Centrality Ltd Deals With the McAfee 5958 Dat Debacle

This was Centrality Ltd  original site.
Content is from its archived pages as well as other outside sources.



Providing high quality infrastructure design, implementation and support services since 1996, Centrality is a leading IT managed services provider. A clear testament of our commitment are the excellent, congenial, long-term relationships we have with our clients. Such relationships continue to form the foundation for our company’s growth. By availing themselves to Centrality’s agile and proficient use of technology as their strategic or tactical IT resource partner, our clients remain competitive and keep control of costs.

Cloud computing is now an established service utilized by the vast majority of businesses. The migration of CRM data and applications from physical in-house dedicated physical servers to the cloud began over 10 years ago. Creating your CRM infrastructure in the cloud is made easy with a Salesforce crm customization. Customizing Salesforce involves a team of specialists who can code new modules, either business logic, front-end components, or both, and use the Salesforce programming language, APEX, and the front end framework, VisualForce. Customizing the functionality of a Salesforce platform to your organization’s unique requirements will help keep the customers you have, win new ones, and drive your business growth more efficiently. We can help migrate, under a controlled plan, all or part of your existing infrastructure to the cloud. We will discuss your options so the final solution meets all your business needs

Our clients trust in our ability to handle any situation was on display on April 21,2010 when McAfee released an update to its antivirus definitions for corporate customers. McAfee's "DAT" file version 5958 caused widespread problems with Windows XP SP3. Many affected systems entered a reboot loop and lost all network access. The corrupted DAT file infected individual workstations, as well as workstations connected to a domain. For businesses that made use of  the McAfee ePolicyOrchestrator used to update virus definitions across a network were doubly hard hit. It appeared that the ePolicyOrchestrator caused a even faster spread of the bad DAT file. It was a disaster for many organizations and businesses, as well as individuals.

As Mike Davis, Managing Director of  Centrality Ltd prepared to leave work at 1.30 a.m. he told an interviewer via telephone that the buggy McAfee antivirus update problem took out PCs at about 40 percent of the customers of U.K.

The problem started late in the afternoon, Davis said. "We started getting calls about 4 p.m. U.K. time on our help desk from customers that were having their XP-based machines just reboot seemingly randomly," he said. After realizing that it was happening to several different customers simultaneously, Centrality quickly figured out that the problem had to do with McAfee's update, and started shutting down McAfee ePolicy Orchestrator management servers to keep the problem from spreading. By then, however, several thousand computers had disappeared from the networks it manages.

 

McAfee Dat 5958 Issue

UPDATE: 13:35 22/04/2010 (GMT + 1)

Description
The McAfee 5958 Dat is causing the SVCHost.exe (a critical Windows system file) to be classed as a Virus.  Cleansing action against this file is then undertaken making some critical elements of Windows cease to function.  Most critically systems are coming back up without any network functionality which makes remote resolution of the issue difficult.
Only Windows XP systems seem to be affected at this stage, although we have Windows XP machines with the 5958 update that are not affected.

McAfee have release two updates recently.  The first (Extra.dat) can be added to update 5958 to prevent the false positive from re-occuring.  The second is the the full 5959 DAT update.  However if you have machines affected by this issue, adding Extra.dat or DAT v5959 will not completely fix your PC.
We have a number of clients affected by this issue and have put some resolution steps together to resolve the problem.  Our recommendations are below:

Option 1 : Manual Recovery - Try this first

  1. Download the extra.dat file from McAfee (http://vil.nai.com/vil/5958_false.htm) and place on a USB stick (assuming no network access)
     
  2. As an administrator on the affected machine copy the Extra.dat file to the Engine folder

    On most machines this will be"c:\program files\common files\mcafee\engine" 
  3. Reboot your PC
     
  4. Log back on as an administrator user
     
  5. Run the following command: sfc /scanfile=\svchost.exe  eg:

    sfc /scanfile=c:\windows\system32\svchost.exe
     
  6. Reboot your PC
     
  7. Login and manually update your DATs to 5959 or above

Option 2 : Manual recovery (Safe Mode)

This process is useful when you can't get any files on to your affected pc (either USB stick, network, CD etc) as all recovery actions are performed with files already on your C: Drive

  1. Boot Windows in to Safe Mode
     
  2. Log on and get to a command prompt
     
  3. Using the command line, copy the contents of the McAfee OldEngine folder to the parent "Engine" folder.

    On most machines this will mean:

    copy c:\progra~1\common~1\mcafee\engine\oldeng~1\*.* c:\progra~1\common~1\mcafee\engine

    Note: You MUST use the 8.3 notation (e.g. with ~1)  for file and directories that are longer than 8 characters
     
  4. Using the command line, copy svchost.exe from the DLLCache to Sys32. 

    Again, on most machines, this will mean:

    copy c:\windows\system32\dllcache\svchost.exe c:\windows\system32
     
  5. Reboot your machine
     
  6. Go in to McAfee Console and prevent any automatic updates until you are confident it is safe to re-enable them.

Option 3: Automated recovery

Centrality has developed an automated recovery process that will enable remote networked machines to be recovered with minimal intervention, however Microsoft licensing may be required.

 



 

More Background on MyCentrality.com

Introduction

MyCentrality.com is an established name in the IT managed services sector, providing high-quality infrastructure design, implementation, and support services since 1996. Over the years, it has developed a reputation as a reliable partner for businesses seeking to maintain a competitive edge through strategic IT solutions. This article delves into the history, services, cultural significance, and overall impact of MyCentrality.com, providing a thorough understanding of what makes this platform a notable player in the industry.

History and Evolution

MyCentrality.com was launched under the umbrella of Centrality Ltd., a company founded in the mid-1990s with a focus on delivering IT infrastructure solutions. The company's evolution mirrors the broader trends in the IT industry, particularly the shift towards cloud computing and the increasing importance of robust cybersecurity measures. One of the most significant moments in MyCentrality's history was its involvement in resolving the McAfee 5958 DAT debacle in 2010, where the company played a crucial role in mitigating the impact of a flawed antivirus update that caused widespread disruptions across its clients' networks.

Services and Specializations

MyCentrality.com offers a wide array of IT services, catering to the needs of businesses of all sizes. The core offerings include cloud migration, CRM customization (particularly with Salesforce), and comprehensive support for IT infrastructure. The company is known for its ability to tailor solutions to the specific needs of its clients, leveraging technologies like APEX and VisualForce to create customized CRM systems that enhance business operations. This level of customization is particularly valued by businesses looking to maintain strong customer relationships and streamline their operations.

The company's expertise extends to handling critical IT crises, as evidenced by its response to the McAfee DAT issue. MyCentrality's ability to swiftly diagnose and resolve complex IT problems has solidified its reputation as a dependable partner in times of crisis.

Press and Media Coverage

While MyCentrality.com does not frequently make headlines, its role in significant IT events, like the McAfee incident, has been documented in various industry publications. The company’s low-key yet effective approach to crisis management and IT support has earned it a positive reputation among its clients and within the industry. However, the lack of extensive media coverage may also reflect the nature of the services it provides—essential but often behind-the-scenes in the broader context of business operations.

Audience and Clientele

MyCentrality.com primarily serves small to medium-sized enterprises (SMEs) that require reliable IT infrastructure and support services but may not have the resources to manage these in-house. The company’s ability to scale its solutions according to the specific needs of its clients has made it a go-to provider for businesses looking to outsource their IT needs. The long-term relationships it has built with its clients are a testament to the trust and reliability that MyCentrality.com offers.

Cultural and Social Significance

In the broader context of the IT industry, MyCentrality.com represents the essential but often overlooked backbone of modern business operations. Companies like MyCentrality.com are critical in ensuring that businesses can operate smoothly and securely in an increasingly digital world. Their work allows companies to focus on their core operations without worrying about the complexities of IT management.

Furthermore, the role that MyCentrality.com played in the McAfee incident highlights the importance of having reliable IT partners who can manage and mitigate the risks associated with technological failures. In this way, MyCentrality.com contributes not only to the success of individual businesses but also to the overall stability and resilience of the digital economy.

Details, Insights, and Examples

One of the standout features of MyCentrality.com is its emphasis on personalized service. The company’s approach to CRM customization, particularly with Salesforce, is a prime example of how it tailors its services to meet the unique needs of each client. By customizing CRM systems to fit specific business processes, MyCentrality.com helps businesses optimize their customer interactions and improve their overall efficiency.

Another example of MyCentrality.com’s expertise is its development of automated recovery processes in response to the McAfee DAT incident. This innovation not only helped mitigate the immediate effects of the faulty update but also demonstrated the company’s proactive approach to problem-solving.

 

MyCentrality.com is a key player in the IT managed services sector, offering a range of solutions that help businesses stay competitive and secure in a rapidly changing digital landscape. From its history of crisis management to its personalized approach to IT services, MyCentrality.com exemplifies the essential role that IT service providers play in today’s economy. While it may not be a household name, its impact is felt by the businesses it supports and the broader digital infrastructure it helps maintain.

 

Centrality Ltd accepts no liability for any loss or damage incurred when following these instructions.

Centrality Ltd:
Telephone: 0845 2300 411
Non-UK: +44 (0) 1462 810 628
Email: admin(at)centrality.com

MyCentrality.com