Forwarded from: Marc Maiffret <marcat_private> Cc: dennis_fisherat_private McAfee is also identifying our free rpc scanner tool as an exploit/trojan because they are looking for the RPC negotiation packets and not for attack data specifically. Therefore keeping administrators from being able to use the tool to secure their networks. It is great that companies that profit off of worms and viruses can use their "solution" to keep administrators from using tools to protect their network from worms and viruses. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: owner-isnat_private [mailto:owner-isnat_private]On Behalf | Of InfoSec News | Sent: Thursday, August 07, 2003 11:00 PM | To: isnat_private | Subject: [ISN] McAfee Antivirus Tool Blocks Internet Access | | | http://www.eweek.com/article2/0,3959,1212162,00.asp | | By Dennis Fisher | August 6, 2003 | | Some Network Associates Inc. customers are up in arms over an update | for one of the company's antivirus products that is preventing them | from accessing the Internet. | | The problem is caused by an update for McAfee VirusScan Professional | 7.0, the company's flagship enterprise antivirus application. When | update 7.03 is installed on some machines running Windows 2000 or | Windows XP, it prevents the PCs from connecting to the Internet after | the suggested reboot. The problem seems to be affecting customers who | upgraded from 7.02 to 7.03. | | McAfee has pulled the update from its download servers and is | performing quality checks on it, according to information on the | company's Web site, but has not provided customers with any | instructions on how to fix affected machines. | | "I am so angry with these people it's palpable. I write software and | cannot believe they released a patch before thoroughly testing it," | said Michael Shohoney, a VirusScan user who said his PC was down for | more than six hours before he was able to restore the Internet | connection. | | A spokeswoman at NAI, based in Santa Clara, Calif., said she was | unaware of the problem and would look into it. | | Some users report that uninstalling the troublesome patch and | reverting to the last known good version of VirusScan restores their | Internet connectivity. However, others say this hasn't worked for | them. | | A McAfee technical support representative writing in the site's help | forums said that the company believes the problem lies in a DLL that | controls the Hostile Activity Watch Kernel (HAWK), a feature that | looks for malicious and "virus-like" behavior. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 02:47:19 PDT