Symantec Struggling to Correct Signature Flaw

By Lawrence Walsh  |  Posted 2010-01-06 Email Print this article Print
 
 
 
 
 
 
 

WEBINAR: Event Date: Tues, December 5, 2017 at 1:00 p.m. ET/10:00 a.m. PT

How Real-World Numbers Make the Case for SSDs in the Data Center REGISTER >

Since the beginning of the year, Symantec Endpoint Protection Manager has failed to recognize signature updates with 2010 dates. Symantec has a workaround that ensures security remains in place, but partners are growing frustrated by the time it’s taking to build a fix.

You’re not alone if you’re noticing something peculiar about the update signatures flowing into the Symantec Endpoint Protection Manager since the New Year. Symantec is trying to unravel the mystery behind the widely used endpoint management platform failing to recognize update files with 2010 dates.

Symantec is working on a fix. In the meantime, all new signature updates will carry a December 31, 2009 date with increasing revision numbers.

"Our engineers are working on the fix around the clock. We have identified the problem and have created a first cut fix which is with QA at the moment," wrote Symantec’s Paul Murgatroyd in a forum to partners and customers two days ago.

According to the Symantec blog, SEPM stopped recognizing signature updates with dates greater than December 31, 2009 11:59 p.m. The flaw affects Symantec Endpoint Protection v11.x and Symantec Endpoint Protection Small Business Edition v12.x. Also affected is Symantec Network Access Control products that have host integrity configured to check their client definitions for updates.

The flaw does not affect any other enterprise or consumer products, such as Symantec Antivirus or Symantec Client Security.

While Symantec says the flaw’s impact is limited to a certain set of products, partners and customers are reporting collaborate damage caused by the signature recognition problem. Comments in the Symantec forum indicate problems ranging from unusually large volumes of processor capacity consumption to extensive disk usage. Others say the flaw is causing third-party and custom applications, such as signature deployment scripts to fail, since they’re expecting to see files with 2010 dates. Some partners and users report shutting down Symantec’s LiveUpdate because of usual disk writing activity.

"After speaking to support, they said many customers are having the same issue. They can't confirm it is related to the definition date issue, and they think it shouldn't be. However, they can't confirm it is NOT related. They advised using the SymDelTmps utility to delete the temp files, and making that utility a scheduled job," one partner wrote about the disk consumption problem.

It’s been two days since Symantec reported isolating the problem and working on a fix, yet no patch has been released. Partners and customers are getting frustrated and worry that the fix will consume a lot of their time and bandwidth once it becomes available.

"Six days and still no solution to this problem; it looks really bad guys," one partner wrote to Symantec.

>> Click here to join the discussion on the Secure Channel blog

 
 
 
 
Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.
 
 
 
 
 
























 
 
 
 
 
 

Submit a Comment

Loading Comments...
























 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date