Symantec updates blocked by date-stamp bug

Symantec updates blocked by date-stamp bug

Summary: Symantec Endpoint Protection has been affected by a glitch that means enterprise customers are unable to use malware definitions dated 2010

TOPICS: Security

Symantec is grappling with a date-stamp problem that has seen all its security updates dated 2010 rejected by its own servers.

Updates released after 31 December, 2009 are considered out of date by Symantec's systems, which do not recognise the year 2010, the company said in a forum post on Monday.

The problem affects Symantec's flagship enterprise Endpoint Protection Manager product, as well as Endpoint Protection v11.x and Symantec Endpoint Protection Small Business Edition v12.x.

"An issue has been identified in the Symantec Endpoint Protection Manager (SEPM), whereby SEP definition content with a date later than 31 December, 2009 is considered to be 'out of date' by the management server," Symantec said in a statement on Tuesday.

All types of Symantec Endpoint Protection definitions dated after 31 December, including antivirus, antispyware and intrusion-protection system updates, are considered invalid by the company's servers.

The company has come up with a workaround by releasing updates that display a date of 31 December, but that carry increasing revision numbers. Symantec pushes out between 10,000 and 25,000 definitions per day, depending on the number of threats encountered. Symantec is working on a full solution and will inform customers of developments, according to the company's forum post.

One complication affects customers who are running Symantec Network Access Control with Host Integrity configured to check definitions of client devices entering the network. The HI check will not work because of the date-recognition issue, said Symantec.

A workaround for NAC customers who want accurate reports on endpoint protection clients that have out-of-date definitions is to use the NAC management console to statically set the minimum allowed definition date to 30/12, Symantec advised.

In a support document published on Sunday, the company identified other complications that may affect enterprise customers. These include end users not receiving certain alerts, issues with the SEPM console, and possibly erroneous SEPM notifications being sent out.

New definitions will be posted once a day, Symantec director of product management for SEP, Jim Waggoner, wrote in a forum discussion on Monday.

Details on the number of customers faced with the datestamp issue were not available at the time of writing. However, Symantec said that all of its SEP customers had been affected.

The glitch also applies to Symantec's consumer products, the company said in a separate statement on Tuesday. Norton Internet Security, Norton 360, Norton AntiVirus, Symantec AntiVirus, Symantec Client Security, and other products, were hit by the problem on 1 January. The issue was resolved for consumer customers on 2 January, according to Symantec.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Symantec Rubbish

    I despair at how a company like Symantec gets away with charging for their products. I have never found a single computer with any version of their anti-virus software that didn't eventually slow to a crawl that was only fixed by removing the entire Symantec software list from the computer and in some cases using a Symantec tool to remove all hints of it from the registry.

    And their practise of getting included with motherboard driver disks or on new machines made by large companies only to run out in 90 days thus forcing most gullable end users to get their credit cards out infuriates me no end. And this for a product which my actual experience of has only ever been negative - it looks like a load of old cod to me. The trouble is that lots of folk think this is a reputable company, perhaps harking back to the days when floppy disks were floppy and Norton Disk Doctor was the best investment one could make. I once wrote a <A HREF=",1000000567,10014507o-2000673651b,00.htm">blog about the effect of seeming experts spewing unresearched rubbish</A> for general consumption. Symantec are in a similar position. Because people see their software in all sorts of places, they think it's got to be good.

    Do their software engineers not have any pride? Can't they do basic regression testing? Those are questions that'll remain unanswered as long as Symantec remain as they are and closed-source.
    Fat Pop Do Wop
  • Too Right

    Pop - I have had exactly the same experience as you with Symantec products. There was someone on here a year or so ago, posting comments to any and all Symantec criticism, saying that they had seen the error of their ways, the new versions were much better, more stable, not resource hogs, blah, blah, blah... I have neither seen nor heard any independent confirmation of such claims, so my opinion remains unchanged.