CA Anti-Virus does what McAfee did last week

By Tech Geek Alex
in Back Page News

 Share

Recommended Posts

Community Regular

Tech Geek Alex

Posted
Posted

On Saturday 7/4 reports started that McAfee Anti-virus was breaking pc?s because of an Anti-Virus update that was quarantining Windows System files as viruses.

Well it seems that someone else wasn?t paying attention. As of this morning I have received numerous reports from clients reporting that their CA Antivirus is showing Virus alerts for the W32/alalum virus and the files that were being reported appeared to be Windows systems files. CA was quarantining those files as well. When this 1st started I assumed it was an isolated issue but with the client messages concerning this coming in more and more this morning, this definitely seems to be a wide spread issue.

The issue appears to have been caused by an update the was released within the past 12 hours as CA Anti-Virus is set up to check for updates every few hours if your have the auto update feature turned on.

The biggest concern is that when these files are quarantined, if you reboot, there is a good chance that your machine will not restart. I had 2 clients so far ?brick? their pc?s because of the restart. This point is made very clear as the WFP (Windows File protection) comes up saying that ?Files that are required to run windows properly have been replaced??? So far all reports (at least) from the clients I deal with show that CA Anti-virus 2007 ? 2009 are affected.

From the CA Forums ( http://homeofficeforum.ca.com/homeofficefo...read.php?t=4837 ) you will see others also reporting the same issue. I know CA only has 3% of the A/V market so this may not be as big as McAfee but I am passing this on as a public service. Here is what I've instructed my clients to do in the mean time that seems to clear this up

1) Open CA Anti-virus by double clicking the shield looking icon in the systray (That is in the lower right corner by the clock)

2) The Security Overview window will open. Under CA Anti-Virus you will see ?Open advanced settings?. Click that link.

3) Once you are there you will see the main overview window. From here click on the left side where it says Quarantine.

4) You will then see the list of files that are quarantined. Look for any file marked infected with W32/amalum (there is an additional part to the name after amalum but will be different on most pc?s). Highlight all items that are showing infected with amalum and then click on restore. (NOTE***That if you have another file in quarantine that shows something other than amalum as the Infection then that is probably an actual virus infection). Once the files are restored you can close the CA windows

A) You will be prompted to say do you want to restore. Click on ok for each message

5) At this point with no files in quarantine you should be able to hit cancel on the WFP.

6) You will be prompted for keeping changed files click yes to this message.

7) At this point restart P

So far no clients report files getting re-quarantined after the steps and reboot

(**Your situation my be different, so review your specific issue before following this information)

post-266234-1247161395_thumb.jpg

Community Regular

Tech Geek Alex

Posted
  • Author
Posted
And this is why I still use Norton...never had any false positives with it.

http://community.norton.com/norton/board/m...e.id=2797#M2797

http://forum.worldwindcentral.com/archive/...hp?t-10261.html

http://community.norton.com/norton/board/m...ding&page=1

Not to be negative....but here are 3 different issues with Norton/Symantec products concerning False positives.

So no one is perfect. Your looking at products that are coded by humans, humans screw up. So until we get to the sky lab part of the story, there will always be a chance that something could be screwed up. We just hope that the software company (whomever they are) has a QA that isnt also sleeping.

Mentor

grik

Posted
Posted

If i was Symantec, i would buy some fancy security team with real good Pro?s, and erase Norton name from future press releases.

And maybe..maybee change Symantec name itself, and maybe..maybe then, we would trust their products again.

This is pure lack of Marketing department from Symantec, maybe very old peple running it.

Grand Master

Krome

Posted
Posted

TechGuyPA: The first link is not "false positive"

grik: Your statement would be more plausible if you'd capitalize your "I". At least give a more logical reason to your trolling. Your opinion sounds kiddish. I have used Norton/Symantec A/V for so long and I have not yet encounter one false positive on my system. But like TechGuyPA already mention, any product that is created by man will always have flaws.

Mentor

grik

Posted
Posted

Its a Marketing statment not if the real product is bad or even good. You obviously did not ynderstand the big picture.

Norton and Symantec branding are a bad image by just having that name.

You used to use Norton back in the days where it was malware and did not catch virus? And i would never say that Norton gives false positives, the image i have on that software, only by the name, is that no false or positive alerts if you know what i mean. Again i point to the fact im talking about the credibility/image behind the Name, dont confuse with anything thing that you tried to point out.

Regards

Community Regular

Tech Geek Alex

Posted
  • Author
Posted
Its a Marketing statment not if the real product is bad or even good. You obviously did not ynderstand the big picture.

Norton and Symantec branding are a bad image by just having that name.

You used to use Norton back in the days where it was malware and did not catch virus? And i would never say that Norton gives false positives, the image i have on that software, only by the name, is that no false or positive alerts if you know what i mean. Again i point to the fact im talking about the credibility/image behind the Name, dont confuse with anything thing that you tried to point out.

Regards

I apologize. As explained I understand where you were going with the comment now.

All I tried to say was that in these days of get it out NOW it seems that the QA departments at most major software companies seem to be asleep at the well. The products themselves are made by people, people who can make mistakes, its up to the QA staff to double check and clean up any mistakes and thats were the issue is and that isnt happening....and it isnt just MS or Symantec or CA or MCafee, it seems to be almost all of them at one point or another.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Major Xbox layoffs may claim South of Midnight developer Compulsion entirely

      By PeterTHX · Posted

      If you can't spell a simple word that 2nd graders learn, your entire argument is suspect.
    • UK to ban under-16s from social media following a six-week trial with teenagers

      By FloatingFatMan · Posted

      And here goes the "Won't someone think of the children" brigade. Get stuffed mate. This has NOTHING to do with making the internet safe. It's about tracking adults, spying on your online activity, and sending the boys around when they don't like something you post. Also, again, parliament have voted TWICE against this, and Starmer is going ahead anyway. THAT is anti-democratic bullsh**. They will use this law to track you, they will use this law to control you, and they will use this law to punish you if they don't like what you do, even if it's legal. And your data? Say bye bye to that. It'll be on the darkweb in weeks. I'm not some rando online. I've been an IT professional for 40 years, many of it in security. I know exactly what this means and what will happen to your data. I do not consent and I will not comply.
    • Windows 11 KB5094126, KB5093998 bugging out Office apps but it may not be Microsoft's fault

      By sphbecker · Posted

      "...but it may not be Microsoft's fault" seems like a reasonable way to tease what is going on without leaving the user with a false impression that an update is the problem. A title isn't a summery, it is meant to entice the user to read the article. It should not contain a misleading premise; which this title does not. You could maybe complain that the first paragraph should have included that detail. The writing style popularized over 100 years ago in newspapers will cover the most important information as soon as possible with details and nuance added later; the idea being that with each new paragraph you have less of the reader's focus.
    • Samsung Galaxy XR arrives in the UK with new AI and enterprise features

      By Fiza Ali · Posted

      Samsung Galaxy XR arrives in the UK with new AI and enterprise features by Fiza Ali Samsung is bringing its Galaxy XR headset to the UK several months after the device made its debut as the first headset built on Google's Android XR platform. The headset was first teased in late 2024 alongside Google's introduction of Android XR before making its commercial debut in 2025. Developed in collaboration with Google and Qualcomm, Galaxy XR combines mixed reality experiences with Gemini-powered AI features, allowing users to interact with digital content using voice, gestures, and visual inputs. While the hardware itself remains largely unchanged from the version Samsung unveiled last year, the company is using the UK launch to spotlight several software enhancements that have arrived through recent updates. Among the most notable additions is deeper integration with Google's ecosystem. Galaxy XR users can explore destinations through Google Maps' Immersive View, receiving AI-powered recommendations and contextual information from Gemini while navigating virtual environments. Furthermore, entertainment experiences have also expanded; users can watch 180-degree and 360-degree videos on YouTube, browse spatial content converted into 3D, and ask Gemini questions about on-screen content without interrupting playback. Samsung is also highlighting mixed-reality features such as Circle to Search, which allows users to identify real-world objects through hand gestures while using the headset's video pass-through mode. Another feature automatically converts photos and videos into spatial 3D experiences. Moreover, the headset now also supports Android Enterprise, allowing organisations to manage deployments using existing Android management tools. Annika Bizon, Vice President, Product and Marketing, Mobile Experience, Samsung UK & Ireland, talked about the device, stating: The headset is powered by Qualcomm's Snapdragon XR2+ Gen 2 platform and features dual 4K Micro-OLED displays. The tech giant says that users can expect up to 2.5 hours of battery life. Samsung also confirmed that Galaxy XR will continue receiving software and security updates as the company works alongside Google and Qualcomm to expand the Android XR ecosystem. Galaxy XR is now available for pre-order and will go on sale on 8 July. Customers interested in trying the headset before launch can visit Samsung KX in London and selected Samsung Experience Stores from 17 June. Finally, the company will also host a livestream on 19 June showcasing the headset's capabilities and answering questions from prospective customers.
    • Politically funny images of the World

      By +primortal · Posted

  • Recent Achievements

    • First Post
      Jocimo earned a badge
      First Post
    • Week One Done
      suprememobiles48 earned a badge
      Week One Done
    • One Month Later
      Windows Guy earned a badge
      One Month Later
    • One Month Later
      Prasann earned a badge
      One Month Later
    • Week One Done
      Prasann earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      519
    2. 2
      +Edouard
      174
    3. 3
      PsYcHoKiLLa
      95
    4. 4
      Steven P.
      84
    5. 5
      ATLien_0
      70
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!