McAfee update + Windows XP = BSOD

Stephen Withers
Thursday, 22 April 2010 08:21

Business IT - Security

McAfee has conceded that a flawed definitions file for its security software is causing blue screen or DCOM errors, and restart loops.

The 5958 version of the definitions file released by McAfee causes false positive detection of the w32/wecorl.a on Windows XP SP3.

Consequently, the svchost.exe file was being quarantined, typically preventing systems from booting. Microsoft describes svchost.exe as "a generic host process name for services that run from dynamic-link libraries (DLLs)."

McAfee initially released a data file that could be installed to "suppress the false positive detection", and subsequently resolved the issue by releasing version 5959 of the definitions file the same day.

However, company officials warned that it could take several hours for the update to propagate to all of its download servers.

McAfee has provided instructions for manually replacing svchost.exe and is reportedly working on an automated repair process.

This isn't the first time that an update or new definition for security products have caused problems. BitDefender, Kaspersky, McAfee, Trend Micro Sophos, and Symantec users have been affected over the years.