Can anybody comment on this report by Windows Defender that came up shortly after rebooting my machine this morning:
Summary:Services and Drivers change occurred.
This agent monitors services and drivers acting as part of Windows, often running with high security privileges. It ensures that no services are being interfered with or added without proper consent.
Path:
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys
Detected changes:
regkey:
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EraserUtilDrv11312
file:
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys
Advice:
Permit this detected item only if you trust the program or the software publisher.
Publisher:
INVALID:Symantec Corporation
Digitally Signed By:
INVALID:Symantec Corporation
Product name:
ERASER ENGINE
Description:
Symantec Eraser Utility Driver
Original name:
eraser64.sys
Creation date:
3/2/2014 3:03 AM
Size:
137648 bytes
Version:
113.1.2.11
Type:
application
Checkpoint:
Drivers
Category:
Not Yet Classified
N360 v21.1.0.18, Vista Home Premium x64.
What I’m wondering about is possible reasons why Defender would flag this file as having an “invalid” publisher and an “invalid” digital signer.
Some background: last night I experienced the dreaded “3038,104” error and could not perform a Norton scan, even after doing a manual definitions update via Intelligent Updater. N360 hadn’t been able to update the defs on its own for four days. So this morning I followed other steps outlined in other threads here that deal with this error: run a Full System Scan in Safe Mode, run CHKDSK. Everything checked out – no bad stuff on my PC, hard drive is fine. But then shortly after rebooting into Windows, Defender gives me a pop-up that leads to the report quoted above.
Is the flagged file legit, or has my PC been attacked? What could lead Defender to flag Symantec as an invalid publisher and invalid digital signer?
BTW, my Windows Defender is the original, anti-malware version and not the rebranded, full-fledged AV formerly known as MS Security Essentials. It has coexisted peacefully with various iterations of N360 for five years (since the beginning), and not only does it ask me to approve of certain changes to the registry but it has also caught a few things that N360 missed, so I prefer to keep it running.