Unable to find out symndis.sys
Hi,
I have some Issues related to my Anti-virus software, I was trying an set up of Symantec anti-virus from any spam,spyware and the viruses.
When i ran its update file by mistakenly it successful load the file but when i run proper installation file it gives me an error suggesting that "symndis.sys" file need to have access in C:windows/win32/Drivers/symndis.sys. How should i get rid of this problem,because as soon as ignore this file it automatically starts an Unistallation of Symantec Anti-virus.
Please Help...
Re: Unable to find out symndis.sys
File symndis.sys is located in the folder C:\Windows\System32\drivers. Known file sizes on Windows XP are 33,216 bytes (23% of all occurrence).
The driver can be started or stopped from Services in the Control Panel or by other programs. The program has no visible window. File symndis.sys is a Verisign signed file. symndis.sys is digitally signed. There is no detailed description of this service. File symndis.sys is not a Windows system file. The application can be uninstalled in the Control Panel. symndis.sys seems to be a compressed file. Therefore the technical security rating is 6% dangerous.
hope this gives some idea to you,
Regards
Re: Unable to find out symndis.sys
In particular, - Symantec Client Firewall Products SYMNDIS.SYS Driver Remote Denial Of Service Vulnerability , confirms your suspect that symndis.sys is the kernel mode driver of Symantec Internet Security, i.e. the firewall part.
So, this suggests that you are shot by friendly fire: The Juniper software tries to establish a secure VPN connection and to keep any process from tampering with it. At the same time Symantec tries to protect the same connection as well.
I am not sure if disabling any firewall functionality of the Symantec Antivirus software will be sufficient. I cannot judge if this will prevent Symantec from loading the driver.
Definitely it is worth a try. - You will have and should reboot after deactivating any Firewall functionality of Symantec. (Ghost should not be affected at all.)
You may check if the driver is still loaded by using Sysinternals Process Explorer e.g.
You might also check on the Juniper webpages for articles on compatibility issues related to symndis.sys and the Juniper VPN client.
Hope this will help solve the problem.
Kind regards,
Re: Unable to find out symndis.sys
A vulnerability was reported in Symantec's Norton Personal Firewall in the processing of TCP Options. A remote user can cause denial of service conditions on the target system.
The flaw reportedly resides in SYMNDIS.SYS. A remote user can send a single TCP packet with a TCP option of either SACK (05) or Alternate Checksum Data (0F) followed by a length of 00 to cause the SYMNDIS.SYS driver to enter an infinite processing loop, the report said. The vulnerability can be triggered regardless of whether the application is enabled or not.
Impact: A remote user can cause denial of service conditions on the target system. A physical restart of the system is required to return to normal operations.
Solution: The vendor has reportedly issued a fix, available via Live Update.
