>
> POC:
>
> ::Save the following as a batch file and execute it.
> :here
> taskkill /im smcgui.exe /f
> goto :here
>
> Now since the smcgui.exe is running in the user account, It will not be
> denied access to.
> When the batch file is running, Open the file "c:\Program
POC:
::Save the following as a batch file and execute it.
:here
taskkill /im smcgui.exe /f
goto :here
Now since the smcgui.exe is running in the user account, It will not be
denied access to.
When the batch file is running, Open the file "c:\Program
::Save the following as a batch file and execute it.
:here
taskkill /im smcgui.exe /f
goto :here
Sent: Friday, February 13, 2009 12:25 PM
To: bugtraq@securityfocus.com
Subject: Re: SEPKILL /im SMC.EXE /f
Just as an update couldn't get any further other than t.he fact that
SMCGui.exe is getting killed as its running in the user account and SMC.exe
in the system account.
Thank you.
Regards, Sandeep
> Are you saying this is supposed to affect 11.0.4000.x? If so, what
> sub-sub-minor versions did you test it on?
>
> I just tested this on 11.0.4000.2295 (on a managed client) and all it
> did was crash the smc.exe process started by the command you supplied,
> not smcgui.exe process. I tested as an administrator and an unprivileged
> user and got the same results - smc.exe crashes, but not the smcgui.exe
> process.
>
> It would be interesting if you could provide more information, since if
> this is actually doing what you say it's doing it would be a horrifying
> Sent: Friday, February 13, 2009 12:25 PM
> To: bugtraq@securityfocus.com
> Subject: Re: SEPKILL /im SMC.EXE /f
>
> Just as an update couldn't get any further other than t.he fact that
> SMCGui.exe is getting killed as its running in the user account and
> SMC.exe
> in the system account.
>
> Thank you.
>
Just as an update couldn't get any further other than t.he fact that
SMCGui.exe is getting killed as its running in the user account and SMC.exe
in the system account.
Thank you.
Regards, Sandeep
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@live.in>
Are you saying this is supposed to affect 11.0.4000.x? If so, what
sub-sub-minor versions did you test it on?
I just tested this on 11.0.4000.2295 (on a managed client) and all it
did was crash the smc.exe process started by the command you supplied,
not smcgui.exe process. I tested as an administrator and an unprivileged
user and got the same results - smc.exe crashes, but not the smcgui.exe
process.
It would be interesting if you could provide more information, since if
this is actually doing what you say it's doing it would be a horrifying
For the "users" its working for SmcGUI.exe
Please find the code as below.
:here
tasklist | find /i "SmcGui.exe" > c:\pid.txt
FOR /F "tokens=2" %%R IN ('TYPE "c:\pid.txt"') DO SET pidopt=%%R
drwtsn32 -p %pidopt%
goto :here
Hi,
There is a bug with the "Symantec Endpoint Protection"( Tested on all
versions till 11.0.4000)
When you execute the following command "smc.exe -p ~ " the smcgui.exe
crashes. You don't need admin privilege for this.
Regards, Sandeep
51l3n7[at]live.in
For what is is worth...
I'm running MR4 version (11.0.4000.2295) and executing the command under a non-privileged account does throw a dialog box with the error message. It also puts an event in the application event log to the effect of "Faulting application smc.exe, version 11.0.4000.2261, faulting module msvcr80.dll, version 8.0.50727.1433, fault address 0x000079f", but watchng task manager SMC.EXE running under the SYSTEM user and SMCGUI.EXE running under the same non-privileged account never dies. I do see an additional SMC.EXE process startup under the non-privileged user, but it is the process failing. I also tried this running the command with an admin account with the same results.
