Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

"VIP Access" popup - what is a reliable way to know if it is legitimate?

Created: 29 Dec 2011 | 8 comments

A popup appears on my monitor this morning:  "VIP Access  A new update is available for VIP Access.  Do you want to get the update and restart VIP Access?  What is a reliable way for me to know if it is legitimate?  A search for the phrase on symantec.com is fruitless - just advertizing for VIP.

Comments 8 CommentsJump to latest comment

Thomas K's picture

Can you post a screenshot here? Did you knowingly install VIP Access?

You may also contact VeriSign Support - https://knowledge.verisign.com/support/identity-pr...

Mithun Sanghavi's picture

Hello,

There are few things to check:

1) Check if there are any illegitimate Browser Helper Objects Installed on the IE?? Remove them.

2) Are there any UnRequired Softwares which have been installed on the machine without your information?? If yes, remove them from Add/Remove Programs.

 

I would  recommend you to Run the Symantec Support Tool which may assist you to submit the suspicious files to the Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pete_4u2002's picture

is VIP access already installed on the system? can you check the version and the source from add/remove program?

johndrockefeller's picture

i have the same issue and the same concern. to my knowledge there is no symantec software on my computer. if there is, i don't know what it is. so why is this thing called VIP Access asking me to allow it to be updated? I see the response to the previous inquirer, but frankly i don't want to have to go do homework on this. Would somebody from Symantec help me know for sure whether this is safe or not?

Thomas K's picture

Hi John, As Pete mentioned above, can you check the version from add/remove programs? Screenshots of the version and the pop-up would be nice

peter ashley's picture

Symantec has a two factor authentication product which was developed by Verisign called VIP.  

http://www.symantec.com/business/verisign/vip-authentication-service

Many Symantec employees use the mobile phone version to confirm 2 factor authentication for VPN access.

Check your add/remove programs under "Symantec" and "Verisign" to confirm a legitimate program like this is installed.

If you can't find a legitimate access client then please continue down the path already discussed on the thread of submitting suspicious programs.

BugTracker's picture

The popup identifies both VeriSign and Symantec (as authors) and asks the user to accept an update.  It seems to kick off an install process of something that took over my system as I shut it down.  It cut off my internet connection from the browser, and I needed to restore to a prior checkpoint to repair whatever it was up to.

I have a screen shot in the attached word doc.

VIP Access seems related to an add on in Internet explorer.  I disabled this one and the one below, and the problem seemed to go away. 

Name:                   Symantec VIP Access Add-On
Publisher:              Symantec Corp
Type:                   Browser Helper Object
Version:                2.0.3.64
File date:             
Date last accessed:     ‎Today, ‎April ‎11, ‎2012, ‏‎13 minutes ago
Class ID:               {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}
Use count:              184
Block count:            22
File:                   VIPAddOnForIE.dll
Folder:                 C:\Program Files (x86)\Symantec\VIP Access Client
 

                                    Name:                   Discuss
Publisher:              Not Available
Type:                   Explorer Bar
Version:                6.1.7601.17514
File date:             
Date last accessed:     ‎Wednesday, ‎March ‎28, ‎2012, ‏‎1:26 PM
Class ID:               {BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
Use count:              7
Block count:            0
File:                   shdocvw.dll
Folder:                
          

Does this look like one of Symantec's dlls?  Would you like a copy?

What about the second one?  Thoughts on what I should do next?

Thank you.                                                                                         

AttachmentSize
VIP Access.doc 33.5 KB
Thomas K's picture

@Bugtracker,

If you suspect that this file is malicious, then the best action would be to submit it to the Security Response folks for analysis.

http://www.symantec.com/security_response/submitsa...