Download Symdiag To Detect Symantec Product Issues

The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag is provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers. If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission.

The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers.

Download 🔥 https://tiurll.com/2y3itc 🔥

Details:

\r\nSymantec was notified by the NMRC of file sharing parameters issues in the way our desktop firewall applications open log files. This could possibly permit an unauthorized user on the system to potentially modify or delete the firewall logs in certain Symantec personal and Internet Security firewall products. The firewall log files are opened with FILE_SHARE_READ and FILE_SHARE_WRITE share access parameters. The issue here is that another application using the appropriate Win32 API call could potentially be used to re-open the firewall log files and overwrite the firewall log entries, even though the firewall application is running. Although the application's dialog tabs will still show the proper alert entries while the application is running, once the firewall service is stopped and restarted, the log entries reflect what was overwritten.

\r\nAdditionally, the default install permissions allow everyone full control. This default permission could potentially allow a non-privileged user who, while not having permission on the Service Control Manager database to stop services, could still potentially open the log files, using calls to the file sharing parameters, and make appropriate modifications to the log files to remove alerts or any indications of attempted attacks against the targeted system. Once the firewall service is stopped and restarted, the log files would reflect the modified entries.

Symantec Response

\r\nSymantec has evaluated both issues. Although a Microsoft Windows 2000 computer can be detected through the SYN/FIN scan, Symantec Norton Personal Firewall 2002 continues to protect the computer from an actual intrusion by blocking connections to the computer.

\r\n

\r\nBecause Symantec takes the security of its customers very seriously, an update to Symantec Norton Personal Firewall 2002 and Symantec Norton Internet Security 2002 has been made available via Symantec's LiveUpdate to address this concern. Users of Symantec Norton Personal Firewalls running the latest updates are fully protected.

\r\n

\r\nTo protect users from Jolt2 DoS attacks against Microsoft Windows 2000 computers, Symantec recommends that Microsoft Windows 2000 Service Pack 1 (SP1) or later be installed. Microsoft Windows 2000 with SP1 or later is not susceptible to this problem. The latest updates for Microsoft products can be obtained from the Microsoft Windows Update site.

\r\n

\r\nSymantec further recommends using a multi-layered approach to security. Users, at a minimum, should run both personal firewall and antivirus applications to provide multiple points of detection and protection to both inbound and outbound threats.

Symantec Response

\r\nSymantec engineers verified the buffer overflow condition exists in Symantec's Norton Internet Security 2001, Symantec's Norton Personal Firewall 2001 as well as Symantec's Desktop Firewall 2.0 and 2.01. They have further determined that the GPF does not occur in the latest release of Symantec's Norton Personal Firewall 2002, Norton Internet Security 2002, Norton Internet Security 2002 Professional Edition nor the Symantec Client Security, Symantec's integrated antivirus, intrusion detection and firewall replacement for Symantec Desktop Firewall.

\r\n

\r\nHowever, Symantec takes any product issue such as this very seriously. We are developing a patch for Symantec Norton Internet Security 2001, and Personal Firewall 2001 to address this issue. The patch will be available via LiveUpdate when completed. We are further enhancing the capabilities of future Symantec products to provide additional protection against these types of issues.

\r\n

\r\nThere are some circumstances that greatly mitigate the risk associated with this issue. The buffer overflow condition identified by @stake occurs only in outgoing http requests through the Symantec Norton Internet Security, Personal Firewall and Symantec Desktop Firewall product's http filter.

\r\n

\r\nAny attempt to launch an attack of this nature requires the attacker to either have or be able to gain local access to the targeted system in order to initiate the http request or cause the system user, through a malicious email attachment or by directing the user to a malicious web site, to download and execute malicious code on their system.

\r\n

\r\nSymantec recommends using a multi-layered approach to security. Users, at a minimum, should run both personal firewall and antivirus applications with current updates to provide multiple points of detection and protection to both inbound and outbound threats.

\r\n

\r\nUsers should keep vendor-supplied patches for all application software and operating systems up-to-date.

\r\n

\r\nUsers should further be wary of mysterious attachments and executables delivered via email.

\r\n

\r\nDo not open attachments or executables from unknown sources. Always err on the side of caution.

\r\n

\r\nEven if the sender is known, be wary of attachments if the sender does not explain the attachment content in the body of the email. You do not know the source of the attachment.

\r\n

\r\nIf in doubt, contact the sender before opening the attachment. If still in doubt, delete the attachment without opening it.

Symantec takes the security and proper functionality of our products very seriously. Symantec appreciates the coordination of Ollie Whitehouse and @stake, Inc. in identifying and providing technical details of areas of concern as well as working closely with Symantec so we could properly address the issue. Anyone with information on security issues with Symantec products should contact symsecurity@symantec.com.

Symantec Response

\r\nSymantec engineers have evaluated and verified that this issue exists for Symantec's Norton Personal Firewall 2003, Symantec's Norton Internet Security 2003 as well as Symantec's Norton Internet Security 2003 Professional Edition. Sending this excessively large echo request results in the overflow of an internal buffer and causes a crash of the system. This issue does not occur on systems running Windows 9x, Windows ME or Windows NT.

\r\n

\r\nSymantec takes any product issue such as this very seriously. We have developed an update for Symantec Norton Personal Firewall 2003, Symantec Norton Internet Security 2003 and Symantec Norton Internet Security 2003 Professional Edition to address this issue. The update is now available via LiveUpdate.

\r\n

\r\nThere are some circumstances that greatly mitigate the risk associated with this issue. In this instance, the system is attempting to send an excessively large echo request. Any attempt to do this requires either local access to the targeted system to initiate the request or malicious code that initiates the request is downloaded and executed on the target system.

\r\n

\r\nAs a best practice, Symantec recommends keeping all operating systems and applications updated with the latest vendor patches. Keeping mission-critical systems updated with all security patches applied reduces risk exposure. Symantec further recommends using a multi-layered approach to security. Users, at a minimum, should run both personal firewall and antivirus applications to provide multiple points of detection and protection to both inbound and outbound threats.

\r\n

\r\nUsers should further be wary of mysterious attachments and executables delivered via email. Do not open attachments or executables from unknown sources. Always err on the side of caution. Even if the sender is known, be wary of attachments if the sender does not explain the attachment content in the body of the email. You do not know the source of the attachment. If in doubt, contact the sender before opening the attachment. If still in doubt, delete the attachment without opening it

Symantec Response

\r\nSymantec engineers have evaluated and verified that this issue exists for Symantec's Norton AntiVirus 2002. Newer versions such as of Norton AntiVirus 2003 are not affected by this issue.

\r\n

\r\nSymantec takes any product issue such as this very seriously. We have developed an update for Symantec Norton AntiVirus 2002 to address this issue. The update is now available via LiveUpdate. Localized versions of the patch are being worked on.