Computers worldwide have been experiencing a continuous state of reboot due to a McAfee DAT Update that deleted a critical file and caused a loss of network connectivity. For business with Intel® Core™ vPro™ processors , there could be a quick fix to this problem.
Intel Core vPro processors can help in situations like this where the remote PCs are inoperable or having connectivity problems. With Intel Core vPro processors, you can remotely configure, diagnose, isolate, and repair an infected PC—even if it’s unresponsive. And you can centrally schedule diagnostic events to run locally on PCs, even if they are powered down or disconnected.
Get the Download
Intel and Symantec have worked together to post a scripted solution to automate the steps needed to correct this outage situation remotely: https://kb.altiris.com/display/1/articleDirect/index.asp?aid=52535
The solution uses a single bootable image delivered to a configured Intel Core vPro processor based system via the Symantec Client Management Suite. The core solution was developed and released within 24 hours of the announced issue. Instead of prolonged manual steps via an onsite technician or user attempting to follow written instructions, the solution enables remote remediation within minutes.
The solution utilizes Intel vPro Technology remote power control, boot redirection, and serial of LAN. The bootable image is a variant of Remote Drive Share as available at http://communities.intel.com/docs/DOC-5029. Logic contained within the bootable image detects the Microsoft Windows boot partition, whether the client PC is affected, replaces the svchost.exe as needed, and updates the extra.dat file from McAfee. Since all of these functions are performed outside of the client operating system, booting to Microsoft Windows Safe Mode and disabling of the McAfee Anti-Virus process are not required. If using the Serial-over-LAN console, output is directed to the administrator console only.
Resolution of the situation can be accomplished within a few minutes. Customers who have configured the Fast-Call-for-Help capability, enabling out-of-band management of Intel vPro Technology systems over the internet, are able to utilize the single ISO image with the Symantec Client Management Suite to complete the solution. Full remediation is accomplished out-of-band via the Intel vPro Technology session.
Alternative scripted solutions are being developed by Symantec for customers who do not have Intel Core vPro processors. These solutions utilize Altiris Deployment Server with a PXE-boot process and WinPE to accomplish similar steps. If customers had an Intel vPro Technology enabled solution, they could remote control the power of the client before initiating the PXE-boot session.
Intel Core vPro processors deliver cost-cutting efficiency and maximum productivity with the intelligence of hardware-assisted security and manageability features.
Information on manually resolving the issue is available at https://kc.mcafee.com/corporate/index?page=content&id=KB68780 and http://isc.sans.org/diary.html?storyid=8656&rss