Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:11 PM
Connect Directly

McAfee Offers Compensation To Enterprise Customers Hit By Faulty AV Update

Businesses affected by the errant AV update get free one-year subscription to automated security health-check platform

One day after McAfee announced it would compensate consumers whose machines crashed or experienced repeated reboots after installing a faulty virus definition update the vendor issued last week, the AV giant today said it would also offer reparations to businesses -- which suffered the bulk of the damage.

McAfee has apologized profusely for issuing a DAT file that experts say caused tens of thousands of Windows XP Service Pack 3 systems to crash or continuously reboot due to the update incorrectly detecting and quarantining XP S3's svchost.exe as a virus. In a FAQ to its corporate customers, McAfee admitted it had not included XP SP3 with VSE 8.7 in its testing process for the problematic AV update.

The company says a minority of its customers experienced problems due to the update -- about 1 percent of its enterprise customers, and an unknown number of consumers. Some large McAfee customers have reported that the total number of enterprise machines affected is estimated between 12- and 15 million, according to one industry source.

But experts worry that companies could have machines that have yet to experience symptoms of the update, which would drag the fallout from the errant DAT for weeks or months.

In a statement released today, McAfee announced its compensation offers and reiterated its apology for the mishap: "McAfee takes full responsibility for what has occurred and we sincerely apologize for the inconvenience this has caused. Even among the vast majority of customers who did not experience operating disruptions, the mere possibility created an unwelcome distraction and reason for concern," the statement said.

The company and its channel partners are offering what it calls a "customer commitment package" to affected firms that will be customized to the installation. "For example, all affected customers will be offered a free one-year subscription to our automated security health check platform, which provides an assessment of the security of an organization or enterprise based on McAfee's best practices," the company said in the statement.

Affected enterprises should hear from McAfee within a few days with details about how they can redeem the compensation packages, McAfee said. The company also is offering a downloadable tool that repairs XP machines damaged by the bad DAT file; more information is available here.

But it's unclear whether enterprises that were burnt by the faulty DAT will go for it, according to one security expert. "If McAfee flunked on their AV, what says that they wouldn't do the same on other solutions? And the new feature needs to be tested, installed, and IT admins need to learn it, which is more time and money lost," says security expert Lucas Lundgren.

Consumer victims will be reimbursed for "reasonable costs incurred" for getting their computers back online and will receive two additional years of their McAfee AV subscription for free. The company plans to provide more details about the offer on its website this week, it said.

One Dark Reading reader says a neighbor's XP SP2 machine was wiped out completely by the update. Another neighbor had to bring him the new patch on a USB stick to help fix the machine. "What are home users to do? Especially if they didn't hear about this on the news or don't have another PC connected to the Internet," he said in an email.

Meanwhile, it didn't take long for the bad guys to capitalize on the DAT debacle: SEO-poisoning campaigns are well under way, and these Web pages, ironically, can direct victims to sites that push fake antivirus software. According to Sophos, it's best to go directly to McAfee's website than to do a search given these campaigns.

"Users need to watch out when they are searching for information" on the false-positive incident, says Randy Abrams, director of technical education for Eset. "When a false-positive becomes a big news story, it creates the news, as well."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could allow unauthorized access to the driver's device object.
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could cause systems to experience a blue screen error.
PUBLISHED: 2021-04-13
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.