An Update on False Positive Remediation128
As you know, McAfee on Wednesday released a faulty signature update file (DAT file) that caused problems for a number of our customers.
First off, I want to apologize on behalf of McAfee and say that we’re extremely sorry for any impact the faulty signature update file may have caused you and your organizations.
I want to give you a brief update on what has happened since we first became aware of the false detection. McAfee team members have been working around the clock to fix the problem and work with impacted customers. We estimate that the majority of the affected systems are back up and running at this time and more systems are coming back online quickly.
Early Thursday morning (at around 1 AM PT) we published a SuperDAT Remediation Tool to help customers fix affected systems. The tool suppresses the driver causing the false positive by applying an Extra.dat file in folder. It then restores the “svchost.exe” Windows file, the file quarantined as a result of the false detection.
The tool has been successful at remediating the problem caused by the faulty DAT update for multiple customers. The tool itself and more details on how it works are available in our knowledge base. Additionally, we have support team members onsite and on the phone to assist impacted customers.
Of course many of you are asking how the faulty DAT made it past our quality assurance checks. The problem arose during the testing process for this DAT file. We recently made a change to our QA environment that resulted in a faulty DAT making its way out of our test environment and onto customer systems.
To prevent this from happening again, we are implementing additional QA protocols for any releases that directly impact critical system files. In addition, we plan to add capabilities to our cloud-based Artemis system that will provide an additional level of protection against false positives by leveraging an expansive whitelist of critical system files. (More details are available in an FAQ that was published Thursday night.)
Again, on behalf of McAfee, I’m very sorry for how you may have been impacted by the faulty DAT file update and thank you for your continued support and cooperation as we work to remediate the situation.