CA Antivirus Software IDs Windows Component as Malware

By Michael Santo
Executive Editor, RealTechNews

It’s not uncommon to see false positives in AV and anti-spyware software … for example, McAfee IDing Excel as a virus, Microsoft Anti-Spyware IDing Norton Antivirus. ‘Course, that doesn’t give companies an excuse. And IDing part of Windows as malware … now that’s even more inexcusable than IDing Excel.

The problem was that eTrust Antivirus was mistakenly flagging the Windows Lsass.exe process, said Bob Gordon, a CA spokesman. “CA quickly discovered and fixed an issue which temporarily caused some customers to detect a problem in their Lsass.exe files,” he said in an e-mail. Source: InfoWorld

We Say: I’m sure the “quick discovery” happened as soon as Tech Support calls starting flooding their call center. Systems crashed and were unable to boot if people didn’t recognize that eTrust was trying to quarantine part of the OS (I would have recognized the filename, but my wife sure wouldn’t have!). I wonder what their Tech Support department is doing for those people who are in that situation? New AV signatures aren’t going to fix those issues.

Really, why wasn’t this caught in QA? Makes me glad I follow my own advice about using a lesser known, but well-rated AV product. (In a sidenote, I liked it a lot better when CA was Computer Associates … less likely to mix up their gaffes with California’s gaffes)