News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft removes the update block for August Win7 patches on Symantec/Norton systems

    Home Forums AskWoody blog Microsoft removes the update block for August Win7 patches on Symantec/Norton systems

    This topic contains 16 replies, has 9 voices, and was last updated by  anonymous 6 days, 9 hours ago.

    • Author
      Posts
    • #1923526 Reply

      woody
      Da Boss

      Symantec advises that it and Microsoft have come to an agreement about Symantec and Norton antivirus problems with the August Win7 and Server 2008 R2
      [See the full post at: Microsoft removes the update block for August Win7 patches on Symantec/Norton systems]

      3 users thanked author for this post.
    • #1923608 Reply

      anonymous

      Appears there really was no issue with the patches and Symantec according to their security advisory.  Oops…better to be safe than sorry.

      https://support.symantec.com/us/en/article.tech255857.html

      1 user thanked author for this post.
      • #1923744 Reply

        woody
        Da Boss

        You’d think that with six months’ advance warning, somebody at Symantec would’ve tested it.

        3 users thanked author for this post.
    • #1923814 Reply

      Demeter
      AskWoody Plus

      Waiting, waiting, waiting. Installed the March SHA v1 & Service Stack update back in early April.  Norton Anti Virus vers.22.18.0.123, Win 7 Pro SP1 x64, Intel Core i7, HP ZBook 17 with new (3 months) Samsung SSD. Ditto “safe than sorry”.

    • #1923851 Reply

      Alex5723
      AskWoody Plus

      You’d think that with six months’ advance warning, somebody at Symantec would’ve tested it.

      Who says Microsoft sent a memo to Symantec or sent them patched to test ?

    • #1923870 Reply

      tbsky
      AskWoody Lounger

      I think Microsoft will release patch if win7 hit by famous worms, like what they did with winxp. but without monthly buggy patch, win7 will become a stable platform compare with win10. maybe win7 will keep its market share for many years.

    • #1924056 Reply

      anonymous

      Does (did) this problem only affect systems with Symantec Endpoint Protection or did it affect systems with any Norton/Symantec Anti-virus program. Half the articles imply it affects only SEP and half say it affects any Norton or Symantec AV program.
      Thanks, Gene

      • #1924193 Reply

        lmacri
        AskWoody Lounger

        Hi Gene:

        It also affected Win 7 SP1 users with Norton home consumer products, and a Norton v22.18.0.222 update that targeted Win 7 SP1 (but not Win 8.x or Win 10) started rolling out on 20-Aug-2019 that allowed Win 7 SP1 users to apply their available Windows Update patches. See the 20-Aug-2019 revision to the original product update announcement Norton Security 22.18.0.213 for Windows is now available! as well as Norton employee Sunil_GA’s 20-Aug-2019 post in the thread Is it safe to install August 2019 Windows 7 update?? in the Norton Community forum.
        ————
        32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Norton Security v22.15.2.22

        1 user thanked author for this post.
    • #1924555 Reply

      Demeter
      AskWoody Plus

      Rechecked what vers. of Norton Anti virus I’m running; it updated to vers. 22.18.0.222 Aug. 20. Norton says good to go for Win 7 MS updates. However, I’ll wait for DEFCON 3 or higher.

    • #1924664 Reply

      GoneToPlaid
      AskWoody Plus

      It sounds like Semantic demanded hook(s) to remain in place. And they would have old grounds to demand such a thing. You all remember Vista?

      • This reply was modified 3 weeks, 4 days ago by  GoneToPlaid.
      • #1925684 Reply

        anonymous

        There has to be the necessary hooks provided by the OS maker in order for the AV/Firewall software to do its job and it’s the undocumented calls that some applications where trying to use that where causing loads of issues.

        Whatever the MS OS/API hooks made available it’s only the documented hooks that are somewhat guaranteed to work regression free as best as possible, or in MS’s case the lowest cost possible for “properly” done regression testing that’s really been lacking since MS outsourced that QA/QC work. Symantec most certainly has not done their proper QA/QC and should have had plenty of advanced time to get that SHA-2 work in place before the deadline.

        This whole Symantec issue appears related to the finances for properly keeping things working and Symantec’s Enterprise Security solutions being sold to Broadcom and Symantec only  retaining the consumer Norton/other parts of the business. So Maybe that sale will allow Symantec to focus more remaining resources and fix their consumer oriented product offerings as there are still some issues remaining as far as Norton is concerned. I really wish that there were some Norton Firewall/Antivirus only option like there use to be with Norton in the past without all that cloud and utilities bundled in with the Firewall/AV functionality that I do not need or want.

        I get my Norton via my ISP provider so that comes with my monthly service payments but I really wish that my ISP had Symantec just offer a Firewall/Antivirus only variant of Norton without the unwanted/unneeded  extras. All the rest of that utilities and cloud integration cruft can be offered as an option but I’m tired of Norton taking control over my disk de-fragmenting scheduling over and over again after I have disabled any disk dfrag scheduling in the OS/Control Panel.

        MS needs to be aware that it can not legally hobble the Third Party AV/Firewall makers in favor of its own MS branded solutions least there be a Netscape sort of  antitrust issue once again. So MS has to provide at a minimum access to the same level of necessary OS/API hooks to the third party AV/Firewall providers.

    • #1925015 Reply

      anonymous

      The Symantec support article notes, “Symantec will continue to maintain the safety of these updates via content, but in order to return the client’s ability to gather SHA-2 information on Microsoft signed files, we recommend that one of these upgrades be applied”.  It may be that future SHA-2 signed updates are being added to the list of trusted files that bypass antivirus scans.

      1 user thanked author for this post.
    • #1936301 Reply

      RDRguy
      AskWoody Lounger

      For those who currently don’t have an active Symantec Support Subscription for Symantec Endpoint Protection (SEP) via MySymantec, Symantec just today posted the latest SEP “client-only” patches for SEP version 14.2.4814.1101 here.

      Though SEP version 12.1.6 is no longer in support, the client-only patch package zip file (1.9GB / 2.1GB) contains all the appropriate SEP client-only patches required to bring any SEP client version 12 or SEP client version 14 up to the latest SEP client version 14 (14.2 RU1 MP1) build 4814 (14.2.4814.1101) as described here and here.

      Unfortunately, Symantec’s “Download Endpoint Protection client-only patches and release notes” webpage here hasn’t yet been fully updated with the correct links to the corresponding release notes & fixes for this latest SEP build.

      Win8.1 Group B (Pro) [x64]
      Win7 Group B (Ultimate & Pro) [x64 & x86]
      MSOffice Pro Plus 2010 SP2 (x86 Perpetual)
      MSOffice Pro Plus 2013 SP1 (x64 Perpetual)
      RDRguy

    • #1952439 Reply

      anonymous

      Hi. Does anybody know, how the block was “removed” technically? Did it came with SEP definition updates?

      I’m wondering because my servers live in quite isolated environment, only WSUS has internet access to MS servers. So if my SEP version does not change, and WSUS rollup files do not change, then how the heck this blocking behaviour could be modified?

      • #1952451 Reply

        PKCano
        Da Boss

        I believe the removal of the block would NOT be through the definitions. It would be a program (engine) update to a later version or a patch that would change the version.

        Please check with the Norton/Symantec website for further information. The update could probably be downloaded and copied to the servers.

    • #1952495 Reply

      lmacri
      AskWoody Lounger

      Hi. Does anybody know, how the block was “removed” technically? Did it came with SEP definition updates?

      I’m wondering because my servers live in quite isolated environment, only WSUS has internet access to MS servers. So if my SEP version does not change, and WSUS rollup files do not change, then how the heck this blocking behaviour could be modified?

      See my post # 1924193. Norton users with a Win 7 SP1 OS were updated to Norton v22.18.0.222 (rel. 20-Aug-2019) to fix this problem, while Win 8.x and Win 10 users remained on v22.18.0.213 (rel. 29-Jul-2019).  Both those products have now been replaced by the latest v22.19.8.65 (rel. 13-Sep-2019).

      The SEP product updates for Win7 SP1 and Win Server 2008 R2 SP1 were released 27-Aug-2019, and version numbers are listed under “Solutions” at the bottom of the support article at Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed The FAQ refers to these updates as “SEP hotfixes.
      ———-
      32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Norton Security v22.15.2.22

      • This reply was modified 1 week ago by  lmacri. Reason: Clarified applicable OSs for SEP updates
      1 user thanked author for this post.
      • #1954042 Reply

        anonymous

        I have tested a few workstations with older SEP version, and somehow they now can correctly see August and later updates from WSUS. Nothing has changed on workstation, except fresh definitions daily. That’s why I raised that question.

        And the wording in Symantec article is confusing:

        <..>soft block was removed<..>

        Symantec will continue to maintain the safety of these updates via content, but in order to return the client’s ability to gather SHA-2 information on Microsoft signed files, we recommend that one of these upgrades be applied.

        For some reason, they don’t say directly that “in order to get new updates, you must upgrade SEP”. They just recommend and talk about some “blocks”.

        The following thread has some insights, but again, nothing clear, just suggestion that block initially came and later was lifted through WSUS metadata.

        https://www.symantec.com/connect/forums/issue-about-sha2-windows-update-situation#

         

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft removes the update block for August Win7 patches on Symantec/Norton systems

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.