lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 23 Mar 2005 12:56:38 -0800
From: "Scrimsher, John P" <john.scrimsher@...com>
To: <eitancaspi@...oo.com>, <bugtraq@...urityfocus.com>
Subject: RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off

Eitan

What you have described is an ongoing issue at least since Version 7 of the
Symantec Corporate Edition antivirus product.  I have personally talked with
Symantec about it as well.  However it does not pose the security risk that
you appear to believe it does.  In my personal opinion, it poses an
administrative headache at most. 

Symantec provides a way for you to schedule scans that will run regardless
of the logged on state. They are called Administrative Scans and are
configured from the Symantec System Center Console.  You can also use the
GRC Creator tools found on the SAV CE CDs.  The scans created as
"Administrative Scans" will be stored in the HKEY_LOCAL_MACHINE registry
hive and will run as long as the computer is turned on.

Scans created by users will be stored in the HKEY_CURRENT_USER registry hive
since they are user specific settings, following Microsoft's model for
registry stored settings.  This means that user created settings such as
scheduled scans will be unloaded when the user logs off of the system.

If you have a system that typically has no user logged in such as a web
server, or file server, then you should create the scans from the SSC, then
they will act as you wish.

I believe that the documentation doesn't mention this because the
documentation is designed for central administration.  An administrator
trying to manage 1000 clients or more doesn't want to touch each individual
system to schedule the scan.  They want to use the Management tools provided
such as SSC to schedule them, and this will work for what you describe.

That said.  I have talked with Symantec about this issue repeatedly since
version 7.  I am sure that it is on their development path, but may not rank
as high as other features that their many customers are asking for.

Do I want them to create a scan that is user editable and runs regardless of
logged in user? YES.  It would save me some trouble from users complaining
that the company set scan is set for the wrong time.  It is possible to
create your own tool that modifies the scan schedule that you could allow
users to run, but that is something that would not be supported by Symantec.


John Scrimsher


This message is based on my opinions only and does not in any way attempt to
reflect on the opinions or stance of my employer or any other business or
individual.

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (4824 bytes)

Powered by blists - more mailing lists