CA antivirus deletes Windows 2003 file

Some Windows 2003 users have been experiencing problems with the operating system after CA antivirus software wrongly detected part of the operating system as malicious software last week.

At the heart of the problem is part of Windows' built-in security, a file called Lsass.exe. This was wrongly detected as a virus by CA's eTrust software and was deleted, causing some servers to crash and fail to reboot.

CA, formerly known as Computer Associates, said that it quickly spotted and remedied the problem on Friday and also advised affected users to find out how to fix it.

The cause of the confusion seems to be Lsass.exe being mistaken for the Trojan Win32/Lassrv.B.

Lassrv.B was discovered in the wild on Aug. 24 and was rated as a very low threat. The problem for Windows 2003 and eTrust users occurred in a subsequent signature update from CA on Friday.

Will Sturgeon of Silicon.com reported from London.

[Mr. Network]

Whoops!

Guess someone screwed up, or there is an insider that doesn't like M$

[wbenton]

Were they really wrong? (* GRIN *)

[http://lsass.exe|http://lsass.exe] is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. This program is important for the stable and secure running of your computer and should not be terminated.

But also note that a certain [http://lsass.exe|http://lsass.exe] is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

And also note that one [http://lsass.exe|http://lsass.exe] is also registered as a downloader. This process usually comes bundled with a virus or spyware and its main role is to do nothing other than download other viruses/spyware to your computer. This process is a security risk and should be removed from your system.

If Microsoft only allowed authenticated processes/programs to be run, we would have never had any of the past lsass.exe exploits and thus this false positive as well would never have happened.

Walt

[Shifty200]

Let the fun begin!

I just finished working on a computer running Windows XP Pro and CA anti-virus. It would not due to problem with lsass.exe file. Ran a repair from the Windows XP Pro CD and cured the error.

[starmonkey1]

Are authentication prompts enough?

Actually it's been a long time since Windows would let you run or install a program from the web without getting at least one prompt telling you that the operation you're about to do is potentially dangerous and could harm your computer. Many people just click Yes without looking anyway.

Vista will really lock down on this kind of stuff in an even more extreme way than Mac OS X and yet at the end there are still prompts, and security experts complain that people will get desensitized to the prompts and approve them without thinking about it.

There's no way to truly stop a trojan given a sufficiently boneheaded user that has access to admin credentials (and most home users do). I don't see why this hasn't happened on Mac OS X yet, other than the fact that the median Mac user is much more savvy than the median PC user.

[heystoopid]

OOPS!

Oops, a big boo boo ! that one, but as a majority of the real savvy users will never make these simple mistakes and errors!

But, it is not the first and won't be the last, false positive from A-T software!

But then again, there is no such a thing as a perfect Operating System either, all have both positives and negatives, and windows vista due to a lot of additional bloatware, will never run on the current run of the mill machines as used by the ordinary user or office worker(best is cheap crap), unless they spend up big on upgrades to next gen cpu's and motherboards etc!

Choices, as always, is the end user's perogative!