If you had a larger network affected by the McAfee signature: We are interested to hear about your lessons learned. How long to fix it? What worked/didn't?

Comments

We weren't affected, but we could have been. We stage our DATs against a small pilot group upon release, and then push to our broader groups in tiers. That way everyone isn't hit at once when there's a bad DAT. This is hardly the first time this has happened. I'm sure it won't be the last.
I'm interested in how large enterprises manage the staging of DAT releases when they frequently come out daily or even multiple times per day? Is it automated to the extent that machines in the tesat group get the DAT immediately and then the rest get it XX minutes/hours later? Or is the staging process completely manual?
Apparently this is not the only recent McAfee snafu: http://www.courthousenews.com/2010/04/08/McAfee.pdf

Diary Archives