Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant)
In-Reply-To: <20041018172444.19798.qmail@xxxxxxxxxxxxxxxxxxxxx>
Update: October 19, 2004
Recent published advisories and media stories are reporting that this attack
can kill the Auto-Protect feature of Norton AntiVirus. This is incorrect.
Investigations into this issue by Symantec have determined this attack
terminates the CCApp.exe executable. This leads to the disappearance of the
Norton AntiVirus icon in the system tray, and disables notification of
Auto-Protect. It does not terminate Auto-Protect itself. The user?s system is
still protected.
Protection can be verified by using the EICAR test file (see
ww.eicar.com/anti_virus_test_file.htm). When this test file is saved to the
system there is no notification by Auto-Protect. The file is prevented from
being written to disk by the still functional Auto-Protect. Once CCApp.exe is
restarted, Auto-Protect notification resumes and the tray icon reappears.
Symantec Vulnerability Response