<<< Date Index >>>     <<< Thread Index >>>

Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off



Hi,
I am not sure if I understand your point.

I thought that the Symantec antivirus (and the norton/symantec corporate 
edition antivirus) products had (at least) two parts. One part is the scanner 
that runs as a service with system privileges and is meant to perform the 
(realtime)scans. The other part is the user-part. This part starts at login and 
runs with the privileges of the logged-on user.

When a scan is scheduled using the user-part, the user-part checks if it is 
time to perform a scan. When it is time, the client kicks the scanner (running 
as service with system privileges) and the scanner is performing the scan. IRC 
the scanner-service drops privileges to the logged-on-user and then scans the 
system. Therefore, it is not possible that the host is scanned without a 
logged-on-user.

So, what is your point exactly. Why is this a vulnerability? What are your 
expectations of the virus-scanner that make it vulnerable or what kind of virus 
are you trying to find with your not-logged-in scan?

Bone Machine

---
"You can't see it unless your flying by" - The Pixies