Thursday, 22 April 2010

MVP Announce: Alert - McAfee Update Causing Windows XP Machines to Shut Down

What is the purpose of this alert?

Microsoft has been made aware of an issue with a McAfee DAT file update - released Wednesday, April 21, 2010 - that has been causing stability issues on Windows XP client systems. The symptom is caused by a false-positive detection on a core Windows file (svchost.exe). Once the file is quarantined by McAfee, the system may encounter one of the following symptoms:

·                                 The computer shuts down when a DCOM error or a RPC error occurs

·                                 The computer continues to run without network connectivity.

·                                 The computer triggers a Bugcheck (Blue Screen). 

The DAT file version that that caused the problem is McAfee DAT 5958. This file was propagated to client machines that conduct automatic updates of definition files. McAfee updated the DAT file soon after the problem was identified with a new version that does not cause the problem.

 

Resolution Steps

 

Please review the following KB Articles for specific steps to resolve the issue on systems that are affected.

 

McAfee KB Article:

 

Microsoft KB Article:

 

Recommendations

 

We recommend customers affected by this symptom first review the McAfee KB Article referenced above. For further assistance, customers should contact McAfee. Customers who are unable to resolve the issue through these means can contact Microsoft for technical support using resources found on this Web page: http://support.microsoft.com/.

 

Regarding Information Consistency

 

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.