All the machines that i have ran it on worked successfully.
Booted into safe mode, ran the sdat, booted into normal mode, ran an autoupdtae and everything is OK.
Q: What does the SuperDAT Remediation Tool Do?
A: The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe, if not present it will attempt a restore from %WINDOWS%\servicepackfiles\i386\svchost.exe, if not present it will attempt a restore from quarantine. After the tool is run, the machine needs to be rebooted.
Maybe the tool couldn't find a copy to restore??Message was edited by: jmcleish on 22/04/10 09:37:34 CDT
I've just checked- all v8.5
Maybe its likesays- maybe it can't find the file to restore.
Grab another copy to use.
Check this first tho....Message was edited by: jmcleish on 22/04/10 09:44:33 CDT
safe mode then running SDAT5958_EM.exe seems to do the trick, only just got the warning email from mcafee's..a bit late.
Today has been a nightmare. Maybe time to look at a new virus solutions once the license expires. Could not handle another day like this and confidence in mcafee's at an all time low.
doesn't look like they can even get environment variables correct.
from the sdat article:
What does the SuperDAT Remediation Tool Do?
The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe. If not present, it attempts a restore from the following:
I don't know about anyone else here, but i have never seen a %windows% or a %system_dir% environment variable defined anywhere on any XP system i have; actually any windows system at all. i could have swore all you get is %windir% and no variable for system32. and in the prebvious sentance they hardcoded the C:\ drive letter into the dat copy path. they can't even be consistent. maybe that's why people are having trouble using the fix? it is looking in places that don't exist?
Our McAfee contract will be up in July, this is making me think about
changes virus companies. It appears that the University of TN is
dropping McAfee for Microsoft Forefront.
There have been other companies with false positive detections before.
We had one from our AntiSpyware company that quarantined a whole stats package on all our machines!
Here's one example I remember reading about:
Besides isn't Forefront included in a campus agreement somewhere- could be cost based?Message was edited by: jmcleish on 22/04/10 09:49:59 CDT
We were soooo lucky with this last night. Only 20 PC's picked up this DAT out of several thousand. I managed to cancel all replications to our repositories before this DAT was fired out.
I really hate to think what would have happened if we wouldn't have nipped this in the bud. Poor show McAfee for this.
Thanks to some who posted up suggestions on this thread though, always a good font of knowledge on here
This looks like a really good forum. I am a remote worker on XP and have this issue. I'm medium tech savvy. I can't stop mcafee easily since I have no taskbar and can't seem to get it back. Windows explorer works, task manager works plus some other programs. I have no net connectivity (got "retrying IP" messages) but also have a Vista OS computer if I need to get a new file to my XP computer via USB.
Could one of you brilliant people please suggest the steps I should take?
Thank you so much