Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Symantec says it’s in the final QA stage for a fix to its signature date flaw, in which certain Symantec endpoint products do not recognize updates with 2010 dates.

The patch could be available sometime today or tomorrow. The exact release time and date is unclear in the updates to the Symantec blog and forum, and that lack of clarity is drawing fire from resellers and users.

The flaw affects Symantec Endpoint Protection v11.x and Symantec Endpoint Protection Small Business Edition v12.x. Also affected are Symantec Network Access Control products that have host integrity configured to check their client definitions for updates. The flaw does not affect any other enterprise or consumer products, such as Symantec Antivirus or Symantec Client Security.

In an update to the Symantec blog, Paul Murgatroyd wrote:

“We are currently in the final stages of QA and should be able to publish some fairly confident dates for release within the next 24 hours. All this is taking time, as we have 30 different builds that require separate patches, but we are getting there. We do hope to be able to release the first of these patches before the weekend, but that is to be confirmed. On another note, for those of you that use LiveUpdate to get definitions to your clients, we are hoping to put client specific "2010 dated" definitions onto LiveUpate this evening. This will mean that any client talking directly to LiveUpdate will be able to get updated definitions. As always, any further developments will appear on here as soon as we can get them to you.”

Symantec partners and customers have been grappling with this problem since the New Year, when SEPM stopped recognizing signature updates with dates greater than Dec. 31, 2009 – 11:59 p.m. The problem a modern version of Y2K – the Symantec products order dates by the last digit of the year. Until the patch is available, Symantec has dated all signature updates Dec. 31, 2009 with incrementally increasing revision numbers. The current revision update is r118.

Partners and customers are eagerly awaiting the SEPM patch, as many are reporting a number of real and coincidental problems related to the problem.

More worrisome to the Symantec community is the poor communications about the problem. The Symantec forum on the flaw is replete with complaints about the lack of clear information and inconsistent updates. Symantec has been using its forum and blog to keep its partners and customers updated on the flaw and fix progress, but some say that’s not enough.

As one Symantec user wrote:

Good thing I decided to visit the forum. After days of vacation and came back only to see all clients still on the 12/31/2009 definition is horrific especially several of the workstations here were infected in the prior week with fake AV. I wasted hours trying a bunch of things before coming to the forum. It would have been nice to have an alert on the virus definition page or Symantec home page alerting of this issue before I went ahead and try to fix it. Very bad client communication here.


Another user wrote:

Communication on this issue was extremely poor from Symantec….especially for BCS customers who pay tens of thousands of dollars a year for Premium support. It has been over a week since this was identified, and there is still no workable fix for a simple coding issue that should never have happened. QA and testing has not been Symantec’s strong point for the last several years…Maybe your developers and product specialists should put as much time and effort into their Corporate products as they do into their Consumer products. None of those that I used appeared to be impacted.


A Symantec employee posted that the forum was extremely efficient for disseminating information and wagered that the partners and users in the forum would post the availability of the patch before Symantec released an official announcement.

The forum users found that notion foolhardy. As one Symantec partner wrote:

Most of us here have learned to use this forum, largely because Symantecs customer communication strategy is exceedingly lacking. All of us who know to look at this forum and read it regularly will be aware of the problem, and whilst there are indeed hundreds of us that are reading it, I suspect there will be thousands that are not. Relying on this forum as a communication strategy is in my view somewhat foolish.


How would you rate Symantec’s communications? Do you find forums such as the one Symantec users an effective form of communications? Are user forums a replacement medium for conventional alerts and emails?Join the discussion on the Secure Channel blog.