Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Does Windows Update SHA2 problem affect SEP 12.1.x?

  • 1.  Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 14, 2019 10:18 AM

    I'm looking for clarification on exactly WHICH versions of SEP are causing issues with the August 2019 Windows updates which are only SHA2 signed.

    The article at https://support.symantec.com/us/en/article.tech255857.html only mentions Symantec Endpoint Protection 14.2 RU1 MP1 as an affected product. Are other SEP versions also affected, or is it JUST this SPECIFIC version? Is this version mentioned only because it is the latest version?

    We have several clients still running v12.1.6 RU9 and RU10 on Server 2008 R2 platforms and Windows 7 workstations - are these computers also affected? If so, will any patches be offered for those versions?

    Thanks in advance for any insight!
    Warren



  • 2.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 14, 2019 10:29 AM

    It says  "All symantec"

    Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

     

    https://support.microsoft.com/en-in/help/4512486/windows-7-update-kb4512486

     

    Applicable to Nortan as well

    https://borncity.com/win/2019/08/14/symantec-norton-blocks-windows-updates-sha-2/



  • 3.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 14, 2019 11:55 AM

    @Rafeeq: Actually, that Microsoft article you referenced was the reason I was asking for clarification. Right beside the paragraph you quoted is the following paragraph:

    Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

    The text "with an affected version" (highlighted emphasis mine) is what is confusing. What exactly are the affected versions? Is it every version produced to date, or are there only certain versions affected? I suspect it's every version currently available, but it would be helpful to have this point clarified.

    I would also like to know if older versions such as 12.1.6 will be updated to address this issue, or if we must finally upgrade to v14.x.

    Thanks for your response - I do appreciate the help!



  • 4.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 14, 2019 12:30 PM

    @WHairstonLOI,

    have an another thread on this forum

    https://www.symantec.com/connect/forums/issue-about-sha2-windows-update-situation?list_context_id=3377631&list_context_type=symantec_product

    We do patch system using Landesk, we have Multiple customers , most of them have SEP installed. I have sent out an email to the customer's related to this issue, at this point we are making arrangements to have few versions tested by our team.

    I'm sure that symantec would come strong on this.



  • 5.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Broadcom Employee
    Posted Aug 14, 2019 03:30 PM

    All versions of SEP 12.1 and 14.0 and 14.2 clients are affected.  Hotfixes are being made for SEP 14.2 RU1 MP1 and SEP 14.2 MP1.

     



  • 6.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 14, 2019 04:28 PM

    @John_Owens: Thanks for the update. I guess this means we're going to be forced into the v14.x upgrade sooner than we had planned.

    Considering the "urgency" of these updates, is there an ETA on the hotfixes?



  • 7.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 14, 2019 04:36 PM

    He stated on another forum post that the ETA was 8/22.

     



  • 8.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 15, 2019 03:37 AM

    Thanks for the update John, this has quite the impact.



  • 9.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Broadcom Employee
    Posted Aug 15, 2019 12:52 PM

    There has been no observed issue in relation to this update. Out of an abundance of caution we worked with MSFT to have the update hidden so that the potential for a False Positive could be prevented. The reason for this is that the version of SymVT that's in use with legacy Operating Systems (Win7/Win2K8R2) does not have the ability to see SHA-2 signatures.

    By removing the signature from the evaluation process, there is the potential that the final reputation score is impacted which may result in Conviction/Exoneration variance. For this update, we observed no such False Positives.

    However, it's possible a future update may have different behavior, so it's in everyone's best interest to pick up one of the fixed releases as soon as they're available so that this concern can be avoided.

    That's why, for customers that have already taken the update (update isn't hidden for 3rd party deployment solutions) they can safely stay on it until we have the updated releases available.



  • 10.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 21, 2019 01:52 PM

    Hi John,

    Will a hot fix be released for version 12.1?



  • 11.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Broadcom Employee
    Posted Aug 21, 2019 02:04 PM

    12.1 is end of support life. You should move to 14.2.



  • 12.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 22, 2019 08:05 AM

    @John_Owens:  re: "Hotfixes are being made for SEP 14.2 RU1 MP1 and SEP 14.2 MP1."

    Sorry if already asked answered but 2 questions:

    1) what's the path forward if SEPM is on 14.2 RU1 (build 3335)?

    2) Will you update this thread or start a new one when the 8/22 updates are available?

    Thanks!



  • 13.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Aug 22, 2019 12:25 PM
    Any update on above asked questions?..even we are on 14.2 ru1 and we tested tha patches are not deleted by symantec but still want to be extra cautious


  • 14.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Broadcom Employee
    Posted Aug 22, 2019 02:41 PM

    I will post when 14.2 RU1 is available. Likley next week for that hoftix.



  • 15.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Sep 13, 2019 12:46 PM

    If I am correct, SEP 14 cannot be installed on Windows Server 2008.  So the only solution for those servers is to replace them or do a clean wipe of symantec and use another product.



  • 16.  RE: Does Windows Update SHA2 problem affect SEP 12.1.x?

    Posted Sep 16, 2019 02:28 AM

    Yes you can. The last version supported for Window server 2008 standard is 14.2.1031.0100 - 14.2 MP1 (refresh)

     Server 2008 R2 and above - Still in support with latest versions.

     

    You can review all the versions here:

     

    https://support.symantec.com/au/en/article.howto124730.html