Sign in to follow this  
Followers 0

mcafee virusscan enterprise

32 posts in this topic

Posted

McAfee Virus Scan Killing SVCHOST.exe

If you have updated to Dat 5958 today your computer will reboot and you may not be able to use your computer.

We have thousands of computers affected and a team are working to get it fixed by downgrading to 5957 and restoring SVChost.exe

Is anyone having issues with mcafee virusscan enterprise 8.7i?

Share this post


Link to post
Share on other sites

Posted

Anyone at all? This is getting fairly big!

Share this post


Link to post
Share on other sites

Posted

When you say shutting down, do you mean Mcafee is shutting them down ?

Have you checked the machines Event Logs ?

Share this post


Link to post
Share on other sites

Posted

Anyone at all? This is getting fairly big!

Yes basically, what ever you do do not reboot yours system if you managed to do the shutdown -a command to stop it as its kills ye pc and network.

Share this post


Link to post
Share on other sites

Posted

If anyone had Mcafee EPO running shut it down.... Anyone else any updates?

Share this post


Link to post
Share on other sites

Posted

We have received thousands of reports indicating some issues with McAfee DAT 5958 causing Windows XP SP3 clients to be locked out. Any fixes anyone?

One fix is that we change the dat, no update yet.

Share this post


Link to post
Share on other sites

Posted

sorry to bump but this is affecting all Mcafee av's for our clients.

Share this post


Link to post
Share on other sites

Posted

I've had many sites affected by this.

Windows XP SP3

McAfee VirusScan Enterprise 8.5 & 8.7

Taskbar disappears, no start button, no network connections.

Unable to view events in event viewer also.

I hear McAfee are rolling a new update very soon.... but how to remotely update a PC which has had it's network b0rked?

Nice. Can't wait for work tomorrow!

Share this post


Link to post
Share on other sites

Posted

If anyone can stop there McAfee from updating do so otherwise your SVChost.exe file will be 0KB

Share this post


Link to post
Share on other sites

Posted

@YaZoR We are working on a fix here for our clients. but it may be replacing SVHost on tons of machines...

Share this post


Link to post
Share on other sites

Posted

How about starting the machine in safe mode? Does that work? If so, can you have them remove the latest DAT file? If not, can you ahve them remove the antivirus and then talk them through re-installing?

Last known config? Does that restore the dat to the old version?

Have you tried speaking to Mcaffee about this at all? Are they working on a DAT update or patch? If so, when its released, can you boot to safe mode and install it?

If the machine starts and simply starts shutting down, have the user run the command "shutdown -a" as mentioned above. Does that stop it from restarting?

Share this post


Link to post
Share on other sites

Posted

It's too late for most people to do the shutdown -a

We are having sucess with installing an old superdat

will keep you updated.

Share this post


Link to post
Share on other sites

Posted

I take it from all this that the lastest defintions mark the svchost.exe as a virus and try to quarantine it?

Share this post


Link to post
Share on other sites

Posted

I really dont understand what U2_Storm was posting so much for?

I thought he wanted help, but now i think he is trying to give us advise?

I use Sophos here, so it doesnt effect me... I used to use McAffee in another company though... Both products seem to fail in their own way to be honest.

Share this post


Link to post
Share on other sites

Posted

thanks for the tip going front page with this!

Share this post


Link to post
Share on other sites

Posted

McAfee is also one of best antivirus.

but i always suggest for my friends to use antivirus- KASPERSKY or Avira antivir.

this antivirus only provide realtime security and safety.

try manual update for mcafee.

Share this post


Link to post
Share on other sites

Posted

I really dont understand what U2_Storm was posting so much for?

I thought he wanted help, but now i think he is trying to give us advise?

I use Sophos here, so it doesnt effect me... I used to use McAffee in another company though... Both products seem to fail in their own way to be honest.

I do want your help but at the same time I am trying to fix it and organise how to fix computers remotely, I am also trying to warn people NOT to update McAfee.

The process we are trying to replacing the Engine folder and replacing SVChost.exe from a good machine via PE.

Share this post


Link to post
Share on other sites

Posted

I noticed that we got an e-mail regarding this at work just before I finished for the day. I'd better make sure with the guy that manages the EPO it isn't updating the XP workstations with 5958.

Share this post


Link to post
Share on other sites

Posted

Thanks for the notice!

Share this post


Link to post
Share on other sites

Posted

Hello!

We have just put up a page on our website @ http://mycentrality.com

We are currently testing a PXE boot system to fix this issue remotely for our clients if anyone wants the scripts PM me.

U2_stormy

Share this post


Link to post
Share on other sites

Posted

Hello!

We have just put up a page on our website @ http://mycentrality.com

We are currently testing a PXE boot system to fix this issue remotely for our clients if anyone wants the scripts PM me.

U2_stormy

Thanks for posting this information u2_storm. It was very helpful and has worked for at least one of our systems so far. Just wanted you to know that your sharing of information is very much appreciated. :)

Share this post


Link to post
Share on other sites

Posted

Great :)

We have an automated system to do this via PXE if you can boot PXE & and WAIK installed let me know and I will send you all the files to fix this.

Share this post


Link to post
Share on other sites

Posted

That would be great u2. I'm pretty sure in most cases WAIK shouldn't be a problem as we don't lock down the systems too horribly. Anyone we want to lock down gets a thin client. I'll PM you my email address.

Thanks again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.