Educause Security Discussion mailing list archives
Re: Symantec Corporate Antivirus, Vista, and EFS
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 1 Mar 2007 09:35:53 -0500
Bowden, Zeb wrote:
I confirmed this on a Vista Ultimate machine. Most of my files aren't actually inaccessible (i.e. I don't get access denied), they just look like gibberish.
That is what we see here too. I should have been more specific about the definition of "inaccessible" given the behavior when someone tries to access someone else's encrypted file. The problem we experience is that the data inside the file is inaccessible because it appears as random data as though it is not being decrypted. We were testing on Vista Enterprise. Thanks for the confirmation. I was testing one of the new EFS group policy feature to
force users' Documents folders to be encrypted so perhaps that makes a difference as to what gets displayed to the user. Either way, it's still not working and I haven't been successful in recovering any files either. Files encrypted prior to having auto-protect turned on appear to work as expected. On non-OS partitions I'm not seeing consistent behavior. It works properly some of the time (maybe 80%), but not always. I'm using Symantec Corporate Edition 10.2.0.276 as well. Zeb Bowden VT.SETI.MIG:Systems Architect http://vtmig.w2k.vt.edu zbowden () vt edu (540) 231-2503 -----Original Message----- From: Gary Flynn [mailto:flynngn () JMU EDU] Sent: Wednesday, February 28, 2007 5:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Symantec Corporate Antivirus, Vista, and EFS This is a heads up notification and a check to see if someone can confirm something we've been able to reproduce on two Vista computers here: Files on a Vista computer that are encrypted using EFS while Symantec anti-virus auto-protect feature is enabled become inaccessible after the computer is rebooted. They are inaccessible to all added user accounts and the recovery account. If autoprotect is turned off, the files encrypted while it was turned on remain inaccessible. Newly encrypted files behave as expected. We have not found a way to recover the files encrypted while Symantec was running. Symantec Corporate Edition 10.2.0.276
-- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Symantec Corporate Antivirus, Vista, and EFS Gary Flynn (Feb 28)
- <Possible follow-ups>
- Re: Symantec Corporate Antivirus, Vista, and EFS Bowden, Zeb (Mar 01)
- Re: Symantec Corporate Antivirus, Vista, and EFS Gary Flynn (Mar 01)
- Re: Symantec Corporate Antivirus, Vista, and EFS Allison Henry (Mar 01)
- Re: Symantec Corporate Antivirus, Vista, and EFS Gary Flynn (Mar 02)
- Re: Symantec Corporate Antivirus, Vista, and EFS McKay, Steven R (Mar 12)
- Re: Symantec Corporate Antivirus, Vista, and EFS McKay, Steven R (Mar 13)
- Re: Symantec Corporate Antivirus, Vista, and EFS George Bailey (Mar 13)