Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
7 Apr 2016 Closed Low 3.1 SYM16-004
The Inventory Solution component of Symantec’s IT Management Agent, the client portion of Symantec IT Management Suite (ITMS) powered by Altiris, can be configured to deny one or more applications from running on a windows managed client as part of IT management functions. A determined user can force an unauthorized application to load and potentially run despite the application being blacklisted in policy settings. This could potentially result in an authorized user running an unauthorized application on a managed client in the network environment.
Prior to 7.6 HF7
Update to ITMS 7.6 HF7 Point Fix, see Update Section below, or upgrade to ITMS 8.x
Symantec is aware of the capability to bypass the application denial functionality. This functionality is only available in managed windows clients and is established and configured as a component of the ITMS Inventory Solution. The application denial functionality, a part of the applications metering feature in the Inventory Solution, is not intended to be, nor promoted as, a security feature. The application denial functionality is a management tool intended to enable IT administrators to deny the running of specified applications, such as peer-to-peer file sharing applications. However application denial does provide a level of restrictive protection against unauthorized applications running on a managed client.
An authorized but determined user can run an application that is not allowed on the corporate network by established IT policies. By creating and running a script that continuously executes the unauthorized application, the user could potentially overload and bypass the established denial policies. This would enable their unauthorized application to run on their managed windows client which could potentially compromise IT network policies. Successful applications denial policy bypass depends very heavily on the capabilities of the managed system which could actually result in limited capabilities of the unauthorized application or even a self-denial of service by overloading the managed client’s CPU.
Depending on how IT has configured Inventory Solutionsan alert can be e-mailed to an IT administrator when an attempt is made to run such an un-authorized application on a managed windows system. In addition, end users can be informed that the application they are trying to run has been blocked by the IT administrator.
Symantec Response While the application denial functionality was not intended as a security feature, Symantec product engineers have already addressed the managed windows agent bypass potential in ITMS 8.0 and have created a point fix for ITMS 7.6 HF7 for those customers who are concerned about any potential exposure to unauthorized applications running on their windows managed clients. Symantec is not aware of adverse customer impact from this issue.
Customers may acquire the point fix for ITMS 7.6 HF7 though technical support channels, see Knowledge Bulletin TECH234599 for details.
Symantec would like to thank Matthew Postinger, www.Postinger.com, for submitting his concerns regarding this issuein versions prior to ITMS 8.0 and working with Symantec as it was addressed.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.