OneCare causing Outlook havoc

Posted by   Virus Bulletin on   Mar 12, 2007

Old mailbox deletion bug resurfaces, upsets users

Microsoft's Windows Live OneCare has been the cause of considerable frustration to its users recently, with an issue with the settings for mailbox scanning - removed from earlier versions - reappearing in the current release and leading to quarantining or even deletion of Outlook mailboxes.

OneCare does not scan incoming mail, but when scheduled or on-demand scans find malware in an email attachment stored in the Outlook .pst database, the entire file is placed into quarantine, rendering stored mail and contact information inaccessible. For some users, particularly those using OneCare on their small business machines, the result has been a devastating loss of valuable data. Many who set the product to delete automatically rather than quarantining, or who didn't notice the issue before the quarantine period expired, have found it impossible to recover their email history.

The issue was originally spotted in version 1.0 of the product, and subsequently fixed. With the release of previews of 1.5 in January, however, several users suffered its effects once more. Postings to a OneCare support forum have grown in number and vehemence ever since, with many more hit by the same problem last week.

Forum moderators have advised users to exclude their mailboxes from scanning, and to ensure they keep regular backups out of the reach of the scanner. A full fix for the issue is expected with the next engine update, due tomorrow (Tuesday 13 March). A lengthy debate on the bug, and Microsoft's response to it, can be found here.

Posted on 12 March 2007 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.