Anyone else get an email from their Symantec TAM such as this?
Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection.
Microsoft KB4512506/KB4512486 and future updates can be safely installed and we are expecting the soft block on these updates to be removed on August 27th, 2019.
Symantec will continue to maintain the safety of these updates via content, but in order to return the client’s ability to gather SHA-2 information on Microsoft signed files, we recommend that one of these upgrades be applied:
SEP 14.2 RU1 MP1 (14.2.4814.1101) has been certified and is available for download via MySymantec.
SEP 14.2 RU1 (14.2.3357.1000) has been certified and is available upon request through Symantec Technical Support.
SEP 14.2 MP1 (14.2.1057.0103) has been certified and is available upon request through Symantec Technical Support.
These can be applied as part of any upcoming routine operational activities associated with maintaining Symantec Endpoint Protection.
All this is documented in our Knowledge Base article.
From the way I read this, we no longer have to push out SEP 14.2 RU1 MP1 (14.2.4814.1101) in a hurry so that our Win7 and Server 2008 machines can then be patched...unless I'm reading this wrong.
14.2.4814.1101 Added full support for Secure Hash Algorithm 2 (SHA-2) on Windows 7 and Windows 2008 R2.
Symantec released the hot fix in 14.2.4814.1101, issue solved.