Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: CA eTrust Antivirus [was] flagging lsass.e x e - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CA eTrust Antivirus [was] flagging lsass.e x e
Reader Alan writes in to tell us that apparently "an overnight signature update to the VET engine (30.3.3054) on CA eTrust Antivirus has begun to flag the LSASS.E X E service of Windows 2003 server as being infected with Win32/Lassrv.B."

"Some Win2k3 servers have been failing and unable to re-boot, since the service (exe) was removed by the virus software.

CA has released an update to VET (30.3.3056) that seems to have corrected the problem, but in some cases the damage has already been done."

It seems that CA accidentally flagged Lsass.e x e as a bad file.  Reminiscent of the McAfee .xls debacle of not too long ago.


454 Posts
Sep 1st 2006

Sign Up for Free or Log In to start participating in the conversation!