RE: [ISN] McAfee Antivirus Tool Blocks Internet Access

From: InfoSec News (isnat_private)
Date: Mon Aug 11 2003 - 00:22:09 PDT

  • Next message: InfoSec News: "[ISN] Young hacker charged again"

    Forwarded from: Marc Maiffret <marcat_private>
    Cc: dennis_fisherat_private
    McAfee is also identifying our free rpc scanner tool as an
    exploit/trojan because they are looking for the RPC negotiation
    packets and not for attack data specifically. Therefore keeping
    administrators from being able to use the tool to secure their
    It is great that companies that profit off of worms and viruses can
    use their "solution" to keep administrators from using tools to
    protect their network from worms and viruses.
    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    F.949.349.9538 - Network Security Scanner - Network Traffic Analyzer - Stop known and unknown IIS vulnerabilities
    | -----Original Message-----
    | From: owner-isnat_private [mailto:owner-isnat_private]On Behalf
    | Of InfoSec News
    | Sent: Thursday, August 07, 2003 11:00 PM
    | To: isnat_private
    | Subject: [ISN] McAfee Antivirus Tool Blocks Internet Access
    | By Dennis Fisher
    | August 6, 2003
    | Some Network Associates Inc. customers are up in arms over an update
    | for one of the company's antivirus products that is preventing them
    | from accessing the Internet.
    | The problem is caused by an update for McAfee VirusScan Professional
    | 7.0, the company's flagship enterprise antivirus application. When
    | update 7.03 is installed on some machines running Windows 2000 or
    | Windows XP, it prevents the PCs from connecting to the Internet after
    | the suggested reboot. The problem seems to be affecting customers who
    | upgraded from 7.02 to 7.03.
    | McAfee has pulled the update from its download servers and is
    | performing quality checks on it, according to information on the
    | company's Web site, but has not provided customers with any
    | instructions on how to fix affected machines.
    | "I am so angry with these people it's palpable. I write software and
    | cannot believe they released a patch before thoroughly testing it,"
    | said Michael Shohoney, a VirusScan user who said his PC was down for
    | more than six hours before he was able to restore the Internet
    | connection.
    | A spokeswoman at NAI, based in Santa Clara, Calif., said she was
    | unaware of the problem and would look into it.
    | Some users report that uninstalling the troublesome patch and
    | reverting to the last known good version of VirusScan restores their
    | Internet connectivity. However, others say this hasn't worked for
    | them.
    | A McAfee technical support representative writing in the site's help
    | forums said that the company believes the problem lies in a DLL that
    | controls the Hostile Activity Watch Kernel (HAWK), a feature that
    | looks for malicious and "virus-like" behavior.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 02:47:19 PDT