Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off

Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off

From: BoneMachine <bonemach_at_sdf.lonestar.org>
Date: Tue, 22 Mar 2005 12:36:48 GMT

Hi,
I am not sure if I understand your point.

I thought that the Symantec antivirus (and the norton/symantec corporate edition antivirus) products had (at least) two parts. One part is the scanner that runs as a service with system privileges and is meant to perform the (realtime)scans. The other part is the user-part. This part starts at login and runs with the privileges of the logged-on user.

When a scan is scheduled using the user-part, the user-part checks if it is time to perform a scan. When it is time, the client kicks the scanner (running as service with system privileges) and the scanner is performing the scan. IRC the scanner-service drops privileges to the logged-on-user and then scans the system. Therefore, it is not possible that the host is scanned without a logged-on-user.

So, what is your point exactly. Why is this a vulnerability? What are your expectations of the virus-scanner that make it vulnerable or what kind of virus are you trying to find with your not-logged-in scan?

Bone Machine 

---
"You can't see it unless your flying by" - The Pixies
Received on Mar 22 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos