Computer Associates has confirmed that its eTrust
Antivirus software crashed Windows Server 2003 systems last week,
as a result of tagging an element of the server as
malware.
The fault affected systems for several hours last Friday. The CA
eTrust Antivirus 7.0, 7.1, and 8.0 packages were updated with a
flawed definition file that wrongly defined Windows' LSASS service
as the "Lassrv.b" virus.
As a result of quarantining the service's "lsass.exe"
executable, the virus update caused servers to crash.
In an advisory, CA informs users how to get their servers back
up and running. The software supplier says it has issued the
30.3.3056 definition file to replace and fix the wrong one.
Earlier this year security software vendor McAfee issued a
similar “false positive” update, which among the applications it
crashed was Microsoft Excel.
The CA advisory, headed “Why is my server crashing…”, can be
found here:
http://supportconnect.ca.com/sc/kb/techdetail.jsp?searchID=TEC405236&docid=405236#properties
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats