RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off

To: <eitancaspi@xxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off
From: "Scrimsher, John P" <john.scrimsher@xxxxxx>
Date: Wed, 23 Mar 2005 12:56:38 -0800
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcUvNqDlExWCqOsIRGyg3Gj5q0yGvAAskQxA
Thread-topic: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off

Eitan

What you have described is an ongoing issue at least since Version 7 of the
Symantec Corporate Edition antivirus product.  I have personally talked with
Symantec about it as well.  However it does not pose the security risk that
you appear to believe it does.  In my personal opinion, it poses an
administrative headache at most. 

Symantec provides a way for you to schedule scans that will run regardless
of the logged on state. They are called Administrative Scans and are
configured from the Symantec System Center Console.  You can also use the
GRC Creator tools found on the SAV CE CDs.  The scans created as
"Administrative Scans" will be stored in the HKEY_LOCAL_MACHINE registry
hive and will run as long as the computer is turned on.

Scans created by users will be stored in the HKEY_CURRENT_USER registry hive
since they are user specific settings, following Microsoft's model for
registry stored settings.  This means that user created settings such as
scheduled scans will be unloaded when the user logs off of the system.

If you have a system that typically has no user logged in such as a web
server, or file server, then you should create the scans from the SSC, then
they will act as you wish.

I believe that the documentation doesn't mention this because the
documentation is designed for central administration.  An administrator
trying to manage 1000 clients or more doesn't want to touch each individual
system to schedule the scan.  They want to use the Management tools provided
such as SSC to schedule them, and this will work for what you describe.

That said.  I have talked with Symantec about this issue repeatedly since
version 7.  I am sure that it is on their development path, but may not rank
as high as other features that their many customers are asking for.

Do I want them to create a scan that is user editable and runs regardless of
logged in user? YES.  It would save me some trouble from users complaining
that the company set scan is set for the wrong time.  It is possible to
create your own tool that modifies the scan schedule that you could allow
users to run, but that is something that would not be supported by Symantec.


John Scrimsher


This message is based on my opinions only and does not in any way attempt to
reflect on the opinions or stance of my employer or any other business or
individual.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Prev by Date: Re: [ISN] How To Save The Internet
Next by Date: RE: Details of Sybase ASE bugs withheld
Previous by thread: Re: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off
Next by thread: RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off
Index(es):
- Date
- Thread