Possible security issue in NAV2001 on Windows ME

[Peter Kruse <peter.kruse () it dk>]

Yesterday I received my new laptop with a default installation of Microsoft
Windows ME and the Norton Antivirus 2001 product. Durring a short test I
accidentally stumbled upon a possible security problem with NAV.

Overview:
If you place a virus or other known malware in the c:\_RESTORE folder
(apparently default on Windows ME) Norton Antivirus will not scan that
folder in a "full-system" scan. This seems to be Symantec´s poor choice not
to scan such files?  However if you manually scan C:\_RESTORE NAV will find
the infected file but won´t be able to delete, repair nor quarantine the
file? This could lead a malicious user to drop files into the restore folder
- there´re a few obvious ways to exploit this. Eventually this can be tested
by booting from a dos and copy a virus to c:\_RESTORE. The test will show
that NAV2001 will indeed detect the virus but will be unable to do further.

This just might be a even bigger issue and could be Windows ME based and
therefore leaving other  AV-products vulnerable.
Does anybody have further information regarding this possible security bug?
I have contacted Symantec this morning but still no reply.
Kind regards
Peter Kruse
www.virus112.com