Symantec Struggling to Correct Signature FlawBy Lawrence Walsh | Print
Since the beginning of the year, Symantec Endpoint Protection Manager has failed to recognize signature updates with 2010 dates. Symantec has a workaround that ensures security remains in place, but partners are growing frustrated by the time it’s taking to build a fix.
You’re not alone if you’re noticing something peculiar about the update signatures flowing into the Symantec Endpoint Protection Manager since the New Year. Symantec is trying to unravel the mystery behind the widely used endpoint management platform failing to recognize update files with 2010 dates.
Symantec is working on a fix. In the meantime, all new signature updates will carry a December 31, 2009 date with increasing revision numbers.
"Our engineers are working on the fix around the clock. We have identified the problem and have created a first cut fix which is with QA at the moment," wrote Symantec’s Paul Murgatroyd in a forum to partners and customers two days ago.
According to the Symantec blog, SEPM stopped recognizing signature updates with dates greater than December 31, 2009 11:59 p.m. The flaw affects Symantec Endpoint Protection v11.x and Symantec Endpoint Protection Small Business Edition v12.x. Also affected is Symantec Network Access Control products that have host integrity configured to check their client definitions for updates.
The flaw does not affect any other enterprise or consumer products, such as Symantec Antivirus or Symantec Client Security.
While Symantec says the flaw’s impact is limited to a certain set of products, partners and customers are reporting collaborate damage caused by the signature recognition problem. Comments in the Symantec forum indicate problems ranging from unusually large volumes of processor capacity consumption to extensive disk usage. Others say the flaw is causing third-party and custom applications, such as signature deployment scripts to fail, since they’re expecting to see files with 2010 dates. Some partners and users report shutting down Symantec’s LiveUpdate because of usual disk writing activity.
"After speaking to support, they said many customers are having the same issue. They can't confirm it is related to the definition date issue, and they think it shouldn't be. However, they can't confirm it is NOT related. They advised using the SymDelTmps utility to delete the temp files, and making that utility a scheduled job," one partner wrote about the disk consumption problem.
It’s been two days since Symantec reported isolating the problem and working on a fix, yet no patch has been released. Partners and customers are getting frustrated and worry that the fix will consume a lot of their time and bandwidth once it becomes available.
"Six days and still no solution to this problem; it looks really bad guys," one partner wrote to Symantec.