Thursday, April 09, 2009

McAfee: some strange behaviors (System Guards disabled, subscription verification expected); Conficker wakes up thru P2P

Well, McAfee is behaving a bit more strangely these days. Occasionally, on cold boot, the Dell Inspiron laptop (XP Professional). McAfee warns that “part of your protection is not working”, specifically, “System Guards”. That is the facility that sends an orange pop box when a new program tries to access and update the registry keys. It always is fixable from the link given. The warning does not mean that the active virus protection is not running. This event is more likely to happen if I haven’t booted up the laptop in two days or more.

Here is a report on tek-tips about the problem.

There have been some comments that this could happen because part of an older version of the Security Center still running.

Then on the 8300 desktop (XP Home), McAfee keeps requiring subscription verification after each DAT file update.

One other misbehavior: on the XP Pro laptop, the scheduled virus scan closes the report panel and goes back to the request panel, without giving me the chance to see the report. I would have to go in to Restore and Files to find out what might have been quarantined in the past run. And sometimes McAfee "slips back" into Basic mode, where the virus scan starts automatically from the Scan menu, instead of allowing the user to set it up first (as it does in Advanced).

I don't think this has anything to do with Conficker, but I wonder if other McAfee users have experienced these "symptoms" recently.

Update on Conficker:

CNN reports a story from CNET by Elinor Mills, "Conficker wakes up, updates via P2P, drops payload", here. The replication is said to stop May 3.

It seems odd, to me anyway, that a worm originally set up to target corporate or organizational servers with many users would spread primarily by P2P, when most employers would not permit P2P to be used at work (outside of specialized companies like entertainment).

No comments: