Educause Security Discussion
mailing list archives
Re: Symantec Corporate Antivirus, Vista, and EFS
From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 2 Mar 2007 08:42:19 -0500
Allison Henry wrote:
I have confirmed this issue, and opened a case with Symantec Platinum
Support. They are aware of the issue and will keep us updated on when a
fix is available. I requested that they document the issue in their
knowledge base, as obviously it is a serious problem.
Excluding EFS encrypted folders from auto-protect will prevent the
problem from occurring, but I don't see any way to recover the files
since as far as EFS is concerned, they are decrypted.
A gentleman at Va. Tech discovered that uninstalling
Symantec would allow the files to be recovered. We
confirmed that here.
We also opened a case with Symantec.
System and Network Security
University of California, Berkeley
Gary Flynn wrote:
Bowden, Zeb wrote:
I confirmed this on a Vista Ultimate machine. Most of my files aren't
actually inaccessible (i.e. I do
n't get access denied), they just look
That is what we see here too. I should have been more specific
about the definition of "inaccessible" given the behavior when
someone tries to access someone else's encrypted file.
The problem we experience is that the data inside the file
is inaccessible because it appears as random data as though
it is not being decrypted.
We were testing on Vista Enterprise.
Thanks for the confirmation.
I was testing one of the new EFS group policy feature to
force users' Documents folders to be encrypted so perhaps that makes a
difference as to what gets displayed to the user. Either way, it's still
not working and I haven't been successful in recovering any files
Files encrypted prior to having auto-protect turned on appear to work as
On non-OS partitions I'm not seeing consistent behavior. It works
properly some of the time (maybe 80%), but not always.
I'm using Symantec Corporate Edition 10.2.0.276 as well.
zbowden () vt edu
From: Gary Flynn [mailto:flynngn () JMU EDU] Sent: Wednesday, February
28, 2007 5:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Symantec Corporate Antivirus, Vista, and EFS
This is a heads up notification and a check to see if
someone can confirm something we've been able to
reproduce on two Vista computers here:
Files on a Vista computer that are encrypted using EFS
while Symantec anti-virus auto-protect feature is enabled
become inaccessible after the computer is rebooted. They
are inaccessible to all added user accounts and the
If autoprotect is turned off, the files encrypted while
it was turned on remain inaccessible. Newly encrypted
files behave as expected.
We have not found a way to recover the files encrypted
while Symantec was running.
Symantec Corporate Edition 10.2.0.276
James Madison University
- Symantec Corporate Antivirus, Vista, and EFS Gary Flynn (Feb 28)
- <Possible follow-ups>
- Re: Symantec Corporate Antivirus, Vista, and EFS Bowden, Zeb (Mar 01)
- Re: Symantec Corporate Antivirus, Vista, and EFS Gary Flynn (Mar 01)
- Re: Symantec Corporate Antivirus, Vista, and EFS Allison Henry (Mar 02)
- Re: Symantec Corporate Antivirus, Vista, and EFS Gary Flynn (Mar 02)
- Re: Symantec Corporate Antivirus, Vista, and EFS McKay, Steven R (Mar 12)
- Re: Symantec Corporate Antivirus, Vista, and EFS McKay, Steven R (Mar 13)
- Re: Symantec Corporate Antivirus, Vista, and EFS George Bailey (Mar 13)