Microsoft fingers Symantec antivirus program as spyware

Update to Windows AntiSpyware causes it to recommend disabling two Symantec antivirus programs

A problem with an update to Microsoft's Windows AntiSpyware program last week caused it to recommend disabling two Symantec antivirus programs. Microsoft has now fixed the problem, it said Monday.

The problem was rooted in a signature update for Windows AntiSpyware Beta 1 released late Thursday night, Microsoft said. The signature flagged a registry key for Symantec's AntiVirus Corporate Edition versions 7, 8, 9, 10 and Client Security versions 1, 2, or 3 as a password stealer called PWS.Bancos.A.

Microsoft said the scope of the problem was "very limited" and said in a statement it was working with Symantec to identity affected customers.

AntiSpyware Beta 1 would prompt a user to remove the registry key and subkeys belonging to the Symantec products, Microsoft said. If the registry keys were deleted, the Symantec programs would not work.

The problem signature update is "5805," and Microsoft said it issued a new signature set -- "5807" -- that fixes the problem. For those who deleted the registry keys, Microsoft said it was working with Symantec to "restore normal operation" of the antivirus programs.

But until that fix is available, Microsoft said users can use the system restore function in Windows XP to restore the OS to an earlier point before the registry key was removed. Another option is to reinstall the Symantec software, Microsoft said.

Windows AntiSpyware Beta 1 will be called Windows Defender when it is officially released later this year. The program will be part of Microsoft's upcoming OS, Vista, and also be available for existing products such as Windows XP, Windows 2000, and Windows Server 2003.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies