CA Names Windows Component As Virus, Then Recants

Computer Associates confirmed that its eTrust Antivirus software incorrectly tagged a part of Windows Server 2003 as malware for several hours Friday.

According to a technical note on its support site, CA said that eTrust Antivirus 7.0, 7.1, and 8.0 were updated with a skewed definition file last week that wrongly sniffed out Windows' LSASS service as the "Lassrv.b" virus.

By quarantining the service's "lsass.exe" executable, the virus update caused servers to crash, and in some cases made them unusable.

CA posted instructions on its support site for users whose Windows Server 2003 systems would not reboot, not even in Safe mode. It also issued a corrected definition file, dubbed "30.3.3056," to replace and fix the error.

Although commonplace, anti-virus false positives usually don't impact widely-used software, but rather little-known applications or games. In some cases, however, poor quality definition updates have caused major problems. In March, for example, a McAfee update erroneously flagged hundreds of legitimate files as malware and broke popular programs such as Microsoft Excel.