Tech Geek Alex Posted July 9, 2009 Share Posted July 9, 2009 On Saturday 7/4 reports started that McAfee Anti-virus was breaking pc?s because of an Anti-Virus update that was quarantining Windows System files as viruses. Well it seems that someone else wasn?t paying attention. As of this morning I have received numerous reports from clients reporting that their CA Antivirus is showing Virus alerts for the W32/alalum virus and the files that were being reported appeared to be Windows systems files. CA was quarantining those files as well. When this 1st started I assumed it was an isolated issue but with the client messages concerning this coming in more and more this morning, this definitely seems to be a wide spread issue. The issue appears to have been caused by an update the was released within the past 12 hours as CA Anti-Virus is set up to check for updates every few hours if your have the auto update feature turned on. The biggest concern is that when these files are quarantined, if you reboot, there is a good chance that your machine will not restart. I had 2 clients so far ?brick? their pc?s because of the restart. This point is made very clear as the WFP (Windows File protection) comes up saying that ?Files that are required to run windows properly have been replaced??? So far all reports (at least) from the clients I deal with show that CA Anti-virus 2007 ? 2009 are affected. From the CA Forums ( http://homeofficeforum.ca.com/homeofficefo...read.php?t=4837 ) you will see others also reporting the same issue. I know CA only has 3% of the A/V market so this may not be as big as McAfee but I am passing this on as a public service. Here is what I've instructed my clients to do in the mean time that seems to clear this up 1) Open CA Anti-virus by double clicking the shield looking icon in the systray (That is in the lower right corner by the clock) 2) The Security Overview window will open. Under CA Anti-Virus you will see ?Open advanced settings?. Click that link. 3) Once you are there you will see the main overview window. From here click on the left side where it says Quarantine. 4) You will then see the list of files that are quarantined. Look for any file marked infected with W32/amalum (there is an additional part to the name after amalum but will be different on most pc?s). Highlight all items that are showing infected with amalum and then click on restore. (NOTE***That if you have another file in quarantine that shows something other than amalum as the Infection then that is probably an actual virus infection). Once the files are restored you can close the CA windows A) You will be prompted to say do you want to restore. Click on ok for each message 5) At this point with no files in quarantine you should be able to hit cancel on the WFP. 6) You will be prompted for keeping changed files click yes to this message. 7) At this point restart P So far no clients report files getting re-quarantined after the steps and reboot (**Your situation my be different, so review your specific issue before following this information) Link to comment Share on other sites More sharing options...
AngelGraves13 Posted July 9, 2009 Share Posted July 9, 2009 And this is why I still use Norton...never had any false positives with it. Link to comment Share on other sites More sharing options...
Tech Geek Alex Posted July 9, 2009 Author Share Posted July 9, 2009 And this is why I still use Norton...never had any false positives with it. http://community.norton.com/norton/board/m...e.id=2797#M2797 http://forum.worldwindcentral.com/archive/...hp?t-10261.html http://community.norton.com/norton/board/m...ding&page=1 Not to be negative....but here are 3 different issues with Norton/Symantec products concerning False positives. So no one is perfect. Your looking at products that are coded by humans, humans screw up. So until we get to the sky lab part of the story, there will always be a chance that something could be screwed up. We just hope that the software company (whomever they are) has a QA that isnt also sleeping. Link to comment Share on other sites More sharing options...
grik Posted July 9, 2009 Share Posted July 9, 2009 If i was Symantec, i would buy some fancy security team with real good Pro?s, and erase Norton name from future press releases. And maybe..maybee change Symantec name itself, and maybe..maybe then, we would trust their products again. This is pure lack of Marketing department from Symantec, maybe very old peple running it. Link to comment Share on other sites More sharing options...
Krome Posted July 10, 2009 Share Posted July 10, 2009 TechGuyPA: The first link is not "false positive" grik: Your statement would be more plausible if you'd capitalize your "I". At least give a more logical reason to your trolling. Your opinion sounds kiddish. I have used Norton/Symantec A/V for so long and I have not yet encounter one false positive on my system. But like TechGuyPA already mention, any product that is created by man will always have flaws. Link to comment Share on other sites More sharing options...
grik Posted July 10, 2009 Share Posted July 10, 2009 Its a Marketing statment not if the real product is bad or even good. You obviously did not ynderstand the big picture. Norton and Symantec branding are a bad image by just having that name. You used to use Norton back in the days where it was malware and did not catch virus? And i would never say that Norton gives false positives, the image i have on that software, only by the name, is that no false or positive alerts if you know what i mean. Again i point to the fact im talking about the credibility/image behind the Name, dont confuse with anything thing that you tried to point out. Regards Link to comment Share on other sites More sharing options...
Tech Geek Alex Posted July 10, 2009 Author Share Posted July 10, 2009 Its a Marketing statment not if the real product is bad or even good. You obviously did not ynderstand the big picture.Norton and Symantec branding are a bad image by just having that name. You used to use Norton back in the days where it was malware and did not catch virus? And i would never say that Norton gives false positives, the image i have on that software, only by the name, is that no false or positive alerts if you know what i mean. Again i point to the fact im talking about the credibility/image behind the Name, dont confuse with anything thing that you tried to point out. Regards I apologize. As explained I understand where you were going with the comment now. All I tried to say was that in these days of get it out NOW it seems that the QA departments at most major software companies seem to be asleep at the well. The products themselves are made by people, people who can make mistakes, its up to the QA staff to double check and clean up any mistakes and thats were the issue is and that isnt happening....and it isnt just MS or Symantec or CA or MCafee, it seems to be almost all of them at one point or another. Link to comment Share on other sites More sharing options...
carmatic Posted July 10, 2009 Share Posted July 10, 2009 could it be that the virus writers are targetting the antivirus in a way that makes them false positive windows system files? Link to comment Share on other sites More sharing options...
(Spork) Posted July 10, 2009 Share Posted July 10, 2009 And this is why I still use Norton...never had any false positives with it. :rolleyes: :blink: :rofl: Link to comment Share on other sites More sharing options...
Recommended Posts