My Little Corner on the Web
Symantec Sucks
Had a server running Symantec Antivirus Corporate Edition (which from now on I will reference as SAV) that got infected. Or so I thought… after closer inspection it turns out that the warning was a false alert. Now that should be no surprise to anyone. Antivirus software all have false positives every once in awhile. However, what makes this one special is the fact that SAV detected ITSELF as a virus. This isn’t the first time I’ve seen this either, happened a few times before on different machines. It can’t remove itself… or could it? So I decided to help it out a little and see if it could really do it. The executable that it detected to be a virus is rtvscan.exe which is the realtime scanning component in SAV.
SAV detecting itself as a virus...
I disabled the realtime scanner by removing the startup keys in the registry and disabled the related service. Then I restarted the machine and proceeded to do a manual scan of the machine. After reaching the executable in question is popped up a warning and actually succeeded in quarantining the file. That kind of surprised me to say the least. It wasn’t very hard to defeat SAV… any virus/trojan/worm/mole/slug can easily have done what I did. After the manual scan completed. I decided to see if it would actually go through with deleting the file. Opened the quarantine and selected delete for the file. The piece of shit actually deleted it. So anyway, I had to re-install the damn thing. Stupid Symantec…
| This entry was posted by admin on July 14, 2009 at 9:18 pm, and is filed under Uncategorized. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
about 1 year ago
And that’s why I don’t pay for a AV. AVG does the job just fine and Comodo Pro covers my firewall needs. And they’re both completely free.
about 1 year ago
Yeah, Symantic is complete crap, everything they touch breaks. I had a hell of a time upgrading from backup exec 12.0 to 12.5 I wound up just going back to 12.0 because it kept crashing.
about 1 year ago
Unfortunately, they’re not for business use. And it wasn’t our decision (current IT staff) to use SAV. Our previous, previous Director of IT chose it and it’s just easier for us to pay the subscription than to switch over to another system. We’re working on moving to a different solution though.
I had a friend who ran into the exact same problem.
about 1 year ago
HAH! well it has come full circle, from being difficult to uninstall, to removing itself!
about 1 year ago
Haha unfortunately yes….
about 1 year ago
I used to have Symantec with permission to install in 2 computers, my brother partition his hardrive and installed Linux in one of the partitions; inmediately Symantec went nuts would not let him do anything and flashing you can use it on two computers only.
My brother deleted Symantec and looked in the net until he found “AVAST For Home Users” it is free! three years since we, my brother and I have been using Avast and trouble free.
Avast corporative or professional is not free but I have heard it is even better if possible than Home User.
about 1 year ago
I’ve heard good things about Avast Corporate Edition. Our company is currently looking at other options though. Thanks for commenting!
about 6 months ago
I feel Zonealarm is the best All in one solution out there for antivirius and firewall
about 6 months ago
No way, I bought Zonealarm, couldn’t get it to install on my 64 bit windows7 and when I installed it on the 32 bit windows 7 (after multiple failures) it slowed down the laptop to snail pace. Uninstalled the POS.
about 6 months ago
Symantec is the AOL/IE of anti-virus software. It’s aimed at those that don’t know any better. Those that do, don’t use it.
about 6 months ago
You do all realize that if you simply switched to Mac or Linux you wouldn’t have to bother with Anti-virus Software at all (except if you wanted to simply not pass viruses to windows users when forwarding email).
Ubuntu has really come of age lately. Plays all my Windows games, with the help of “playonlinux” and never ever gets any viruses or spyware ever.
about 6 months ago
Easier to do on an individual basis. Not so when the entire company is built on top of Microsoft technologies.
about 6 months ago
Acutally if you look at the detection its saying it was Virut infection (which is a file infector). So thats not a false positives, whats it saying is that a file infector has infected the rtvscan.exe…..
about 6 months ago
That is true but the point is that it is so easy to bypass Symantec’s protection.
about 4 months ago
LOL, classic.
Almost as bad as the recent McAfee fiasco. It detected svchost.exe as malware. Which in itself isnt all that surprising…pretty typical place to hide malware. The thing is it corrupted it, disabled all pertinant services and pretty much rendered the pc a brick. In order to fix, we had to physically touch each machine! Bullshit…
Intel got hit bad by this. Luckily our ePO admins were on the ball and squashed the bad DAT before it got out of hand!
about 4 months ago
Well its different when you work in a corporate environment that runs thousands of XP boxes across a WAN. The big guys are not ready for a switch to linux yet. They are too embedded with Microsoft and their associated technologies. As much as I would love to see it happen, it wont.
Besides…Active Directory and Server 08 is pretty damn nice.
about 4 months ago
Yeah, I read about the McAfee update. Quite a bit of a mess they made. It was on their corporate update servers too!