Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SCSP Prevention bypass POC

Created: 03 May 2014 • Updated: 03 May 2014 | 6 comments

Hi All,

Can anybody provide me the steps to bypass the SCSP prevention. I go through the below link and found it's possible to bypass the SCSP prevention:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140502_00

Can anyone have POC or any experience which help me to bypass the prevention of SCSP. I have to pentest a windows server 2003 R2 with SCSP prevention enabled.

Operating Systems:

Comments 6 CommentsJump to latest comment

pete_4u2002's picture

its the issue with old SCSP windows agent and that too unpatched machine.

Hlovers's picture

Hi pete,

Yes I know that. But our client is using SCSP Server on unpatched windows box. He is very confident that SCSP also prevent his unpatched machine according to SCSP datasheet. I have to pentest that machine, if you can provide any document related to that it's very helpful for me.

pete_4u2002's picture

whats the SCSP agent version? if its running old , please upgrade to the latest SCSP version.

Hlovers's picture

It's 5,25 version of SCSP installed on server. But before upgrading the SCSP to latest version, i have to pentest it to showcase my client that his server is still vulnerable.

AMoss's picture

It's highly likely the detailed steps to subvert the controls will be published...this is similiar to how OS vendor will release a vulnerability information but NOT exploit information.

Looking for real-time reporting and data visualization for your Symantec Security solutions?  http://www.trysolve.com

Hlovers's picture

@AMoss: Thanks for the update. Can i get that information anywhere?