CA eTrust Antivirus flagging lsass.e x e
http://isc.sans.org/diary.php?n&storyid=1665
Unsubscribe: http://isc.sans.org/notify.php
Yup
Kevin Brunson wrote:
Anyone else out there dealing with the Computer Associates eTrust
Antivirus signature thing this morning?
Symptoms: “The system process “C:\Windows\System32\lsass.exe”
terminated unexpectedly with status code 0. The system will now shut
down and restart.”
After the reboot, it once again gives the same message, over and over.
Resolution: Update to the latest eTrust Antivirus signatures. The
version ending in .3056 is known stable.
Details: Apparently the signatures are detecting lsass.exe as a virus
and trying to rename or delete it. Windows File Protection kicks in
and says no. They then argue for a bit and neither wins so the server
gives up and reboots.
Hopefully no one else has experienced this, but if you are running ca,
this should solve your problem. Almost all of my customers are running
eTrust Antivirus, so it has been a very long morning.
Kevin
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
