Security researcher discovers vulnerability that abuses quarantine feature of popular antivirus software

Posted 14 November 2017 03:00 CEST by Jan Willem Aldershoff

An Austrian security researcher has found a way to abuse the quarantaine feature of antivirus software and use it to install malcious software on a PC. Researcher Florian Bogner writes about the vulnerability, which he called AVGater, on his blog.


AVGater works by sending a phishing email to computers with affected antivirus software installed. The attached malware is detected by the antivirus software and then quarantined, a normal procedure that copies the malware to a secured location on the computer where it normally can’t do any further harm.

Through a special function in the Windows filesystem, Bogner succeeded to move the malware from the quarantined location to a random other location on the computer, after which he could execute the malware nevertheless.

Trend Micro, Kaspersky and Malwarebytes were affected and have released updates for their virus scanners, other vendors are still working on a solution according to Bogner, who also recommends to regularly update your antivirus software.

Related content

Comment on this news item