cc image credit: Jeremy Botter, flickr
The other day we were issued new "secure" USB flash drives at work.
These are 8-GB'er's and far outstrip the two 512 MB Sony sticks I had been wearing like dog-tags. It is also double my own Seagate "hockey-puck" 4-GB'er that I carry in reserve.
Needless to say, when the boss passed these out, we all scampered back to our cubicles like rats with cheese and went to work copying our data over to them.
I've been using DSynchronize (freeware) for some time now to keep my primary pile of utilities on my work machine sync'ed with my USB stick. This allows me to focus on updating the files on my work-machine current, then I can do a one-way sync to my USB stick to refresh it.
So there I am, syncing the files and suddenly my enterprise-class Symantec AV program goes ape-in-heat and starts tossing up virus/trojan/malware file quarantine warnings all over the place.
Malware? There ain't no malware on my machines!
When the carnage subsided and the rest of my files were sync'ed I went back to look at what had occurred.
Ouch! Smacked by Symantec...
I came to find out that Symantec has decided to classify some wonderful, legitimate utilities as "hack-tools" or "potentially unwanted products (PUPS)" or just plain "malware".
Because of the way we have our Symantec deployments compartmentalized in our enterprise environment, we don't have much say in the Symantec policy settings. We are responsible to install the Symantec client on workstations, make sure the DAT files are getting applied across our workstations, and then go clean the buggers when they get infected anyway.
My network analyst and I tried to fiddle with the settings in Symantec Console to allow some of these but it appears it would need to be set globally, which we both don't want to do. I just want to have my network/anti-malware utilities and be able to use them un-accosted by Symantec. In our previous version of Symantec, I could turn off and change the settings on my AV client so it could "ignore" some programs, this latest version doesn't allow me that privilege.
So here are links to the applications that I now cannot keep on my USB or hard-drive at work, lest Symantec goes ape and my workstation is flagged again on the Console for being "infected" with these terrible programs.
SuperScan4 - Foundstone, Inc. (freeware) A great network IP/port scanning utility. (It has been crippled somewhat now since raw-sockets support got pulled from XP in SP2, but works fine in Windows 2000.)
HotBar Uninstall Program - HbUnist.exe - I like using this tool from HotBar to uninstall their own program when I find in on our machines at work. It is pretty effective.
I'm sure these aren't the only ones Symantec has black-listed. For now, both of these freeware utilities Advanced IP Scanner and Advanced Port Scanner are getting a "pass" from Symantec so I can do network IP/port scans for troubleshooting and network connection reviews.
A Problem worth a Petition?
The development team for Angry IP Scanner is so fed-up they have created an on-line petition to fuss at Symantec and McAfee for their classification against it:
I understand and concede the direction Symantec and others are coming from when they make this call, most enterprise groups DON'T want folks running IP/port scans or having anything associated with HotBar in their networks. However, when the door gets shut on utilities that the very staff who help service and protect those networks use, well...that's not cricket.
I'm going to continue working with my analyst buddy and see what we can work out in the configuration department. I remain hopeful of a workaround...which is kinda scary. IT staff having to work-around an IT security solution to keep things safe.