Symantec Endpoint Protection 12.1.2015.2015 Uninstall

`Hi list,  
  
Description:  
---------------------------------------------  
A weakness has been revealed on SEP installation that allows user to  
uninstall this product without previous knowledge of the  
un-installation password.  
  
Affected version: 12.1.2015.2015  
Affected OS: Windows XP  
  
Details:  
---------------------------------------------  
The MSI module would first try to retrieve password from registry, which is:  
HKLM\\SOFTWARE\\Symantec\\Symantec Endpoint Protection\\SMC\\SmcInstData  
  
If the operation succeeds, SEP would inquiry about the un-installation password.  
However, the operation may fail under two circumstances,  
  
1) the key doesn't exist  
2) the process doesn't have the permission to read the key  
  
On Windows XP, the registry hook implementation of Symantec Endpoint  
Protection was incomplete. Albeit it forbids you from removing the SMC  
keys, but alternating the permission on SMC keys still works.  
  
In order to bypass the mechanism, the end user need to revoke all read  
permission on SMC keys manually, which is:  
HKLM\\SOFTWARE\\Symantec\\Symantec Endpoint Protection\\SMC  
  
P.S: Administrator privilege is still required to remove this product!  
P.P.S: Legal acknowledgement: This vulnerability has already been  
reported this to Symantec Threat Response team, which is ignored.  
  
--   
Best Regards,  
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )  
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E  
  
  
`