Microsoft removes the update block for August Win7 patches on Symantec/Norton systems

Topic

New Reply

Symantec advises that it and Microsoft have come to an agreement about Symantec and Norton antivirus problems with the August Win7 and Server 2008 R2
[See the full post at: Microsoft removes the update block for August Win7 patches on Symantec/Norton systems]

3 users thanked author for this post.

Myst, abbodi86, lmacri

Reply | Quote

Replies

Appears there really was no issue with the patches and Symantec according to their security advisory.  Oops…better to be safe than sorry.

https://support.symantec.com/us/en/article.tech255857.html

1 user thanked author for this post.

woody

Reply | Quote

You’d think that with six months’ advance warning, somebody at Symantec would’ve tested it.

3 users thanked author for this post.

lanceboil, abbodi86, geekdom

Reply | Quote

Waiting, waiting, waiting. Installed the March SHA v1 & Service Stack update back in early April.  Norton Anti Virus vers.22.18.0.123, Win 7 Pro SP1 x64, Intel Core i7, HP ZBook 17 with new (3 months) Samsung SSD. Ditto “safe than sorry”.

Reply | Quote

woody wrote:

You’d think that with six months’ advance warning, somebody at Symantec would’ve tested it.

Who says Microsoft sent a memo to Symantec or sent them patched to test ?

Reply | Quote

I think Microsoft will release patch if win7 hit by famous worms, like what they did with winxp. but without monthly buggy patch, win7 will become a stable platform compare with win10. maybe win7 will keep its market share for many years.

Reply | Quote

Does (did) this problem only affect systems with Symantec Endpoint Protection or did it affect systems with any Norton/Symantec Anti-virus program. Half the articles imply it affects only SEP and half say it affects any Norton or Symantec AV program.
Thanks, Gene

Reply | Quote

Hi Gene:

It also affected Win 7 SP1 users with Norton home consumer products, and a Norton v22.18.0.222 update that targeted Win 7 SP1 (but not Win 8.x or Win 10) started rolling out on 20-Aug-2019 that allowed Win 7 SP1 users to apply their available Windows Update patches. See the 20-Aug-2019 revision to the original product update announcement Norton Security 22.18.0.213 for Windows is now available! as well as Norton employee Sunil_GA’s 20-Aug-2019 post in the thread Is it safe to install August 2019 Windows 7 update?? in the Norton Community forum.
————
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Norton Security v22.15.2.22

1 user thanked author for this post.

Demeter

Reply | Quote

Rechecked what vers. of Norton Anti virus I’m running; it updated to vers. 22.18.0.222 Aug. 20. Norton says good to go for Win 7 MS updates. However, I’ll wait for DEFCON 3 or higher.

Reply | Quote

[GoneToPlaid]

It sounds like Semantic demanded hook(s) to remain in place. And they would have old grounds to demand such a thing. You all remember Vista?

• This reply was modified 5 years, 9 months ago by GoneToPlaid.

Reply | Quote

There has to be the necessary hooks provided by the OS maker in order for the AV/Firewall software to do its job and it’s the undocumented calls that some applications where trying to use that where causing loads of issues.

Whatever the MS OS/API hooks made available it’s only the documented hooks that are somewhat guaranteed to work regression free as best as possible, or in MS’s case the lowest cost possible for “properly” done regression testing that’s really been lacking since MS outsourced that QA/QC work. Symantec most certainly has not done their proper QA/QC and should have had plenty of advanced time to get that SHA-2 work in place before the deadline.

This whole Symantec issue appears related to the finances for properly keeping things working and Symantec’s Enterprise Security solutions being sold to Broadcom and Symantec only  retaining the consumer Norton/other parts of the business. So Maybe that sale will allow Symantec to focus more remaining resources and fix their consumer oriented product offerings as there are still some issues remaining as far as Norton is concerned. I really wish that there were some Norton Firewall/Antivirus only option like there use to be with Norton in the past without all that cloud and utilities bundled in with the Firewall/AV functionality that I do not need or want.

I get my Norton via my ISP provider so that comes with my monthly service payments but I really wish that my ISP had Symantec just offer a Firewall/Antivirus only variant of Norton without the unwanted/unneeded  extras. All the rest of that utilities and cloud integration cruft can be offered as an option but I’m tired of Norton taking control over my disk de-fragmenting scheduling over and over again after I have disabled any disk dfrag scheduling in the OS/Control Panel.

MS needs to be aware that it can not legally hobble the Third Party AV/Firewall makers in favor of its own MS branded solutions least there be a Netscape sort of  antitrust issue once again. So MS has to provide at a minimum access to the same level of necessary OS/API hooks to the third party AV/Firewall providers.

Reply | Quote

The Symantec support article notes, “Symantec will continue to maintain the safety of these updates via content, but in order to return the client’s ability to gather SHA-2 information on Microsoft signed files, we recommend that one of these upgrades be applied”.  It may be that future SHA-2 signed updates are being added to the list of trusted files that bypass antivirus scans.

1 user thanked author for this post.

Myst

Reply | Quote

For those who currently don’t have an active Symantec Support Subscription for Symantec Endpoint Protection (SEP) via MySymantec, Symantec just today posted the latest SEP “client-only” patches for SEP version 14.2.4814.1101 here.

Though SEP version 12.1.6 is no longer in support, the client-only patch package zip file (1.9GB / 2.1GB) contains all the appropriate SEP client-only patches required to bring any SEP client version 12 or SEP client version 14 up to the latest SEP client version 14 (14.2 RU1 MP1) build 4814 (14.2.4814.1101) as described here and here.

Unfortunately, Symantec’s “Download Endpoint Protection client-only patches and release notes” webpage here hasn’t yet been fully updated with the correct links to the corresponding release notes & fixes for this latest SEP build.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

Reply | Quote

Hi. Does anybody know, how the block was “removed” technically? Did it came with SEP definition updates?

I’m wondering because my servers live in quite isolated environment, only WSUS has internet access to MS servers. So if my SEP version does not change, and WSUS rollup files do not change, then how the heck this blocking behaviour could be modified?

Reply | Quote

I believe the removal of the block would NOT be through the definitions. It would be a program (engine) update to a later version or a patch that would change the version.

Please check with the Norton/Symantec website for further information. The update could probably be downloaded and copied to the servers.

Reply | Quote

[lmacri]

anonymous wrote:

Hi. Does anybody know, how the block was “removed” technically? Did it came with SEP definition updates?

I’m wondering because my servers live in quite isolated environment, only WSUS has internet access to MS servers. So if my SEP version does not change, and WSUS rollup files do not change, then how the heck this blocking behaviour could be modified?

See my post # 1924193. Norton users with a Win 7 SP1 OS were updated to Norton v22.18.0.222 (rel. 20-Aug-2019) to fix this problem, while Win 8.x and Win 10 users remained on v22.18.0.213 (rel. 29-Jul-2019).  Both those products have now been replaced by the latest v22.19.8.65 (rel. 13-Sep-2019).

The SEP product updates for Win7 SP1 and Win Server 2008 R2 SP1 were released 27-Aug-2019, and version numbers are listed under “Solutions” at the bottom of the support article at Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed.  The FAQ refers to these updates as “SEP hotfixes“.
———-
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Norton Security v22.15.2.22

• This reply was modified 5 years, 8 months ago by lmacri. Reason: Clarified applicable OSs for SEP updates

1 user thanked author for this post.

PKCano

Reply | Quote

I have tested a few workstations with older SEP version, and somehow they now can correctly see August and later updates from WSUS. Nothing has changed on workstation, except fresh definitions daily. That’s why I raised that question.

And the wording in Symantec article is confusing:

<..>soft block was removed<..>

Symantec will continue to maintain the safety of these updates via content, but in order to return the client’s ability to gather SHA-2 information on Microsoft signed files, we recommend that one of these upgrades be applied.

For some reason, they don’t say directly that “in order to get new updates, you must upgrade SEP”. They just recommend and talk about some “blocks”.

The following thread has some insights, but again, nothing clear, just suggestion that block initially came and later was lifted through WSUS metadata.

https://www.symantec.com/connect/forums/issue-about-sha2-windows-update-situation#

 

Reply | Quote