Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant)

From: <secure () symantec com>
Date: 19 Oct 2004 23:38:01 -0000
In-Reply-To: <20041018172444.19798.qmail () www securityfocus com>

Update: October 19, 2004

Recent published advisories and media stories are reporting that this attack can kill the Auto-Protect feature of 
Norton AntiVirus. This is incorrect. 

Investigations into this issue by Symantec have determined this attack terminates the CCApp.exe executable. This leads 
to the disappearance of the Norton AntiVirus icon in the system tray, and disables notification of Auto-Protect. It 
does not terminate Auto-Protect itself. The user’s system is still protected.

Protection can be verified by using the EICAR test file (see ww.eicar.com/anti_virus_test_file.htm). When this test 
file is saved to the system there is no notification by Auto-Protect. The file is prevented from being written to disk 
by the still functional Auto-Protect. Once CCApp.exe is restarted, Auto-Protect notification resumes and the tray icon 
reappears.

Symantec Vulnerability Response
Previous By Date Next
Previous By Thread Next

Current thread: