Symantec antivirus makes encrypted files inaccessible on Vista

, posted: 2-Mar-2007 12:16

Symantec LogoThis just in from a friend in the educational sector:

Subject: [SECURITY] Symantec Corporate Antivirus, Vista, and EFS
Date: Wed, 28 Feb 2007 17:14:16 -0500
From: Gary Flynn
Reply-To: The EDUCAUSE Security Discussion Group Listserv

This is a heads up notification and a check to see if someone can confirm something we've been able to reproduce on two Vista computers here: Files on a Vista computer that are encrypted using EFS while Symantec anti-virus auto-protect feature is enabled become inaccessible after the computer is rebooted.

They are inaccessible to all added user accounts and the recovery account. If autoprotect is turned off, the files encrypted while it was turned on remain inaccessible.

Newly encrypted files behave as expected. We have not found a way to recover the files encrypted while Symantec was running.

Symantec Corporate Edition

Microsoft is plugging the Encrypted File System (EFS) feature on Vista for mobile users as an important security enhancement. It's potentially a good thing too, in case your notebook gets stolen, but it's something of a nightmare scenario if popular antivirus programs like Symantec don't play nicely with it.

I don't know if there's any way to recover files from an EFS encryption. Elcomsoft has the Advanced EFS Data Recovery package that I've heard some people having had success with but does it work with Vista?

Other related posts:
Do you still use PPTP for your VPN? Don't.
Conficker wreaks havoc
A very non-obvious Firefox security hole plugged

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.