March 10, 2006 6:34 PM PST
McAfee update exterminates Excel
An error in McAfee's virus definition file released Friday morning caused the company's consumer and enterprise antivirus products to flag Microsoft's Excel, as well as other applications on users' PCs, as a virus called W95/CTX, Joe Telafici, director of operations at McAfee's Avert labs, told CNET News.com.
"At about 1 p.m. PST we started getting reports that people were seeing an unusual number of W95/CTX infections in their environment," Telafici said. "Files that we did identify would probably be deleted or quarantined, depending on your settings."
When a file gets quarantined, it's renamed and moved to a different folder. McAfee's antivirus software detected Excel.exe and Graph.exe, two Microsoft Office components, as well as other software, including AdobeUpdateManager.exe, an application installed alongside Adobe products that deals with software updates, Telafici said.
About 100 customers, individuals as well as corporations, reported the problem, Telafici said. McAfee, the world's second largest antivirus software vendor, rushed to fix the mistake. Consumers were automatically reverted to the older definition files at about 2:30 p.m. and an update was pushed to corporate users an hour later, he said.
The issue affected only desktop antivirus software, not McAfee's network-level products that scan e-mail, Telafici said. Also, the incorrect detection occurred only if the user ran a manual virus scan or during a scheduled scan, not during idle time or background scanning, for example, he said.
Such problems with security software are called false positives and they happen occasionally. McAfee typically has to do an emergency release of a virus definition file once every three months because of a false positive issue, Telafici said. "This is our once for the quarter I think," he said.
However, this time around it was a particularly big goof, because the company faulted Excel, Telafici admitted. "Usually, it is either custom applications or applications that did not exist at the time we wrote the signature file," he said.
McAfee has been able to pinpoint the cause of the problem and hopes it can avoid it in the future, Telafici said.
The problem occurred with virus definition file 4715, which was released at about 10:45 a.m. on Friday as part of McAfee's daily update cycle. The repaired, emergency-definition file 4716 was pushed out at about 3:30 p.m.
39 commentsJoin the conversation! Add your comment