McAfee rebooting Windows XP Systems - False positive detection of w32/wecorl.a in 5958 DAT - svchost.exe - REMEDIATION through RTSM and Intel vPro
| Article:TECH127395 | | | Created: 2010-04-22 | | | Updated: 2010-04-23 | | | Article URL http://www.symantec.com/docs/TECH127395 |
Problem
McAfee rebooting Windows XP Systems - False positive detection of w32/wecorl.a in 5958 DAT - svchost.exe
Using Real-Time System Manager with Intel vPro technology (IDE Redirect) to resolve the reported issue:
False positive detection of w32/wecorl.a in 5958 DAT --- LINK
Environment
McAfee Enterprise Virus Scan - VirusScan Enterprise 8.5i and VirusScan Enterprise 8.7i
Systems affected: Windows XP SP3
Windows XP SP2 - These systems may be affected, but this article is targeting SP3.
Notification Server 6.0 or 7.0
Intel vPro AMT 2.0 or higher
Cause
This issue is detailed at the following external link: https://kc.mcafee.com/corporate/index?page=content&id=KB68780
Solution
The attached ISO can be used to resolve this issue using vPro IDER (IDE Redirect) technology. The following process should be used to deploy this fix:
Prerequisites:
- Notification Server 6.0 or 7.0
- Real-Time System Manager 6.3 or 7.0
- Intel vPro enabled systems known to the Notification Server.
- Download the attached ISO to a location on the Notification Server.
Instructions below are for version 7.0 of the Symantec Management Platform:
One to One resolution - Real-Time System Manager
- Two ways to launch the Real-Time System Manager:
- In the Symantec Management Console, Browse under Manage > Remote Management > Real-Time Management. Put in the IP address or system name of the system requiring remediation.
- In the Symantec Management Console, Browse under Manage > Computers. Use the list to find the system remediation is required on. Right-click on the system and choose Remote Management > Manage.
- In the Real-Time tree in the middle pane, browse under Real-Time Consoles > Real-Time System Manager > Management Operations > Manage Power State and Redirection.
- Look under Redirection options and check the options:
- Display task progress and remotely control computer
- Perform Boot from:
- Choose CD Image and click the Browse button.
- Browse to the downloaded ISO and click OK.
- Click Run task now.
- You can watch the execution occur.
One to Many resolution - Task Server
- In the Symantec Management Console, browse under Manage > Jobs and Tasks > System Jobs and Tasks > and select Real-Time System Manager.
- Right-click on the Real-Time System Manager folder and choose New > Task.
- In the left-hand tree browse down under Real-Time System Manager and choose Boot Redirection.
- Provide a name such as: "McAfee DAT Fix".
- Next to Perform boot from select CD Image from the dropdown.
- Click the Browse button and browse to the downloaded ISO file.
- Click OK to create the Task.
- Click New Schedule on the resulting window.
- Leave the option on Now (or if you prefer, set a schedule).
- Click Add and select Computers or Devices (you can alternately choose Target if you have a Target created targeting your Windows XP SP3 systems).
- Use the selector to locate and select all systems that require remediation. Click OK when completed.
- Cllick on the link Select Connection profile.
- Choose a Profile that contains valid credentials to execute an AMT IDER session and click OK.
- Click Schedule to kick off the Task.
- The UI will have a status you can refresh and double-click to track the progress of the fix.
Instructions below are for version 6.0 of Notification Server:
One to One resolution - Real-Time System Manager
- Two ways to launch the Real-Time System Manager:
- In the Altiris Console, Browse under View > Solutions > Real-Time System Manager > Tools > Manage. Put in the IP address or system name of the system requiring remediation.
- In the Altiris Console, Browse under View > Solutions > Real-Time System Manager > Resources > Computer Collections > All Computers. Use the list to find the system remediation is required on. Right-click on the system and choose Real-Time System Manager > Manage.
- In the Real-Time tree in the left-hand pane, browse under Real-Time Consoles > Real-Time System Manager > Administrative Tasks > Hardware Management.
- Look under Redirection options and check the options:
- Display task progress and remotely control computer
- Perform Boot from:
- Choose CD Image and click the Browse button.
- Browse to the downloaded ISO and click OK.
- Click Run task now.
- You can watch the execution occur.
One to Many resolution - Task Server
- In the Altiris Console, browse under Manage > Jobs > Tasks and Jobs > Server Tasks.
- Right-click on the Server Tasks folder and choose New > Task/Job.
- In the left-hand tree browse down under Real-Time System Manager and choose Boot Redirection.
- Provide a name such as: "McAfee DAT Fix".
- Next to Perform boot from select CD Image from the dropdown.
- Click the Browse button and browse to the downloaded ISO file.
- Click OK to create the Task.
- Click Run Now in the resulting window.
- Provide a Run name.
- Click Connection Profile to choose a Profile that contains valid credentials to execute an AMT IDER session and click OK.
- Click on Resources > Select Computers. Use the selector to locate and select all systems that require remediation. Click OK when completed.
- Click Run Now to kick off the Task.
- The UI will have a status you can refresh and double-click to track the progress of the fix.
Attachments
|
|
Legacy ID
52535
Article URL http://www.symantec.com/docs/TECH127395
Terms of use for this information are found in Legal Notices
Thank you.