McAfee update is locking users out of their systems, do not update!

Widespread reports are hitting the web that McAfee Antivirus update is causing major issues with end users PC’s.  Reports are coming in that the “update to Dat 5958” is killing SVCHOST.exe.

As reports are surfacing in our forums and across the web, the issue appears to be widespread and u2_storm is saying that “We have received thousands of reports indicating some issues with McAfee DAT 5958 causing Windows XP SP3 clients to be locked out”.  Currently the only possible solution may be to downgrade your client to 5957 and to restore SVChost.exe.

Twitter has been on fire with users reporting everything from being locked completely out of their system to BSODs occurring every time the program is started.  At this point, do not upgrade your version of McAfee until the issue is resolved. If you are currently experiencing problems, please let us know in the comments. 

Thanks for the tip u2_storm

Report a problem with article
Previous Story

Android 2.2 already in testing, new features highlighted

Next Story

Microsoft considering Xbox LIVE TV channel

78 Comments

Commenting is disabled on this article.

to be honest, i don't see what the fuss is all about, all McAfee users got told well before the update came out (5958) not to push the update out to XP systems, due to the bug in the DAT. Simple as shutting down the Updater on the EPO server. I got an email from my Reseller, and from McAfee Europe stating this, and how to undo any damage.

If you didn't get any warnings, then you need to speak with your staff member who is listed as the Technical contact with McAfee -- all tech contacts were briefed with the same type of email I got -- only other boost for me was the time difference, we don't get the new DATs will later on in the evening, received the emails around 4pm GMT. Been a while since McAfee have made a big mistake, unlike some other AV companies. Any business that relies on MSE alone, is kidding themselves (it doesn't play nice with any other AV or AS package).

Im glad that i use Avira but my company uses McAfee we have over 20k of users and all have McAfee as Endpoint security installed. The AntiVirus guys in our company are going wild after this issue with Mc... and are thinking to go another way.

Microsoft Security Essentials is the best AV I've ever had. zero CPU, unobstrusive, installs and uninstalls in seconds, detects more stuff, updates silently and is always successful cleaning... and is free

Charles Keledjian said,
Microsoft Security Essentials is the best AV I've ever had. zero CPU, unobstrusive, installs and uninstalls in seconds, detects more stuff, updates silently and is always successful cleaning... and is free

+1

Stop McAfee, nobody likes your popup ads trying to sell 3rd party products, nobody likes your software not catching stuff, and nobody likes being locked out of their system because you didn't pay attention to what you were doing. Just stop McAfee, go away, and don't come back.

BTW I'm not sure how much of an effect this had, but their stock prices are down .62% right now.

Centrality Ltd : Providing high quality infrastructure design, implementation and support services since 1996.

McAfee Dat 5958 Issue

Description

The McAfee 5958 Dat is causing the SVCHost.exe (a critical Windows system file) to be classed as a Virus. Cleansing action against this file is then undertaken making some critical elements of Windows cease to function. Most critically systems are coming back up without any network functionality which makes remote resolution of the issue difficult.

Only Windows XP systems seem to be affected at this stage, although we have Windows XP machines with the 5958 update that are not affected.

We have a number of clients affected by this issue and have put some resolution steps together to resolve the problem. Our recommendations are below:

Option 1 : Manual recovery

Boot Windows in to Safe Mode

Log on and get to a command prompt

Copy the contents of the McAfee OldEngine folder to the parent "Engine" folder.
On most machines this will mean copying: "c:\program files\common files\mcafee\engine\oldengine\*.*" to "c:\program files\common files\mcafee\engine"

Then copy svchost.exe from the DLLCache to SYS32.

Again, on most machines, this will mean copying "c:\windows\system32\dllcache\svchost.exe" to "c:\windows\system32"

Reboot your machine

Go in to McAfee Console and prevent any automatic updates until you are confident it is safe to re-enable them.

From a response by mcafee....."moderate to significant performance issues". Understatment of the year

Sounds like a lot of techs are going to be doing a lot of walking around with a USB stick. No remote solution to the problem, this is a ****-up of Major proportions for McAfee, do they not do an internal test on all OS before pushing these .DAT updates. If not they should!

Riggers said,
Sounds like a lot of techs are going to be doing a lot of walking around with a USB stick. No remote solution to the problem, this is a ****-up of Major proportions for McAfee, do they not do an internal test on all OS before pushing these .DAT updates. If not they should!

Very true, Take machines with each OS that is completely patched and have it run 1 complete scan on the system before the updates is pushed out.

Riggers said,
Sounds like a lot of techs are going to be doing a lot of walking around with a USB stick. No remote solution to the problem, this is a ****-up of Major proportions for McAfee, do they not do an internal test on all OS before pushing these .DAT updates. If not they should!

I'm more upset that my high tech company didn't think to test the release internally before pushing it down the wire.

It has crippled our company, over 80K people. Most of the company is still on WinXP, luckily I'm in the early adopter program for Win7 and unaffected. McAfee got some 'splainin to do!

My company just go hit with it hard. Corporate image is still on XP. Good thing I am non conformist.

Two workarounds that we have been issuing in the meantime. Reboot in safe mode with networking or do a Start->Run "shutdown -a" when the reboot message appears.

techbeck said,
McAfee blows...seriously, this software needs to just die and go away.

Here we go again. The almighty McAfee hater has spoken again!

Edited by briangw, Apr 21 2010, 9:51pm :

All,

This problem ONLY affects Windows XP (some are claiming just SP3, however I'm not positive about that.) This does NOT affect any version of Windows Vista or 7, or any server OS'. Also, it does not affect Windows XP x64, as that uses the Windows Server 2003 code base.

The above was confirmed with McAfee.

Wow mcafee is really hitting rock bottom now, norton has gotten better and mcafee is just going in the opposite direction. Total crap now, just to uninstall it from you pc is like removing a virus lol

Biglo said,
Wow mcafee is really hitting rock bottom now, norton has gotten better and mcafee is just going in the opposite direction. Total crap now, just to uninstall it from you pc is like removing a virus lol

IT NEVER DIES...

Chasethebase said,
Is this just Windows XP SP3 and not anything above (Read: Vista SP2 and 7)?

Correct. I have personally confirmed that it does NOT affect Windows XP SP2 or Windows 7, only XP SP3.

vaximily said,

Correct. I have personally confirmed that it does NOT affect Windows XP SP2 or Windows 7, only XP SP3.

Same with Vista then I presume?

Chasethebase said,
Same with Vista then I presume?

I would assume so, but nobody here uses Vista so I can't confirm hands on. I haven't seen a single report of this affecting anything except XP SP3.

vaximily said,

I would assume so, but nobody here uses Vista so I can't confirm hands on. I haven't seen a single report of this affecting anything except XP SP3.

Alright cheers.

Chiming in with another 8,000 affected workstations. It appears you can boot off-network or in safe mode, and set an exception for svchost.exe in your McAffee control panel, which should allow the system to function long enough to get the update that they've already hopefully pushed out again.

We can't do it here, because we lock out McAffee control panel options via GPO.

Fubar said,
what have we learnt from this? not only is mcafee totaly crap but people should get a decent AV

THIS! MSE FTW!

Tha Bloo Monkee said,
Yeah, Microsoft has never had an update that messed up your system...
Oh wait...
Name one update which has crashed 100% of systems when applied (for a particular platform).

cybertimber2008 said,
Name one update which has crashed 100% of systems when applied (for a particular platform).

Windows XP Service Pack 3 affected all HP computers running AMD processors. The issue was actually AMD's fault since they used Intel images that that the intel specific driver file removed from the image but left the service behind. None the less the update crippled machines until the issue was resolved.

u2_storm said,
Anyone had any luck fixing remote PC's? We are looking at winPE at the moment!

We did, one of the guys in our group wrote a script reversing the definitions to the affected PCs in various remote offices and it seems to be working.

artfuldodga said,

digg? who uses digg anymore

Are you kidding me? What else out there can show you the top stories from around the internet (top stories determined by users!)

(other than the other sites like Digg - slashdot, reddit, etc)

nifke said,
Security Essentials FTW!

This is also what I use on Windows 7 on my Macs. It is lightweight and from Microsoft.

Edited by Kingv84, Apr 21 2010, 5:59pm :

It hit my corporate network, about 1/4 of our 40k employees are down from the issue it sounds like. Yay for me for buying an extra license of Windows 7 Pro to update my work laptop =)

vaximily said,
It hit my corporate network, about 1/4 of our 40k employees are down from the issue it sounds like. Yay for me for buying an extra license of Windows 7 Pro to update my work laptop =)

What does your license for Windows 7 have to do with the Mcafee issue?

xendrome said,
What does your license for Windows 7 have to do with the Mcafee issue?

The issue is with XP SP3 users... since I upgraded my laptop using my own license of Windows 7, I obviously don't have XP SP3... rtfa.

I've already heard three seperate reports of this from friends at various workplaces, this is huge, and McAfee are in big trouble.

I hope that was a news about macafee false positive a windows system file.. was that macafee or something else.. any way with all these major issues I am not going to look at these antivirus.

kraized said,
Oh dear.

Just another reason to not use a failed product. I've steered clear of McAfee ever since 1998 when Melissa virus smacked our Exchange server and 1500+ users. What a nightmare, all because the software failed in retrieving DAT files, and 'sun spots' were blamed for the cause of the file not being downloaded and distributed (yes, McAfee support actually used this).

Edited by Amodin, Apr 21 2010, 7:01pm :