Re: Apparently McAfee stepped on their genitals today...

[Attrition <attrition44 () gmail com>]

  Ah yes, this was the day I learned that my ePO server was not
exactly handling the deployment of new DAT files as I had initially
thought...  (You know, in phases -- the first of which being to deploy
DATs into a test group several hours before general release.)  What a
day, endless hours of fun.

  Between this and the fact that McAfee consistently fails to detect
certain malware (A Monkif variant most recently, for example), it's
becoming increasingly difficult to justify staying with them.

Cheers,

-bjl
Ben J. Lindsey
blindsey () forensic nu

------------------------------------
Date: Wed, 21 Apr 2010 12:32:05 -0400
From: The Security Community <thesecuritycommunity () gmail com>
Subject: [funsec] Apparently McAfee stepped on their genitals today...
To: funsec <funsec () linuxbox org>
Message-ID:
        <u2sf62810491004210932h6800b34x3e006499575ce6de () mail gmail com>
Content-Type: text/plain; charset=UTF-8

http://isc.sans.org/

We have received several reports indicating some issues with McAfee
DAT 5958 causing Windows XP SP3 clients to be locked out. It is
affecting svchost.exe. Here is an example of the message:

The file C:WINDOWSsystem32svchost.exe contains the W32/Wecorl.a Virus.
Undetermined clean error, OAS denied access and continued. Detected
using Scan engine version 5400.1158 DAT version 5958.0000.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.