0 Replies Latest reply on Apr 6, 2017 9:02 AM by ryanmcna

    KB87705 - Severe Impact caused by Applet on the first day of Q2 2017

    ryanmcna

      Hi All,

       

      We experienced an issue on Saturday 1st of April which after investigation was caused by an applet downloaded under KB87705  McAfee Corporate KB - An intermediate certificate is installed under "Trusted Root Certification Authorities" KB87705

       

      I was wondering if anyone has seen similar issues ??

       

      We saw high CPU on the Core Switch and across our Hyper-V Environment caused by "Setup-SYSCORE-Certificate-KB87705" and "MFESETUP.exe" processes

      mfesetup2.pngsyscore1.PNG

      The following batch file is created as part of the application:

       

       

       

      Batch File created by the above application

      Part of the batch file is carry out a
      ping causing increased network traffic (Example below)

       

      :loop

      copy C:\Windows\SysWOW64\write.exe
      "C:\ProgramData\McAfee\Common
      Framework\Current\TIER3APP0136\Install\0000\Setup--SYSCORE--Certificate--KB87705 .exe"

      del "C:\ProgramData\McAfee\Common
      Framework\Current\TIER3APP0136\Install\0000\Setup--SYSCORE--Certificate--KB87705 .exe"

      ping
      -n 1 -w 250 zxywqxz_q

      if exist "C:\ProgramData\McAfee\Common
      Framework\Current\TIER3APP0136\Install\0000\Setup--SYSCORE--Certificate--KB87705 .exe"
      goto loop

      del C:\Windows\deleteme.bat

       

      The batch file failed to complete due to an access protection rule set under the Common Standard Protection:

       

      Access Protection Rule.png