lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <OFF477B9CD.96AC5FC0-ONC1256ED1.00334DA6-C1256ED1.00340A3A@marcegaglia.com>
Date: Wed, 14 Jul 2004 11:28:24 +0200
From: Marco Monicelli <marco.monicelli@...cegaglia.com>
To: bugtraq@...urityfocus.com
Subject: Trend Micro Officescan for Win2k strange behaviour






Hello List!

I've noticed the following "weird" behaviour of the Trend Micro Officescan
client vers. 5.58 update to pattern 1.936.00 Engine 7.100 for WinXP/2k/NT:

The AV client is protected for unloading the Realtime Scan agent prompting
for a password (which I don't know of course). Moreover I have NOT admin
rights which allows me to perform a full system scan but not to unload the
client and/or the realtime protection.
Playing with the "net" command on a DOS prompt, I found out that the AV
launches itself and the realtime prot as services automatically. Then I
tried to stop the services with the simple command

net stop "OfficeScanNT Listener"
net stop "OfficeScanNT RealTime Scan"

Guess what? The two services have been successfully stopped from my system.

What do you guys think of this? Should I advise the AV Company of this or
this is normal behaviour?

Tnx for feedback.

Ciao

Marco Monicelli
MARCEGAGLIA SPA
Automotive Sales Department
Stainless Steel Division
Tel. +39 0376 685369
Fax. +39 0376 685625
email: marco.monicelli@...cegaglia.com



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ