Endpoint Protection

Are there plans to resolve the POODLE vulnerability on Symantec Servers used by SEP clients? I have verified that my SEP 12.1.5 RU5 clients are communicating with Symantec Servers over SSLv3.  I'm seeing this flagged in Snort.

Example IPs:

143.127.102.41 - ENT-SHASTA-MR-CLEAN.SYMANTEC.COM
216.10.195.167 - stnd-avpip.crsi.symantec.com
216.10.195.237 - central.b6.crsi.symantec.com
216.10.195.168 - stnd-avpip.crsi.symantec.com

Haven't seen any info on that. Not sure if they have a plan or if it will bemade public.

Hi tbeck2010,

All the details necessary can be found in the following article:

About Symantec Endpoint Protection and the Poodle SSL 3.0 vulnerability (CVE-2014-3566)
http://www.symantec.com/docs/TECH225689

Please do update this thread with news if this has answered your question or if there is something additional needed!  &: )

With thanks and best regards,

Mick

He's asking when is Symantec going to fix their servers

I'd expect that in SEP 12.1 RU6 (the next release).  No firm ETA on that at present.

All the best,

Mick

Symantec's external LU servers.

An SEP release is not going to fix this issue.  This issue is that Symantec's external servers still accept SSLv3 ciphers.

Can I get a respone from Symantec on this? I'm sure others would like to know the answer as well.

Good that Symantec is not in the SECURITY business.... oh wait :D