News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Symantec fixes the SHA-2 patch problem for Win7

    Home Forums AskWoody blog Symantec fixes the SHA-2 patch problem for Win7

    This topic contains 25 replies, has 9 voices, and was last updated by  RDRguy 3 weeks, 5 days ago.

    • Author
      Posts
    • #1913369 Reply

      woody
      Da Boss

      Remember how Microsoft put in a block, preventing the Win7 August Patch Tuesday patches from installing on systems with Symantec Endpoint Protection?
      [See the full post at: Symantec fixes the SHA-2 patch problem for Win7]

      5 users thanked author for this post.
    • #1913372 Reply

      EP
      AskWoody_MVP

      both MS AND Symantec have not yet updated their support articles regarding any new software updates for Symantec Endpoint Protection, woody.

      the support article from Symantec regarding SHA-2 still remains with a date of Aug. 16:
      https://support.symantec.com/us/en/article.tech255857.html

      maybe Symantec will update their support article on Wed. the 21st

      • This reply was modified 1 month ago by  EP.
      • #1913391 Reply

        willygirl
        AskWoody Plus

        The article I just read does have a fix for the SHA-2 conflict.
        https://support.symantec.com/us/en/article.tech255857.html
        As follows –
        “SEP 14.2 RU1 MP1 (14.2.4814.1101) English is available for download via MySymantec. 14.2 RU1 MP1 Localized language versions are targeted for availability via MySymantec on August 21, 2019.

        Symantec is continuing to work on additional releases of Symantec Endpoint Protection to address this situation:

        14.2 RU1
        14.2 MP1”

        Win7 SP1 Home 64-bit

        • #1913884 Reply

          anonymous

          In their Question/Answer section at that Syamntec link provided:

          Question:

          “Will “X” version of SEP receive a hotfix?”

          Answer:

          “We are planning to deliver hotfix releases based off of 14.2 RU1 MP1, 14.2 RU1, and 14.2 MP1.”

          So I’ll wait for the hotfix and that come via Norton Security Suite’s updating functionality instead of having to sign-in and have to download and install that whole mess all over again.

          I still have not installed that Windows 7 July Security Only Update on any of my laptops and it’s still DEFOCN 2 at AW for the Aug 2019 problem patches and really Symantic had to have Known that MS was switching to SHA-2 only as that’s been stated for a good long time by MS/Others. And that whole Q and A part should have been included by the Press in any reporting for the Windows 7/Windows 2008 R2 updates that are only SHA-2 issue.

          Now all Symantic has to fix is their Norton Security Suite’s habit of taking over my system’s DEFRAG scheduling and a few other of its computer maintenance Tasks that I have explicitly turned off. Symantec needs to try and sell a Virus/Firewall Only variant for folks that do not want any Nagging Nanny-ware that can not have some features explicitly turned off and actually have those features actually stay Turned Off.

    • #1913413 Reply

      willygirl
      AskWoody Plus

      When I try to access the above link from my Win7 PC for the SHA-2 Symantec article at https://support.symantec.com/us/en/article.tech255857.html it does not have any updates listed as I’ve noted above in quotes from their site – And it shows “Last Updated August 16, 2019”. But when I’m on my Apple devices it does state the following, with a “Last Updated August 20, 2019” …

      “SEP 14.2 RU1 MP1 (14.2.4814.1101) English is available for download via MySymantec. 14.2 RU1 MP1 Localized language versions are targeted for availability via MySymantec on August 21, 2019.

      Symantec is continuing to work on additional releases of Symantec Endpoint Protection to address this situation:

      14.2 RU1
      14.2 MP1”

      What’s up with this? Before checking the same link I made sure to do a Live Update for the Win7 PC on my Norton AV, and it did show there was a patch. I’ve checked my “History” and it does not list a patch for the SHA-2 issue.

      Win7 SP1 Home 64-bit

      1 user thanked author for this post.
    • #1913423 Reply

      anonymous

      The communication from Symantec has been horrendous. Given the severity of the problem, one would expect better treatment of their customers. I hope this isn’t an indication of things to come now that Symantec is in disarray (sale of enterprise division, LifeLock consumer, etc).

      In this case, I don’t blame Microsoft. They provided sufficient advance notice of SHA2 changes and Symantec should have been better prepared to deal with it. Why they are not communicating with their customer base is beyond me.

      Symantec Forum – Is it safe to install August 2019 Windows 7 update??
      community.norton.com/en/forums/it-safe-install-august-2019-windows-7-update

      Windows 7 SP1 August Windows Update not available to some Norton customers
      support.norton.com/sp/en/us/home/current/solutions/v133892938

      Symantec/Norton blocks Windows Updates (Born)
      borncity.com/win/2019/08/14/symantec-norton-blocks-windows-updates-sha-2/

      Microsoft: August 13, 2019—KB4512486 (Security-only)
      support.microsoft.com/en-us/help/4512486/

      A bit off-topic, but I apologize to Group B for not releasing findings regarding telemetry from last month’s security only debacle (KB4507456). I had an unexpected medical emergency that resulted in surgery (things happen when you get old).

      Keep the faith people. Win 7 is still the best consumer OS ever created.

      – Carl – (aka CA)

      Edit for content, please stay on topic.

      2 users thanked author for this post.
      • #1913910 Reply

        willygirl
        AskWoody Plus

        The communication from Symantec has been horrendous. Given the severity of the problem, one would expect better treatment of their customers. I hope this isn’t an indication of things to come now that Symantec is in disarray (sale of enterprise division, LifeLock consumer, etc).

        I understand all the frustration. For whatever reason Symantec has, to have been on the jagged edge of compatibility with MS for the SHA-2, I still respect their reputation of high performance in AV protection. I’ve had Norton for many years and was with them when they were trying to iron out all the kinks, from slo-mo performance issues to hogging resources. I do believe they’ve become a great company in device protection, especially where the PC is concerned. This has been just another mishap in our world of crazy communication amongst the corporate conglomerate. I will stay a Norton consumer for the security of my devices as long as they continue to offer excellent protection.

        Win7 SP1 Home 64-bit

      • #1913906 Reply

        anonymous

        From the first link that you listed from, Sunil_GA AdminAdministrator30 this was posted in that Symantec forum:

        ” Posted: 20-Aug-2019 | 12:27PM • Permalink

        Hi Everyone,

        Norton Security 22.18.0.222 has been released targeting Windows 7 SP1 customers with Norton 22.18.0.213 installed. This build fixes the Norton installation issue on Windows 7 machines. Once this patch is applied, Windows 7 customers can apply the latest Windows Update patch.

        Note: This is a throttled release. The version change is for Windows 7 users ONLY

        Sunil_GA | Norton Forums Administrator | Symantec Corporation “

        So I ran My Norton Security Suite’s LiveUpdate and received the update(140MB or so in size) and rebooted just to be safe and that brought my software to version 22.18.0.222 and has the SHA-2 fixes(Hopefully) applied.

        1 user thanked author for this post.
    • #1913425 Reply

      anonymous

      Sorry, but I should have mentioned that the Norton update (consumer) will not be available to everyone immediately.

      Symantec policy is to release rolling updates. This means that updates are released in stages. It may be a few days or longer before the update appears in Live Update. Why? This mitigates the damage caused should the update prove to be problematic.

      Even if you do receive the update, it would be wise to follow Woody’s and Sue’s advice regarding application of this month’s patches. Keep in mind that some people here have machines that we can sacrifice for testing purposes. Personally, I am not going to apply Group B patches to my daily driver yet, but will do so on some sacrificial lambs.

      – Carl –

      1 user thanked author for this post.
      • #1914086 Reply

        KWGuy
        AskWoody Plus

        If history is any guide, folks who have their Norton AV through Comcast/Xfinity will be among he last to receive this “rolling” update!  At least that has been my experience.

        • #1915012 Reply

          anonymous

          I have that ISP and I ran Norton’s live update is received the fix on Aug 21st. Comcast’s version is just some cosmetic branding with roughly the same features enabled as the regular versions of Norton Security Suite.

          I really wish that Comcast would get Symantec to issue a Firewall/Virus only edition of Norton like was available in the past without all that other unnecessary functionality that most folks do not want or need.

    • #1913439 Reply

      ClearThunder
      AskWoody Lounger

      I got my Norton 360 updates today. The ‘big one’ (137MB) and two smaller 2-3MB ones that followed up a few hours later.  Had to reboot after the first one.  Running Win7 Pro and no (appearent) issues.

      1 user thanked author for this post.
      • #1913440 Reply

        willygirl
        AskWoody Plus

        I also had a 137 mb update and with it listing there was a Patch. I figured this would all have shown up in my History as the SHA-2 Patch etc. but nothing listed as such. And I fully expected a Reboot but that didn’t happen. So I rebooted anyway to see if maybe the patch would show up in History. Nothing came up but the normal Norton updates. Maybe tomorrow. And I’ll update everybody once something worthwhile happens.

        I meant to add that I have not Checked for Updates in WU. I’m waiting to get a better picture of what Symantec will do with their SHA-2 Patch once it hits my Win7 PC. And of course I won’t be checking or running updates for the Win7 until the DEFCON level hits a higher number.

        Win7 SP1 Home 64-bit

        • #1913455 Reply

          anonymous

          I was monitoring two computers on the same network. One received the Norton update (“Apply Now”/”Apply Later”) today while the other did not. This is not uncommon. I’ve seen a delay of up to 3 days on more than one occasion for large updates. Symantec is smart enough to not auto update all machines on the same network at the same time.

          I always click “Apply Later” since Norton has messed up my gadgets in the past. I then rebooted the machine. The Norton update installed upon reboot and showed up in history as “LiveUpdate Sessions Completed” with no indication this was the SHA-2 fix.

          Windows Update then did it’s update check and listed the August KB4512506 rollup as available for download/installation. The other computers on the network without the new Norton fix still have KB4512506 blocked (hidden) by Microsoft.

          Oddly, one Norton employee claimed they are doing the fix without Microsoft’s help. I find this hard to believe however.

          I’ve encountered no problems with the patched computer, but I have not applied any MS Group B patches yet.

          – Carl –

          1 user thanked author for this post.
    • #1913488 Reply

      willygirl
      AskWoody Plus

      Did a check for WU and KB4512506 August Monthly Rollup, KB4474419 August SHA-2 update KB890830 MSRT are showing up. All is good. It seems Norton did in fact download/install the SHA-2 fix awhile ago like I had thought initially. The update was 137MB. Had been in doubt it was installed because the PC never went through a required reboot. Now waiting for Woody to raise the Defcon level. Thanks for all the comments here, it helped get me back on track.

      Win7 SP1 Home 64-bit

      1 user thanked author for this post.
    • #1913516 Reply

      anonymous

      W7 32 Starter.
      Adopting a Cavalier Attitude.
      I installed the latest Norton Security version, and all the WU auto & manual updates, I could find.
      Exists MS WU 14/08. KB890830, KB4474419, KB4512506.
      Installed MS WU 20/08. KB4503548, KB4512514, KB4512193, KB4517297, KB4512193

      Currently, all is, OK.

      ps. Expendable. The machine is so slow, a box of snails could crunch numbers quicker.
      January 2020, ain’t too far away, the EOL-4-W7 ?
      pps. Not so Cavalier with my W7 64 Daily Driver. Updating with Caution.

    • #1913575 Reply

      anonymous

      Should we run the LIVE UPDATE every day until we get the new update or should we just wait a week or so and then do a LIVE UPDATE?

      • #1913604 Reply

        PKCano
        Da Boss

        The update needs to be applied to your Norton products before you try to update Windows using Windows Update. So you will need to run Live Update sometime before that. How often you run Live Update is up to you.

        We are still at DEFCON 2, which means wait to update Windows.

      • #1914144 Reply

        anonymous

        Hopefully some other Norton users will report back on any of their post Norton SHA-2 patching successes/failures, once that required Symantec/Norton patching has been completed and then after they have installed the Windows 7 Aug 2019 KBs.

        I’m still waiting for DEFCON-2 to go higher for the other NON-Symantec related issues to be resolved.

    • #1913613 Reply

      anonymous

      Received the update yesterday on my Win 7 and all the Aug. updates are now showing up. Just waiting on the DEFCON to raise.  Did not receive any updates on my Win 10 PC. I’m going to assume that a new version for Win. 10 will follow.

      • #1913632 Reply

        jabeattyauditor
        AskWoody Lounger

        Received the update yesterday on my Win 7 and all the Aug. updates are now showing up. Just waiting on the DEFCON to raise.  Did not receive any updates on my Win 10 PC. I’m going to assume that a new version for Win. 10 will follow.

        This specific Symantec issue was confined to Windows 7/Server 2008R2; you won’t see additional Windows 10 patches queued for installation as a result of an updated Symantec endpoint.

        • #1913661 Reply

          anonymous

          I would expect Win. 10 to get an updated version minus the Win. 7 fix, if for no other reason, other than to keep the version numbers in sync.

          • #1916838 Reply

            EP
            AskWoody_MVP

            what version of Win10 are you using?
            if running Win10 v1903, you won’t receive any new fixes until end of August

            read the FAQ in this Symantec article.

            Will this issue impact Windows 2012, 8.1, and 2012 R2 on September 10th, 2019?

            No. Operating Systems that are Windows 8 or greater load a different Symantec component which already supports evaluation of SHA-2 signatures.

    • #1916836 Reply

      EP
      AskWoody_MVP

      Symantec support article updated FRI Aug. 23 again:
      https://support.symantec.com/us/en/article.tech255857.html

      only SEP 14.2 RU1 MP1 and SEP 14.2 MP1 versions of Symantec Endpoint Protection (SEP) have the SHA-2 fixes. only 14.2 RU1 (w/out MP1) is the only version w/out the fix

      2 users thanked author for this post.
    • #1922694 Reply

      RDRguy
      AskWoody Lounger

      Symantec support article was updated today, Tue Aug. 27 with the following statement:

      Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection.

      Microsoft KB4512506/KB4512486 and future updates can be safely installed and the soft block was removed on August 27th, 2019.

      Symantec will continue to maintain the safety of these updates via content, but in order to return the client’s ability to gather SHA-2 information on Microsoft signed files, we recommend that one of these upgrades be applied:

      SEP 14.2 RU1 MP1 (14.2.4814.1101) has been certified and is available for download via MySymantec.

      SEP 14.2 RU1 (14.2.3357.1000) has been certified and is available upon request through Symantec Technical Support.

      SEP 14.2 MP1 (14.2.1057.0103) has been certified and is available upon request through Symantec Technical Support.

      Reference:
      https://support.symantec.com/us/en/article.tech255857.html

      Microsoft also updated their Aug 13 update articles today for KB4512506 (Monthly Rollup) & KB4512486 (Security-only update) with the following statement:

      The safeguard hold has been removed. Symantec has completed its evaluation of the impact of this update and future updates to Windows 7 and Windows 2008 R2. Symantec has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection and Norton antivirus programs. See the Symantec support article for additional details and please reach out to Symantec or Norton support if you encounter any issues.

      Reference:
      https://support.microsoft.com/en-us/help/4512506

      https://support.microsoft.com/en-us/help/4512486

      Now the real question is, was there ever any problem with Symantec Endpoint Protection not being able to properly handle the Windows 7 SHA-2 updated files.

      I’ll soon find out as one of my Win7 systems is still running Endpoint Protection version 12.1 RU6 MP10 (12.1.6.7454.7000).

      I’ll give it a try after a full backup & of course DEFCON 3 🤞

      Win8.1 Group B (Pro) [x64]
      Win7 Group B (Ultimate & Pro) [x64 & x86]
      MSOffice Pro Plus 2010 SP2 (x86 Perpetual)
      MSOffice Pro Plus 2013 SP1 (x64 Perpetual)
      RDRguy

      • This reply was modified 3 weeks, 5 days ago by  RDRguy.
      1 user thanked author for this post.
    • #1922716 Reply

      RDRguy
      AskWoody Lounger

      Confirmation that Microsoft withdrew their hold on the Aug 2019 Windows 7 rollup & security updates on my system having Symantec Endpoint Protection installed is depicted below …

      Aug 2019 Win7 Updates

      Win8.1 Group B (Pro) [x64]
      Win7 Group B (Ultimate & Pro) [x64 & x86]
      MSOffice Pro Plus 2010 SP2 (x86 Perpetual)
      MSOffice Pro Plus 2013 SP1 (x64 Perpetual)
      RDRguy

      Attachments:
      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Symantec fixes the SHA-2 patch problem for Win7

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.