Symantec updates blocked by date-stamp bug

Summary:Symantec Endpoint Protection has been affected by a glitch that means enterprise customers are unable to use malware definitions dated 2010

Symantec is grappling with a date-stamp problem that has seen all its security updates dated 2010 rejected by its own servers.

Updates released after 31 December, 2009 are considered out of date by Symantec's systems, which do not recognise the year 2010, the company said in a forum post on Monday.

The problem affects Symantec's flagship enterprise Endpoint Protection Manager product, as well as Endpoint Protection v11.x and Symantec Endpoint Protection Small Business Edition v12.x.

"An issue has been identified in the Symantec Endpoint Protection Manager (SEPM), whereby SEP definition content with a date later than 31 December, 2009 is considered to be 'out of date' by the management server," Symantec said in a statement on Tuesday.

All types of Symantec Endpoint Protection definitions dated after 31 December, including antivirus, antispyware and intrusion-protection system updates, are considered invalid by the company's servers.

The company has come up with a workaround by releasing updates that display a date of 31 December, but that carry increasing revision numbers. Symantec pushes out between 10,000 and 25,000 definitions per day, depending on the number of threats encountered. Symantec is working on a full solution and will inform customers of developments, according to the company's forum post.

One complication affects customers who are running Symantec Network Access Control with Host Integrity configured to check definitions of client devices entering the network. The HI check will not work because of the date-recognition issue, said Symantec.

A workaround for NAC customers who want accurate reports on endpoint protection clients that have out-of-date definitions is to use the NAC management console to statically set the minimum allowed definition date to 30/12, Symantec advised.

In a support document published on Sunday, the company identified other complications that may affect enterprise customers. These include end users not receiving certain alerts, issues with the SEPM console, and possibly erroneous SEPM notifications being sent out.

New definitions will be posted once a day, Symantec director of product management for SEP, Jim Waggoner, wrote in a forum discussion on Monday.

Details on the number of customers faced with the datestamp issue were not available at the time of writing. However, Symantec said that all of its SEP customers had been affected.

The glitch also applies to Symantec's consumer products, the company said in a separate statement on Tuesday. Norton Internet Security, Norton 360, Norton AntiVirus, Symantec AntiVirus, Symantec Client Security, and other products, were hit by the problem on 1 January. The issue was resolved for consumer customers on 2 January, according to Symantec.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.