Guest

Cisco VPN Client

Field Notice:*Expired* FN - 16592 - VPN Client 3.1.1 Installation Reports False Detection of Nimda Virus


Revised October 23, 2006

November 13, 2001

NOTICE:

THIS FIELD NOTICE HAS BEEN ARCHIVED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Product

Cisco VPN 3000 Client 3.1.1

Problem Description

During installation of the VPN Client for Windows v3.1.1 and v3.5 beta, Norton AntiVirus incorrectly reports that the software is infected with the W32.Nimda.enc(dr) virus. This problem occurs if Norton AntiVirus is using definitions published on September 9, 2001 and November 11, 2001.

Background

Norton AntiVirus published definition files on September 9, 2001 and November 11, 2001 that incorrectly identify certain files from the InstallShield software package as infected with an early variant of the Nimda virus.

Problem Symptoms

Norton's AntiVirus software running the September 9, 2001 and November 11, 2001 virus definitions are identifying the InstallShield script engine (ikernel.exe) as being infected by the W32.Nimda.enc(dr) virus.

Note: Norton AntiVirus definitions prior to September 9, 2001 and other Antivirus products do not report this false positive presence of a virus.

Workaround/Solution

Symantec has released a fix in its November 12, 2001 definition file, and a knowledge based article has been published that further explains the issue and provides directions for resolution: http://support.installshield.com/kb/view.asp?pcode=ALL&articleid=Q105740 leavingcisco.com

Additional Information:

Symantec Security Response for this issue can be found at: http://www.symantec.com/avcenter/venc/data/false.positive.on.ikernel.exe.html leavingcisco.com

A description of the W32.Nimda.enc(dr) virus can be found at: http://www.symantec.com/avcenter/venc/dyn/24365.html leavingcisco.com

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCdv85187

W32.Nimda.enc(dr) false virus positive for ikernel.exe/ikernel.ex_

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.