eTrust identifies critical file as virus.
A mistake at
CA
caused some trouble over the weekend, as its
eTrust
products started identifying part of the
Windows
local authentication system in
Windows 2003 Server
as infected with a virus called ‘lassrv.b’. Clean copies of
lsass.exe
, a popular target for viruses, were blocked by the software, and even deleted by some users, causing some nasty problems.
The update causing the FP,
Vet DAT signature 30.3.3054
, was released in the early hours of Friday morning US time, and was fixed by an update issued before 9:30AM the same day.
CA
has released some instructions on recovering a system which has lost or blocked the file,
here
. Read the
SANS
announcement of the problem
here
.
Posted on 4 September 2006 by
Virus Bulletin
Leave a Reply