OIT Briefs Campus on Antivirus Update Mishap

Yesterday at 9:15 a.m., the Office of Information Technology (OIT) learned that an update to campus machines running Windows XP Pro, Service Pack 3 with McAfee Antivirus installed was causing machines to reboot and enter an unusable state. The issue was caused by a virus definition update (also called a DAT file) that quarantined a critical Windows system file by mistake. OIT immediately contacted McAfee and began working on a solution. OIT rolled back to a good DAT file at 10 a.m. and provided instructions to the technical community on how to clean up affected machines at noon. The DAT file that caused the issue was removed from Georgia Tech's McAfee servers (also known as ePO servers).

At last count, more than 500 machines that are centrally managed by the Georgia Tech McAfee servers were affected and repaired. However, a large segment of the population, including students, is running stand-alone versions of McAfee that are also affected. The Technology Support Center and Residential Housing Technical Support staff are working with students to recover from this issue.

This incident was not isolated to Georgia Tech. The bad DAT file was pushed out from McAfee to all McAfee customers worldwide, resulting in a large-scale remediation effort for all McAfee customers, not just Georgia Tech.

OIT would like to thank the campus IT technology community for their quick work and help to get the issue resolved and assist users with affected computers. Without their help, the incident would have been much worse.

OIT will continue to work with McAfee and the campus IT community to resolve any lingering problems arising from this issue and will be taking steps to help reduce the chances of such an incident occurring at Georgia Tech in the future. In the meantime, if your computer is exhibiting any of the symptoms described above, please contact your unit’s technical staff or the campus Technology Support Center at 404-894-7173.

To read McAfee’s response, visit:
http://siblog.mcafee.com/support/mcafee-response-on-current-false-positive-issue/