We have found varying degrees of destruction, but so far none that could not be recovered. For some reason MS KB323497 seems to resolve just about everything we have come across.
We have found a few servers that get blank screens in safe mode. They never get to a logon prompt. Anyone gotten past this? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Friday, September 01, 2006 11:46 AM To: [email protected] Subject: Re: [ActiveDir] OT: Servers rebooting, etrust antivirus CA eTrust Antivirus flagging lsass.e x e http://isc.sans.org/diary.php?n&storyid=1665 Unsubscribe: http://isc.sans.org/notify.php Yup Kevin Brunson wrote: > > Anyone else out there dealing with the Computer Associates eTrust > Antivirus signature thing this morning? > > Symptoms: "The system process "C:\Windows\System32\lsass.exe" > terminated unexpectedly with status code 0. The system will now shut > down and restart." > > After the reboot, it once again gives the same message, over and over. > > Resolution: Update to the latest eTrust Antivirus signatures. The > version ending in .3056 is known stable. > > Details: Apparently the signatures are detecting lsass.exe as a virus > and trying to rename or delete it. Windows File Protection kicks in > and says no. They then argue for a bit and neither wins so the server > gives up and reboots. > > Hopefully no one else has experienced this, but if you are running ca, > this should solve your problem. Almost all of my customers are running > eTrust Antivirus, so it has been a very long morning. > > Kevin > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
