AW: CA eTrust Antivirus 7.0 - System account lockout

From: Star IT - M. Sproede (m.sproede_at_STAR-IT.DE)
Date: 08/08/03

  • Next message: Marty Godsey: "Re: Notepad popups in Internet Explorer and Outlook" 
    Date:         Fri, 8 Aug 2003 15:05:05 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Computer Associates has released a patch addressing the system account
    lockout problem:
    http://esupport.ca.com/premium/antivirus/downloads/nt/7.0/QO41975.asp

    PRODUCT: eTrust Antivirus EE RELEASE: 7.0

    APAR #: QO41975 DATE: 31 JUL 2003

    PROBLEM DESCRIPTION: NT-LOCAL SYSTEM ACCOUNT IS QUARANTINED
    ----------------------------------------------------
    In some situations, when a virus is detected by the
    Realtime Monitor, the local system account will be
    quarantined. Moreover, processes requiring system
    access will be denied, including authentication.
    Users cannot log on to the server either remotely
    or locally (until the Quarantine expires). Existing
    authenticated users can still access network
    resources provided they do not do anything that
    requires authentication. The log files may show
    something like the following:

    "The [virus name] was detected in
    C:\...NTFS_C362EB1001C332EE00000598.EML<9....
    Machine: SERVER, User: NT AUTHORITY\SYSTEM. File
    Status: Infected User (NT AUTHORITY\SYSTEM)
    quarantined for 90 minutes."

    where [virus name] is the name of the virus.

    ...
    ...
    ...

    PRODUCT(S) AFFECTED: ETRUST ANTIVIRUS 10-99 USERS Release 7.0
    ETRUST ANTIVIRUS 100-249 USERS Release 7.0
    ETRUST ANTIVIRUS 250-749 USERS Release 7.0
    ETRUST ANTIVIRUS 750+ USERS Release 7.0

    DOWNLOAD INFORMATION:
    ---------------------
    NODE: ftp.ca.com
    PATH: /CAproducts/unicenter/eTrust/AntiVirus/7.0/nt/qo41975
    FILES: QO41975.C5D QO41975.CAZ

    UPDATED ROUTINES:
    ---------------
    NOTE: For UNIX Script Files, the actual file size may be less than
    the size shown below.
    InoRT.exe 208896 MON JUL 14 23:30:00 2003

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Marty Godsey: "Re: Notepad popups in Internet Explorer and Outlook"

    Relevant Pages

    • Re: OT Bush says Bird Flu might get military quarantine of effected areas.
      ... I did couch my opinion in terms of a 'quarantine', ... >> Once avian flu xenomorphs into humans it will kill over 60% of people it ... >> infects initially, then the death rate will grow as medical ... > "killer virus". ...
      (sci.space.shuttle)
    • Re: XP Home & hacktool
      ... virus in the restore point. ... > The infector is rendered impotent while in quarantine. ... > FireWall to allow it to download the needed AV vendor related files. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Decade old Zerco virus--can you recommend an anti-virus cleaner?
      ... Quit Word... ... Now you can open each file in the Clam AV Quarantine store, ... you will spread the virus. ... Delete the Normal Template before opening Word or any other documents. ...
      (microsoft.public.mac.office.word)
    • Re: Virus Warning in ShadowCopy
      ... forwarded to Scanmail for virus checking. ... change this to make sure quarantined spam is also checked for viruses. ... > intermittent but the really strange thing was that we've NEVER set Trend ... > to quarantine virus-laden mail - its set to delete immediately. ...
      (microsoft.public.windows.server.sbs)
    Loading