COMMAND

	BlackICE bypass when swhitching back from \"standby\" on laptops

SYSTEMS AFFECTED

	BlackICE Agent 3.1 eal on Windows 2000 laptop

PROBLEM

	Andreas Sandor (asandor@kpmg.dk) found following:
	

	In a default installation, The BlackICE Agent might not reactivate  when
	the host returns from standby. This could  allow  a  malicious  user  to
	bypass the firewall completely.
	

	The     BlackICE     Agent     setup     contains     the      parameter
	\"restart.whenSuspend\", which  should  be  enabled  by  default.  This,
	however, is not always the case, and as a result the firewall might  not
	reactivate after a system standby. The BlackICE Agent would  still  give
	all the appearences of being active, but the filter function  would  not
	be in effect, and network communication would be possible  to  the  same
	extent as if the software wasn\'t installed.
	

	

SOLUTION

	Upgrade to BlackICE Agent V3.1 EBH, available through:
	

	https://bvlive01.iss.net/issEn/DLC/login.jhtml