nonprivileged user can list directory contents?

[Guest]

It looks like regular, 'limited' users are able to call a scan that scans
files that aren't accessible in that user's space. For example, files in
other users' profile directories are listed. That seems like a pretty big
problem -- it's great that limited users can initiate a scan, but being able
to list filenames in folders to which the user normally doesn't have access
raises big privacy issues, especially at an enterprise level.

I'd be happy either (1) preventing directory contents from being listed, or
(2) preventing limited users from running scans and only giving them realtime
protection (and running scans at night, etc.). Has anyone else experienced
this problem and/or found a way around it?

Cheers!

 

[Bill Sanderson]

Defender is really not useable at an enterprise level. Microsoft Forefront
Client Protection would be what you would use instead.

That's a good observation, though. I wouldn't swear that the same issue
does not exist in Forefront.

 

[Guest]

What freaks me out about this is that it violates principle of least
privilege -- an interactive user is given privileges beyond what is intended
for her/his account. That seems especially wrong for something billed as a
security product. I think your point is well taken about Defender not being
enterprise-appropriate, but I think it's not even appropriate for home use,
even when users are following Microsoft's advice about restricting privileges.

I'm not savvy about MS tech support. Is there a bug report address /
interface that's most appropriate for this product?

Thanks again,
Colin

 

[Bill Sanderson]

Folks from the team which guides Defender development do read these groups.
I think your subject header is well chosen--it should get their attention.

Ove the years, there have been a number of venues Microsoft has provided to
try go gather customer suggestions/reports of bugs. Let me see if I can
figure out what the current iteration is...

I'm drawing a blank in the time I have to look at the moment, I'm afraid.
The Microsoft staff who post in these groups are very responsive. I'll pass
this on myself to one of them for want of anything better I can spot

--

 

[Shiroy Choksey]

Hello Colin,



Thank you for taking the time to report this issue to us. We are aware of
the problem.



The reason that a low privileged user can see filenames / scan files
belonging to other users is because Windows Defender runs in a
client-service mode, where the client UI is running with the privileges of
the current user, while the service (which contains the scanning / detection
engine) runs as Local\System. This allows all users to be protected even if
malware is unknowingly installed by an administrative user. However, the
disadvantage to this approach is evident as you have noted, which allows one
user to see the filename / folders of another user. We are investigating
approaches to provide administrators with a privacy setting which prevents
non-admin users from seeing filenames / folders that do not belong to them,
yet enabling us to scan them. In this mode, users will only see the names of
files of other users if they are infected with spyware.







Thanks,

~Shiroy Choksey [MSFT]



This posting is provided "AS IS" with no warranties, and confers no rights.