McAfee anti-virus update flags hundreds of innocent files as virus

Chicago (IL) - McAfee accidentally released update files for its anti-virus software that contained incorrect information for the W95/CTX virus. Users are reporting significant damage caused by the mistake - several hundred common files - such as excel.exe - were quarantined and deleted.

Automatic updates are not always the most convenient method for software providers and consumers to keep a system clean and running. McAfee on Friday experienced a worst-case scenario, in which such an update went terribly awry. The "4715 DAT" released for VirusScan Enterprise 7.1 and greater, Managed VirusScan 3.5 and 4.0 Beta, VirusScan Online 10, LinuxShield, VirusScan 7.03 (Consumer) on Friday did not only delete viruses, but also common Microsoft Office executables.

According to McAfee, the firm's Avert Labs released the "4715 DATs" last Friday around 11:35 am EST. The update was available for about five hours until 4:28 pm EST. Users that ran an update or an on-demand scan on their files during this time window had caught an update that falsely flagged 295 common files such as excel.exe or AdobeUpdateManager.exe as W95/CTX virus, and quarantined and deleted them.

In some cases, the impact of the error was not seen until Monday morning, when especially businesses ran routine virus scans. Readers reported that McAfee apparently had the "4716" fix available on Friday, but did not publish the issue on its website until later on Monday. And it may have been the firm's slow response that irritated some customers: "You have to call support, and we were on the phone for hours waiting to talk to them to get the fix," one of our readers said.

A knowledge base article on the accidentally released DATs was available by 5 pm EST on Monday.

"McAfee Avert Labs apologizes for any unintended impact to customers of our products. We take the quality of our signatures extremely seriously," McAfee wrote in a response to its customers. "We hope that we will be able to regain that trust in the coming days and weeks." That trust, however, may have caused some permanent damage and perhaps not only to McAfee customers.

"[This error] caused us to revamp our update system so we now have to test DATs before they go out. This will impact our ability to protect against viruses since we need to delay pushing out DATs until they're tested each week, and cost us labor hours to test the DATs each week," a reader wrote to TG Daily.

McAfee representatives were not available for comment.