Tuesday, July 7, 00:29
Home security Error in Antivirus programs allows you to disable them

Error in Antivirus programs allows you to disable them


A simple defect security, which is present in 28 Antivirus programs, can allow malicious agents to exploit a system and disable the virus protection program.

The error is abusive directory junctions in Windows and symlinks in MacOS and Linux.

An intruder will not need administrator privileges to exploit an Antivirus program on a Windows operating system.

Basically, the way an Antivirus works is to get high privileges for scanning all the files and directories of a device, to find unknown and malicious files, so that it can move them to an isolated environment.

Due to its nature, Antivirus paves the way for different ones holdings to malicious agents, who eventually manage to gain high privileges in one system.

The process of exploiting this vulnerability is relatively simple, especially for an experienced one hacker. However, in order to be successful, it must be done at the right time. If the intruder manages to find the exact moment to carry out the attack, then he can gain access to the system.

Windows operation

Security researchers took advantage of the vulnerability in McAfee Endpoint Security for Windows and managed to delete the file EpSecApiLib.dll, as shown in the video below.

Exploitation macOS & Linux

The researchers also tried to take advantage of the vulnerability in the Antivirus program Norton Internet Security for macOS and downloaded it EICAR test-string by Pastebin to bypass real-time protection, which prevents the test-string from being taken from Norton's official website.

While taking the test string from Pastebin, Antivirus immediately spotted the process as malware and tried to stop it.

The researchers were able to take advantage of Antivirus programs on Linux and were able to delete important files.

All affected Antivirus suppliers have been updated and almost all have already fixed this error in their products.

The users it is recommended that they immediately install the latest Antivirus program update they are using.


  1. Very good. Of course, so that we are not completely unjust. If the DLL was in use or at least if it was linked as a reference to the EIA while the AV is running, the researchers could not do anything. In practice, this attack will fail if, for example, someone tries to turn off EXE or stop it. That would be a real attack and vulnerability of the AV and not a consequence of the operation of Windows FS or Mac as in this case.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement


Windows 10 2004: Unauthorized settings "block" the upgrade

Users report that they have a problem with Windows 10, since they are excluded from the application of the May 2020 update, when they manually attempt to ...

Lenovo is improving Linux ThinkPads but the problems remain

Last month, when Lenovo announced that it was going to certify the ThinkPad series for use with Linux operating systems, we thought directly ...

Nigerian accused of fraud against US companies

A Nigerian was taken to the federal court in Chicago on Friday, after being accused of coordinating an international cyber fraud system, which affected ...

Home routers display critical errors and run unpatched Linux

The German Fraunhofer Communication Institute (FKIE) conducted a survey that included 127 home routers from seven different brands, in an effort to ...

IPhone 12 release: Will we finally see it by the end of 2021?

New data on the release of the iPhone 12, which we all expect not to happen in September, say that it will only be delayed ...

MySQL: Replaces terms that reinforce racial discrimination

MySQL database developers have announced that they will be replacing terminology such as master, slave, blacklist, and whitelist.

The CEO of a cryptocurrency investment company was cheating

As reported by News24, Willie Breedt, the founder of VaultAge Solutions (cryptocurrency investment company), declared bankruptcy last week and the ...

United Kingdom: Will it exclude Huawei from its 5G networks?

The UK government has received an NCSC report on Huawei, which may change its policy ...

A Yahoo engineer is not in jail after hacking 6.000 accounts

A former Yahoo engineer has been sentenced to five years in prison for hacking into personal accounts ...

PoC exploits released for critical vulnerability on F5 BIG-IP devices

PoC exploits released for critical vulnerability on F5 BIG-IP devices Two days after the release of updates on critical vulnerability on F5 ...