Re: [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP SP3 Computers

• From: "Deo, Terry" <Terry.Deo@xxxxxxxxxxxx>
• To: <foxboro@xxxxxxxxxxxxx>
• Date: Mon, 26 Apr 2010 12:38:32 -0400

The Department of Homeland Security reports alerts like this, which are related 
to industrial control systems, on the ICS-CERT website at  www.ics-cert.org.  
This is a good place to look for information on vulnerabilities and other 
security information pertaining to process control systems.

This is the alert text for the McAfee DAT issue:
  
McAfee, Inc. has reported that DAT release 5958 is incorrectly identifying the 
valid system file, C:\Windows\system32\svchost.exe, as containing malicious 
code. McAfee indicates false positive detection occurs on Windows XP Service 
Pack 3 systems. Other reports indicate XP machines running SP 1 and SP 2 have 
also been affected. Symptoms include a denial-of-service condition when the 
McAfee software attempts to clean the file. ICS-CERT is aware that some 
industrial control systems are offered with McAfee products and recommends 
owners and operators review the US-CERT Critical Infrastructure Information 
Notice - CIIN-10-112-01 which was distributed on the US-CERT Portal April 22, 
2010. In addition, if affected by this problem, ICS-CERT recommends consulting 
with your control system vendor and your IT department. Please report any 
issues affecting control systems in critical infrastructure environments to 
ICS-CERT. ICS-CERT Operations Center 1-877-776-7585 www.ics-cert.org 
ICS-CERT@xxxxxxx  

Regards,
Terry

Terry J. Deo
Senior Systems Engineer
Infineum USA, L.P.
P.O. Box 23
Linden, N.J.  07036

Ph: 908-474-6179
Fx: 908-474-7609

>
>

-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On 
Behalf Of Pulas, Philip
Sent: Thursday, April 22, 2010 1:37 PM
To: 'foxboro@xxxxxxxxxxxxx'
Subject: Re: [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP 
SP3 Computers

Jack,

Yes, the newer P92's we have been ordering are being shipped with WinXP SP3 as 
the only option, starting with the T3500 Rev K models.  The prior T3400 Rev J 
models had it as an option to build them with WinXP SP1, SP2, or SP3, depending 
on the I/A version or if you were installing Infusion.

Thanks,
Philip Pulas
Tesoro
Golden Eagle Refinery
Martinez, CA

-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jack.Easley@xxxxxxxxxxxx
Sent: Thursday, April 22, 2010 10:21 AM
To: foxboro@xxxxxxxxxxxxx
Subject: [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP SP3 
Computers

Just saw this article in today's news concerning McAfee Definition file 5958 
and the havoc it is creating with WinXP SP3 worldwide. It may not affect 
Foxboro WP/AW boxes at all as my latest WP purchased 1 ½ years ago has SP2, not 
SP3. Someone from Fox may want to follow through on this to let us know if any 
of the latest Foxboro WP/AWs are shipped with SP3.
 

Article Link:  

http://www.pcworld.com/article/194776/mcafee_error_little_relief_in_sight.html

 

This bad antivirus definition file is not posted on the Foxboro CSC Antivirus 
Web Page, but some customers may download directly from the McAfee site. This 
is a good reason not to (latest isn't greatest). Foxboro does not test these AV 
updates (at least there is a disclaimer to this effect), but does delay passing 
them on to their customers. Yeah Foxboro!

 

I'm sure this has been removed from the McAfee site also, but some customers 
may have delayed deployment in place.

Jack Easley
Sr. I&C Technician
Luminant Power, Martin Lake Plant
Phone 903.836.6273
jack.easley@xxxxxxxxxxxx 
 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
 
 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
 

• References:
  • [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP SP3 Computers
    • From: Jack.Easley
  • Re: [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP SP3 Computers
    • From: Pulas, Philip

Other related posts:

• » Re: [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP SP3 Computers- Boulay, Russ
• » Re: [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP SP3 Computers- Pulas, Philip
• » Re: [foxboro] McAfee Antivirus Definition Update 5958 Killing WinXP SP3 Computers - Deo, Terry

1. Home
2. foxboro
3. Archive
4. 04-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---