grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 10:56 AM, thsundel wrote:

> Yep got many answers, time to get my as* off the sofa and back to
> work.
>
> Many thanks for the heads up grimlock!
>
> Thomas


We notice that you've been holding for a few minutes (56 now).

I wish I could change my http forum name from Grimlock to my actual
name.. Sigh.

Patrick



0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 10:56 AM, CitrixDude wrote:
>
> Good lord!!
>
> I just disabled Master Repository pull that was scheduled to get
> updates in 15 minutes... so I am currently at DAT 5957 (5958 is the BAD
> one I read).
>
> This is insane.


Insane would be if you hadn't seen my post and had all of your systems
in a reboot cycle.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/10 10:29 AM, Patrick Farrell wrote:
> On 4/21/2010 10:24 AM, Matthew Good wrote:
>> On 4/21/10 9:53 AM, Patrick Farrell wrote:
>>> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
>>> my systems by detecting a false positive in svchost and causing a system
>>> shutdown. Lovely. Most people can barely get logged in before it starts
>>> shutting down, so naturally they can't read any e-mail I want to send
>>> them about how to work around this.
>>>
>>> This is going to be a fan-freaking-tastic day...

>>
>> Anybody using McAfee kind of asked for it. (:P)

>
> Don't get me started on what Norton does to systems. I'm less that
> enthused with McAfee more and more lately. I certainly won't be going
> with Symantec. Panda anyone?
>


I use Eset NOD32. Set it and forget it.
0 Likes
hspeirs Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

Patrick,

> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
> my systems by detecting a false positive in svchost and causing a system
> shutdown. Lovely. Most people can barely get logged in before it starts
> shutting down, so naturally they can't read any e-mail I want to send
> them about how to work around this.
>
> This is going to be a fan-freaking-tastic day...


There's an extra.dat out that fixes the problem.

H.

0 Likes
CitrixDude Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

So very true... THANK YOU for posting this warning. Seriously, Thank you very much!

I would have had 200+ Servers and 3000 workstations with this issue right now.
0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 11:28 AM, Haitch wrote:
> Patrick,
>
>> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
>> my systems by detecting a false positive in svchost and causing a system
>> shutdown. Lovely. Most people can barely get logged in before it starts
>> shutting down, so naturally they can't read any e-mail I want to send
>> them about how to work around this.
>>
>> This is going to be a fan-freaking-tastic day...

>
> There's an extra.dat out that fixes the problem.
>
> H.
>


Where did you find that info? The McAfee rep that's in the discussion
in the forums hasn't posted any update info yet on the issue 😞

I've been on hold for 1:17:10 now with them.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

grimlock;1964953 wrote:
The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
my systems by detecting a false positive in svchost and causing a system
shutdown. Lovely. Most people can barely get logged in before it
starts shutting down, so naturally they can't read any e-mail I want to
send them about how to work around this.

This is going to be a fan-freaking-tastic day...


Anything new on this, we are having it happen all over campus
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/10 10:52 AM, Patrick Farrell wrote:
> True.. I always set my e-mails to show all status, and I frequently see
> "deleted" but not opened. Naturally those are the ones that call with
> questions regarding what was in the e-mail.
>
> Even if they read it, they usually read about one paragraph and then
> call and ask me something that was farther down. I'll ask "Did you read
> my e-mail?" Well part of it, but I decided to call instead.
>
> Sigh.


User: Why can't I get into my e-mail?
admin: Because we are doing a system update and the e-mail will be down
for a bit.
user: Why didn't you tell us you were going to do that. Everybody here
is down.
admin: Send you an e-mail two weeks ago. Another one a week ago. Then
sent two out the last two days.
user: I never got it. You must not have sent it to everyone.
admin: I sent it to you. Got back conformation that you deleted it
without reading it.
user: I never got it.
admin: Well, according to the log file you got it, didn't read it, and
deleted it.
user: Well, I never saw it. So how long is the server going to be down?
admin: It was in the email. All the details about the conversion,
upgrade, and times was in the e-mail. I hope you backed up any e-mails
and contacts you needed saved as per the instruction in the e-mail.
user: No I didn't. Am I gonna lose my contacts. I had a lot of
important e-mails.
admin: Had is correct. (smirking evily)
user: FFFFUUUUUUU!!!!
admin: Next time read the email.

admin 2: Another phone call about the e-mail system?
admin 1: Yep. Told him he should have backed up all his contacts and
emails.
admin 2 (LOL): I bet he reads your e-mails from now on.
admin 1: I doubt it.
admin 2: When you gonna tell him he didn't lose anything?
admin 1: He'll figure it out when it done it 20 minutes.

0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 11:36 AM, abibbas wrote:
>
> grimlock;1964953 Wrote:
>> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all
>> of
>> my systems by detecting a false positive in svchost and causing a
>> system
>> shutdown. Lovely. Most people can barely get logged in before it
>> starts shutting down, so naturally they can't read any e-mail I want
>> to
>> send them about how to work around this.
>>
>> This is going to be a fan-freaking-tastic day...

>
> Anything new on this, we are having it happen all over campus
>
>

Roll back your dats. Are you using EPO to deploy them?

http://community.mcafee.com/community/business/system/vse?view=discussions

Read the top 2 threads in the forum. W32/Wecorl... and System shutting
down...

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Mcafee Enterprise users, warning...

grimlock;1965020 wrote:
On 4/21/2010 10:56 AM, thsundel wrote:

> Yep got many answers, time to get my as* off the sofa and back to
> work.
>
> Many thanks for the heads up grimlock!
>
> Thomas


We notice that you've been holding for a few minutes (56 now).

I wish I could change my http forum name from Grimlock to my actual
name.. Sigh.

Patrick


Back again. For safety, I disabled the pull on both of our ePO environments.

Thomas
0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 9:53 AM, Patrick Farrell wrote:
> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
> my systems by detecting a false positive in svchost and causing a system
> shutdown. Lovely. Most people can barely get logged in before it starts
> shutting down, so naturally they can't read any e-mail I want to send
> them about how to work around this.
>
> This is going to be a fan-freaking-tastic day...



They are e-mailing me an extra.dat file.

1 hour and 37 minutes on hold.
0 Likes
hspeirs Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

Patrick,

> Where did you find that info? The McAfee rep that's in the discussion in
> the forums hasn't posted any update info yet on the issue 😞


One of my colleagues sent it out. Have sent you a copy.

H.
0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 11:56 AM, thsundel wrote:
>
> grimlock;1965020 Wrote:
>> On 4/21/2010 10:56 AM, thsundel wrote:
>>
>>> Yep got many answers, time to get my as* off the sofa and back to
>>> work.
>>>
>>> Many thanks for the heads up grimlock!
>>>
>>> Thomas

>>
>> We notice that you've been holding for a few minutes (56 now).
>>
>> I wish I could change my http forum name from Grimlock to my actual
>> name.. Sigh.
>>
>> Patrick

>
> Back again. For safety, I disabled the pull on both of our ePO
> environments.
>
> Thomas
>
>


I attached the fixed extra.dat in the thread in mcafee forums.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Mcafee Enterprise users, warning...

But what about the busted PCs?

Do you need to Do some type of Safemode boot?
Can you copy the file over via a SystemShare before a user logs in?

What a mess!

On 4/21/2010 12:53 PM, Patrick Farrell wrote:
> On 4/21/2010 9:53 AM, Patrick Farrell wrote:
>> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
>> my systems by detecting a false positive in svchost and causing a system
>> shutdown. Lovely. Most people can barely get logged in before it starts
>> shutting down, so naturally they can't read any e-mail I want to send
>> them about how to work around this.
>>
>> This is going to be a fan-freaking-tastic day...

>
>
> They are e-mailing me an extra.dat file.
>
> 1 hour and 37 minutes on hold.



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 12:01 PM, craig wilson wrote:
> But what about the busted PCs?
>
> Do you need to Do some type of Safemode boot?
> Can you copy the file over via a SystemShare before a user logs in?
>


Well that's the issue. The system is going to reboot regardless of if
the user logs in or not. I have a borked one on my bench that I've left
broken for testing.

http://community.mcafee.com/message/125584#125584

That thread was posted for automated rollback.

If you can get the extra.dat file into c:\program files\common
files\mcafee\engine then you are good.

You can log in, copy it in, use zen file transfer, copy via share,
whatever it takes. You may have to log it in, and issue a shutdown /a.

You may also need to do this via safe mode to apply the file.. hard to say.


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.