Feeds

Trend virus update freezes some PCs

Chicken Little pox

Providing a secure and efficient Helpdesk

Problems with antivirus updates from Trend Micro left some users with unusable computers late last week.

The signature update, pushed out on Friday morning, incorrectly identified key Windows system files as being infected with a Trojan. The security software quarantined these important files leaving users with unstable systems. Trend later fixed the problem by issuing updated signature definition files that avoided the false positive.

For affected users that was far from the end of their worries. They were still left with the hassle of repairing Windows and (perhaps) reinstalling their security software.

Consumers were hardest hit by the glitch, which affected users of Trend Micro Internet Security, Trend Micro Internet Security Pro and Trend Micro AntiVirus. In an advisory to customers forwarded to The Register, Trend Micro said that a small number of consumers were hit by the snag and explained that the faulty update "inaccurately identified certain files as malicious and quarantined them". It admitted that this might cause system instability.

In response to queries from El Reg, prompted by reader emails, Trend Micro issued a statement:

On 5th September 2008 at 02h00 GMT, a false alarm was triggered in Trend Micro Internet Security caused by a new pattern file that had been issued. Specifically the inclusion of pattern Troj_Generic.ADV issued within Official Pattern Release (OPR) version 5.525.50 quarantined several Microsoft Windows DLLs.

In mitigation we removed the detections in question and at 12h15 GMT on 5th September, OPR 5.527.50 was released that resolved this issue. Customers who downloaded OPR 5.525.50 needed only to update to the latest OPR. All other customers who updated thereafter received the latest OPR.

Oh Lordy it's happened again

Anti-virus updates misidentifying legitimate files as suspect are a well known Achilles' Heel of anti-virus scanner software. Issues crop up periodically at roughly the same frequency Premiership football managers and club chairmen fall out.

The results can be just as ugly.

It's hard to think of a security firm that hasn't had problems in this area, and Trend is no exception. The issue gets far more messy, as in the latest Trend Micro case, when system files are incorrectly flagged up as malware.

Reg reader Antonin, based in France, explained the problem in greater depth.

"Trend Micro release a new signature file which decided that explorer.exe and several other system files had a "Troj Gen Adv" and should be quarantine. After the cleanup, a reboot was advised and after the reboot, chaos started," Antonin explained.

"Logon was OK but there was no taskbar, Trend Micro and several other application would not load automatically, Excel and Word and any other application would start but after clicking [I received] several error messages, services menu was corrupted and windows was very unstable. Restore would not work and install/uninstall would not neither," he added.

Antonin was eventually advised by Trend Micro to repair Windows before uninstall and reinstalling Trend Micro.

The net security firm is continuing to investigate the issue. "To date Trend Micro UK have received thirty-five calls to our technical support teams in relation to this issue and TrendLabs is investigating the incident further to determine root cause and remediate," said Rik Ferguson, senior security advisor at Trend Micro. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.