Revised October 23, 2006
November 13, 2001
THIS FIELD NOTICE HAS BEEN ARCHIVED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Cisco VPN 3000 Client 3.1.1
During installation of the VPN Client for Windows v3.1.1 and v3.5 beta, Norton AntiVirus incorrectly reports that the software is infected with the W32.Nimda.enc(dr) virus. This problem occurs if Norton AntiVirus is using definitions published on September 9, 2001 and November 11, 2001.
Norton AntiVirus published definition files on September 9, 2001 and November 11, 2001 that incorrectly identify certain files from the InstallShield software package as infected with an early variant of the Nimda virus.
Norton's AntiVirus software running the September 9, 2001 and November 11, 2001 virus definitions are identifying the InstallShield script engine (ikernel.exe) as being infected by the W32.Nimda.enc(dr) virus.
Note: Norton AntiVirus definitions prior to September 9, 2001 and other Antivirus products do not report this false positive presence of a virus.
Symantec has released a fix in its November 12, 2001 definition file, and a knowledge based article has been published that further explains the issue and provides directions for resolution: http://support.installshield.com/kb/view.asp?pcode=ALL&articleid=Q105740
Symantec Security Response for this issue can be found at: http://www.symantec.com/avcenter/venc/data/false.positive.on.ikernel.exe.html
A description of the W32.Nimda.enc(dr) virus can be found at: http://www.symantec.com/avcenter/venc/dyn/24365.html
To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.
W32.Nimda.enc(dr) false virus positive for ikernel.exe/ikernel.ex_
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.