Many anti-virus solutions are deployed with weak configurations that provide end users with the ability to quickly disable or work around the product if they wish. As a result, even users without super hacker “skillz” can run malicious executables (intentionally or not) without having to actually modify them in any way to avoid detection. Naturally, such techniques lend themselves well to penetration testing. This blog will provide a brief overview of 10 issues to watch out for. It should be interesting to administrators looking for basic weaknesses in their current implementations. However, it will most likely be less interesting to the veteran pentester.
Short disclaimer: This is far from complete, and truth be told there is no perfect anti-anything. In spite of that, I hope that you enjoy the read. I’ve provided a summary of what will be covered for those who don’t feel like reading the whole blog first.
- Add Anti-Virus Policy Exceptions
- Disable Anti-Virus via the GUI
- Terminate Anti-Virus Processes
- Stop and Disable Anti-Virus Services
- Disable Anti-Virus via Debugger Settings
- Uninstall Anti-Virus
- Execute from a UNC Path or Removable Media
- Execute from an Alternative Data Stream
- Execute from a DLL
- Execute from Outside the File Systems
read more............http://www.netspi.com/blog/2013/01/16/10-evil-user-tricks-for-bypassing-anti-virus/