![]() The same as other antivirus programs, Symantec Endpoint Protection uses a mini-filter filesystem driver to protect its folders from intrusion, preventing even users with admin privileges from altering them. Specifically, the software looks for the file at C:WindowsSysWOW64wbemDSPARSE.dll, but the DLL is actually located in the SysWow64 folder directly. The issue, the researchers say, is that Symantec Endpoint Protection, a signed process running as NT AUTHORITYSYSTEM - meaning that it has the highest privileges on a machine - is attempting to load a DLL that doesn’t reside at the expected path. ![]() Over the past several weeks, SafeBreach has disclosed similar issues in security products from Avast, AVG, Avira, McAfee, Forcepoint, Trend Micro, Bitdefender and Check Point. The software is impacted by a vulnerability that could allow an attacker that has administrative privileges to bypass self-defense mechanisms and load an unsigned DLL file, SafeBreach security researchers explain in a new blog post. Symantec Endpoint Protection is the latest antivirus product found to unsafely load DLLs into a process that runs with SYSTEM privileges.
0 Comments
Leave a Reply. |