cancel
Showing results for 
Search instead for 
Did you mean: 
ryanmcna
Level 7

KB87705 - Severe Impact caused by Applet on the first day of Q2 2017

Hi All,

We experienced an issue on Saturday 1st of April which after investigation was caused by an applet downloaded under KB87705  McAfee Corporate KB - An intermediate certificate is installed under "Trusted Root Certification Aut...

I was wondering if anyone has seen similar issues ??

We saw high CPU on the Core Switch and across our Hyper-V Environment caused by "Setup-SYSCORE-Certificate-KB87705" and "MFESETUP.exe" processes

mfesetup2.pngsyscore1.PNG

The following batch file is created as part of the application:

Batch File created by the above application

Part of the batch file is carry out a
ping causing increased network traffic (Example below)

:loop

copy C:\Windows\SysWOW64\write.exe
"C:\ProgramData\McAfee\Common
Framework\Current\TIER3APP0136\Install\0000\Setup--SYSCORE--Certificate--KB87705.exe"

del "C:\ProgramData\McAfee\Common
Framework\Current\TIER3APP0136\Install\0000\Setup--SYSCORE--Certificate--KB87705.exe"

ping
-n 1 -w 250 zxywqxz_q

if exist "C:\ProgramData\McAfee\Common
Framework\Current\TIER3APP0136\Install\0000\Setup--SYSCORE--Certificate--KB87705.exe"
goto loop

del C:\Windows\deleteme.bat

The batch file failed to complete due to an access protection rule set under the Common Standard Protection:

Access Protection Rule.png