back to article CA auto-immune update trashes systems

A beserker update to CA eTrust anti-virus software created all sorts of confusion on Wednesday. The 33.3.7051 update labeled a large number of binaries (.DLL and .exe files) - including some components of eTrust itself - as infected with something called StdWin32. These files were sent off to quarantine, resulting in disabled …


This topic is closed for new posts.
  1. Anonymous Coward

    eTrust hates Cygwin????

    The organisation I work for runs eTrust (currently 8.1.637.0). After a the recent upgrade, Cygwin runs a like a dog, so slow that its almost unusable. Since I rely on Cygwin for some of my systems and software admin, eTrust has now moved closer to the top of my shit list. Last month it quarantined some of the Cygwin DLLs. Does CA have something against Cygwin?

  2. John PM Chappell

    This would be why ...

    ... I always retain user oversight of actions by such tools, when I even bother to use them; honestly, I run XP daily and I think the last time I was infected with anything was about three years ago when I foolishly attached an acquaintance's external hard drive to my own machine under Windows rather than scanning it from secure environment first. I've found that using Firefox with NoScript and only permitting scripting to run on sites that absolutely need it (and even then marking all ad domains and similar as globally untrusted) has kept my machine clean. I periodically run a full scan from a standalone AV tool with recent signatures to be sure but I found that permanently installed products, especially those using on-access scanning and auto-action were more trouble than they were worth.

  3. Scott F. Gunelius


    It's too bad eTrust didn't quaratine itself before running amok with other apps. That's twice in five weeks an update has ruined my morning. I've already got the renewal for eTrust in process and am upgrading to ITM (includes PestPatrol); what have I done?!?

  4. Conrad Longmore
    Black Helicopters

    And I was wearing my El Reg T-Shirt

    That's *my* blog.. and the funny thing is that I was wearing my El Reg T-shirt from the Cash & Carrion shop today. Coincidence? Conspiracy? Or just another CA cockup?

  5. Anonymous Coward


    Is it really such a hard idea?

  6. Anonymous Coward

    Please, kill me

    "The dodgy update falsely tagged important Windows system files as potentially malign before dispatching them into quarantine."

    As the unfortunate owner of a Vista Home Basic system, I'm seriously thinking about installing this software.

  7. Woody 4

    Shouldn't this strap line read...

    CA auto-immune eats itself!

    On a serious note, feel 4 u sys admin's today! respect...

  8. Kevin Reader

    One positive - One Hurumph

    It seems pretty impressive that they have admitted the fault in fairly strong language. Quite rare in such circles, even when its your corporate customers you've messed up.

    One the other hand is "remediation" even a word, even in America. It appears to be the classic American trick of rolling a word through all the grammatical forms until it loses all sense. Recovery would work, mediation might half work, remedial fits quite well but remediation. Presumably the act of carrying out remedial work - but is it English.

  9. Martyn

    Thanks a bunch

    Hmm this happened to us today. It went through quarantining files from vmware, roxio, software I'd written, Windows, Open Office etc.

  10. Conrad Longmore


    Looking at the files it ate.. it seemed totally random. I don't think it was "targetting" anything in particular.

    Serendipitously I happened to be in early in the morning at our place because we are migrating some of our clients off CA to a rival product, so I managed to catch it before it trashed everything.

    @BobK - remember that you can exclude certain files and directories from your scanning, that's worth having a try if you have persistent problems.

  11. Anonymous Coward

    Thats just cost CA another potential customer

    We are advising a large user on this technology. The user has 1000 PC's all 24/7 and could not stomach this sort of self inflicted problem caused by software you actually pay for.

    It's bad enough that U$oft doesn't understand the meaning of the word LATER after it's updates that need a re-boot.

    Sorry CA you are off the list.

  12. Terry Dooher

    Seems I got off lightly.

    It only hit 7 PCs and 99% of the detections I saw were in Incredibuild's ModuleCache folder, an eminently deletable local cache of of DLLs and EXEs from other machines. (mostly related to Visual Studio). One machine only lost network and CDrom drive access after a few .sys files got renamed. Some of the others on that blog weren't so lucky.

  13. Anonymous Coward

    @Woody 4

    Maybe its Lupus?

    I'll get my coat and cane....

  14. Anonymous Coward
    Anonymous Coward

    Maybe it's time I should go back to AVG Free

    It's not any better and it might trash innocent files as well but at least I don't have to pay for that.

  15. Anonymous Coward

    This totally destroyed us

    This totally destroyed us. eTrust blew away 750 files on a production siebel cluster. I couldn't even unquarantine the files since even eTrust AV was damaged and wouldn't start. It blew away our backup server too, so made restores impossible until the backup was fixed. I wasn't able to get a clear idea of what servers were affected because I couldn't get the central threat management console to start.

    Possibly the worst work day of my life. Absolute madness. The only way my day could have been worse would have to involve gunfire.

    CA salesmen are pretty slick. They always weasel their past me to get to management and treat them to whatever and push some unpolished product on us. Hopefully, the lesson is learned.

    I've hated CA since the 90's when I had to work with ArcServe, so I'm not terribly surprised.

  16. Forename Surname

    No reason for this to happen

    Simple testing of the signature files on in a test environment would stop this stupidity. It is ridiculous that CA, AVG and McAffee have had these problems of late.

This topic is closed for new posts.

Other stories you might like