Symantec antivirus makes encrypted files inaccessible on Vista

, posted: 2-Mar-2007 12:16

Symantec LogoThis just in from a friend in the educational sector:

Subject: [SECURITY] Symantec Corporate Antivirus, Vista, and EFS
Date: Wed, 28 Feb 2007 17:14:16 -0500
From: Gary Flynn
Reply-To: The EDUCAUSE Security Discussion Group Listserv

This is a heads up notification and a check to see if someone can confirm something we've been able to reproduce on two Vista computers here: Files on a Vista computer that are encrypted using EFS while Symantec anti-virus auto-protect feature is enabled become inaccessible after the computer is rebooted.

They are inaccessible to all added user accounts and the recovery account. If autoprotect is turned off, the files encrypted while it was turned on remain inaccessible.

Newly encrypted files behave as expected. We have not found a way to recover the files encrypted while Symantec was running.

Symantec Corporate Edition

Microsoft is plugging the Encrypted File System (EFS) feature on Vista for mobile users as an important security enhancement. It's potentially a good thing too, in case your notebook gets stolen, but it's something of a nightmare scenario if popular antivirus programs like Symantec don't play nicely with it.

I don't know if there's any way to recover files from an EFS encryption. Elcomsoft has the Advanced EFS Data Recovery package that I've heard some people having had success with but does it work with Vista?

