Security Watch

Keeping Track of patches and hacks in the IT security world.

Microsoft OneCare Is Eating Outlook Mail

Microsoft has confirmed that its Windows Live OneCare managed security service is swallowing entire mail stores, sometimes going back years, from Outlook and Outlook Express.

What's happening is that OneCare, in its zeal to quarantine infected Outlook .pst files or Outlook Express .dbx files, is also quarantining clean mail files. It's doing such a good job of quarantining them, many users are complaining that their mail stores seem to have become unrecoverable.

According to user postings to the company's OneCare forum that date back to January, the e-mail stores seem to be lost for good.

"OneCare seems to have deleted my Outlook.pst file," posted a user with the handle of Richard.Potthoff. "Is there a chance to recover it? If not, OneCare will have done more damage than any virus in my 30 years of active computing."

And this from a user with the name of Web Ferret: "I lost very, very important mail and when it happened (about two weeks ago) it totally left me in the blind because it seemed as if my .pst file never existed! I tried 5 different recovery tools, nothing... I searched for *.pst, outlook.* files larger than 1 Gb.... Nothing!!"

A Microsoft spokesperson said that the company is working to address the issue and that the problem will be fixed in the next engine update, which will be pushed to customers on March 13. The spokesperson also said that affected customers have PST files encoded in the Outlook 97/2000 PST format as well as Outlook Express on Windows XP.

Microsoft has these instructions to try to retrieve quarantined mail:

"1. Close Outlook or Outlook Express 2. Click Change OneCare Settings in the main OneCare user interface 3. Click on the Viruses & Spyware Tab 4. And then click on the Quarantine button and then select the .pst or .dbx file and then click on Restore.To ensure that this doesn't happen until the next engine update on Tuesday, they should also do the following:1. Click Change OneCare Setting in the main user interface 2. Click Viruses & Spyware Tab 3. Click on the Exclusions Button4. Click on the Add Folder button 5. Navigate to the specific folder that contains the .dbx or .pst file to be excluded.6. Click OK"

An MVP support person on the OneCare forum noted that this isn't the first time he's seen this type of behavior—the last time being before the original 1.0 release, "though it was a big problem then," posted OneCareBear. "If this has returned it's obviously a bad thing and shouldn't be happening," he said.

Live OneCare hasn't had a good week so far. The security suite was the only one of 17 anti-virus tools to flunk AV-Comparatives' most recent test, managing to catch only 82.4 percent of malware thrown at it.