#AVGater vulnerability does not affect Windows Defender Antivirus

Discussion in 'Microsoft' started by MalwareTips Bot, Nov 14, 2017 at 11:42 AM.

  1. MalwareTips Bot

    MalwareTips Bot MT Robot
    Staff Member Content Creator

    Apr 21, 2016
    780
    2,817
    Updates
    MalwareTips
    On November 10, 2017, a vulnerability called #AVGater was discovered affecting some antivirus products. The vulnerability requires a non-administrator-level account to perform a restore of a quarantined file.

    Windows Defender Antivirus is not affected by this vulnerability.

    This vulnerability can be exploited to restore files that have been detected and quarantined by an antivirus product. To exploit this, malicious applications, including those launched by user-level accounts without administrator privileges, create an NTFS junction from the %System% folder to folder where the quarantined file is located. This NTFS junction can trigger the antivirus product to attempt to restore the file into the %System% folder.

    This is a relatively old attack vector. By design, Windows Defender Antivirus has never been affected by this vulnerability because it does not permit applications launched by user-level accounts to restore files from quarantine. This is part of the built-in protections against this and other known user-account permissions vulnerabilities.

    Read more about Windows Defender Antivirus and the rest of our Windows Defender protection products at the following links:






    Talk to us


    Questions, concerns, or insights on this story? Join discussions at the Microsoft community.

    Follow us on Twitter @MMPC and Facebook Microsoft Malware Protection Center

    Continue reading...
     
    silversurfer and harlan4096 like this.
Loading...