The Department of Homeland Security reports alerts like this, which are related to industrial control systems, on the ICS-CERT website at www.ics-cert.org. This is a good place to look for information on vulnerabilities and other security information pertaining to process control systems. This is the alert text for the McAfee DAT issue: McAfee, Inc. has reported that DAT release 5958 is incorrectly identifying the valid system file, C:\Windows\system32\svchost.exe, as containing malicious code. McAfee indicates false positive detection occurs on Windows XP Service Pack 3 systems. Other reports indicate XP machines running SP 1 and SP 2 have also been affected. Symptoms include a denial-of-service condition when the McAfee software attempts to clean the file. ICS-CERT is aware that some industrial control systems are offered with McAfee products and recommends owners and operators review the US-CERT Critical Infrastructure Information Notice - CIIN-10-112-01 which was distributed on the US-CERT Portal April 22, 2010. In addition, if affected by this problem, ICS-CERT recommends consulting with your control system vendor and your IT department. Please report any issues affecting control systems in critical infrastructure environments to ICS-CERT. ICS-CERT Operations Center 1-877-776-7585 www.ics-cert.org ICS-CERT@xxxxxxx Regards, Terry Terry J. Deo Senior Systems Engineer Infineum USA, L.P. P.O. Box 23 Linden, N.J. 07036 Ph: 908-474-6179 Fx: 908-474-7609 > > -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Pulas, Philip Sent: Thursday, April 22, 2010 1:37 PM To: 'foxboro@xxxxxxxxxxxxx' Subject: Re: [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP SP3 Computers Jack, Yes, the newer P92's we have been ordering are being shipped with WinXP SP3 as the only option, starting with the T3500 Rev K models. The prior T3400 Rev J models had it as an option to build them with WinXP SP1, SP2, or SP3, depending on the I/A version or if you were installing Infusion. Thanks, Philip Pulas Tesoro Golden Eagle Refinery Martinez, CA -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Jack.Easley@xxxxxxxxxxxx Sent: Thursday, April 22, 2010 10:21 AM To: foxboro@xxxxxxxxxxxxx Subject: [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP SP3 Computers Just saw this article in today's news concerning McAfee Definition file 5958 and the havoc it is creating with WinXP SP3 worldwide. It may not affect Foxboro WP/AW boxes at all as my latest WP purchased 1 ½ years ago has SP2, not SP3. Someone from Fox may want to follow through on this to let us know if any of the latest Foxboro WP/AWs are shipped with SP3. Article Link: http://www.pcworld.com/article/194776/mcafee_error_little_relief_in_sight.html This bad antivirus definition file is not posted on the Foxboro CSC Antivirus Web Page, but some customers may download directly from the McAfee site. This is a good reason not to (latest isn't greatest). Foxboro does not test these AV updates (at least there is a disclaimer to this effect), but does delay passing them on to their customers. Yeah Foxboro! I'm sure this has been removed from the McAfee site also, but some customers may have delayed deployment in place. Jack Easley Sr. I&C Technician Luminant Power, Martin Lake Plant Phone 903.836.6273 jack.easley@xxxxxxxxxxxx _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave