00a0\u00a0Wednesday’s update (DAT 5958), \u00a0misidentified “svchost.exe” file in Windows XP Service Pack 3 (SP3) as malware.\u00a0 The false positive detection caused \u201csvcholst.exe\u201d to be quarantined or deleted, locking computers with Windows XP SP3 in\u00a0 re-boot mode, and disconnecting them from the network.<\/p>\n
At UW-W, the iCIT response was quick.\u00a0 Distribution of the update was disabled within 40 minutes.\u00a0 The fix provided by McAfee, which required machines to restart in order to restore connectivity, was in hand by 11 a.m.\u00a0\u00a0 The iCIT team restored computer labs by 11:15 a.m., and most personal workstations were up and running by 3 p.m.\u00a0 In some cases, the affected file was deleted, and in those situations, the fix requires a technician to visit and restore the PC.\u00a0 \u00a0Those computers are being restored on a case-by-case basis as the\u00a0Technology Service Center\u00a0is being notified.<\/p>\n
The faulty release impacted businesses and institutions across the globe, including Intel, Dish Network, several major hospitals and other institutions.\u00a0\u00a0 For more information, attached are links to ZDNet and Computer World:<\/p>\n
http:\/\/blogs.zdnet.com\/Bott\/?p=2003<\/a><\/p>\n