Just a few days ago, an update to Norton AntiVirus seems to have started blocking Image Uploader on our site.

The log in Norton shows this:

> Details: Attempted Intrusion "HTTP Aurigma Image Uploader ActiveX Activity" against your machine was detected and blocked.
> Intruder: api.smugmug.com(208.79.45.23)(http(80)).
> Risk Level: High.
> Protocol: TCP.
> Attacked IP: 66.102.205.234.
> Attacked Port: 1098.
> Click the address to trace the attacker.


We are able to get our customers working by having them put exemptions in Norton for our site, but this is less than ideal. Is there any work around or details on this?

Hello,

Symantec released intrusion prevention protection (IPS) signatures via LiveUpdate servers for our Norton customers for the Microsoft Advisory (http://www.microsoft.com/technet/security/advisory/953839.mspx) issuing kill bits for the Aurigma Image Uploader to protect against the malicious use of these ActiveX controls on Tuesday, August 12 at 2:26pm Pacific. Symantec removed this signature from its definition set when notified that some of these ActiveX controls appear to still be in legitimate use on Wednesday, August 13 2008, at 11:24am Pacific.

Symantec customers can use LiveUpdate to download newer definitions and this problem will no longer occur. Symantec will continue to work with Aurigma to determine a proper course of action to protect customers from malicious use of the ActiveX controls.

Do post a note if this problem is still persistent even after updating definitions to the latest available.

Regards,
- V Thakur