Symantec has been forced to fix a flaw in Norton SystemWorks that could allow an attacker to hide malicious code in a hidden directory used by the software. The problem in question is in the Norton Protected Recycle Bin, which allows users to restore file types not stored by Windows’ own recycle bin after deletion. It utilises a hidden folder called NProtect, which (yes, you guessed it!) is not scanned by anti-virus software during scheduled or manual scans. This makes the location a potential hideaway for malware.
"In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory," an advisory on its website stated. Symantec has released an automatic update via its LiveUpdate, which makes the directory visible during all types of scan.