I know that NTFS has features called ADS which may be used to hide malware. So does antivirus/security software, such as Norton 360, protect against this type of attack?
Asked
Active
Viewed 1,614 times
4
-
FYI: NTFS isn't the only file system that will do this. See [Wikipedia](https://en.wikipedia.org/wiki/Alternate_data_stream) for more info. – Iszi Jul 06 '12 at 12:41
-
NTFS Alternate Data Streams is not always used for malicious purposes. This type of evasion is old and probably all AV inspect the NTFS ADS. You need to ask how good your AV is, because even it detects NTFS ADS, would it detect if it is malicious or not? – Mohamed Marrouchi May 20 '21 at 15:10
1 Answers
5
Symantec says yes for at least two version of their Entreprise products:
Problem
Can the Symantec Endpoint Protection (SEP) product scan and detect virus or other malware stored within NTFS Alternate Data Streams?
Solution
Yes, Symantec Endpoint Protection 11.0 and 12.1 is able to scan and detect threats within NTFS Alternate Data Streams (ADS).
Realtime Protection or File System Auto-Protect can scan within Alternate Data Streams associated with both files and folders.
Source: http://www.symantec.com/business/support/index?page=content&id=TECH173434
Shadok
- 509
- 4
- 12
-
I would hope this feature is in every version of their security system. – Ramhound Jul 06 '12 at 14:50
-
I would hope MS (and Apple) embrace the unix way "Everything is a file", we would gain in compatibility. – Shadok Jul 10 '12 at 14:22