Symantec updates blocked by date-stamp bug

Symantec Endpoint Protection has been affected by a glitch that means enterprise customers are unable to use malware definitions dated 2010
Written by Tom Espiner, Contributor

Symantec is grappling with a date-stamp problem that has seen all its security updates dated 2010 rejected by its own servers.

Updates released after 31 December, 2009 are considered out of date by Symantec's systems, which do not recognise the year 2010, the company said in a forum post on Monday.

The problem affects Symantec's flagship enterprise Endpoint Protection Manager product, as well as Endpoint Protection v11.x and Symantec Endpoint Protection Small Business Edition v12.x.

"An issue has been identified in the Symantec Endpoint Protection Manager (SEPM), whereby SEP definition content with a date later than 31 December, 2009 is considered to be 'out of date' by the management server," Symantec said in a statement on Tuesday.

All types of Symantec Endpoint Protection definitions dated after 31 December, including antivirus, antispyware and intrusion-protection system updates, are considered invalid by the company's servers.

The company has come up with a workaround by releasing updates that display a date of 31 December, but that carry increasing revision numbers. Symantec pushes out between 10,000 and 25,000 definitions per day, depending on the number of threats encountered. Symantec is working on a full solution and will inform customers of developments, according to the company's forum post.

One complication affects customers who are running Symantec Network Access Control with Host Integrity configured to check definitions of client devices entering the network. The HI check will not work because of the date-recognition issue, said Symantec.

A workaround for NAC customers who want accurate reports on endpoint protection clients that have out-of-date definitions is to use the NAC management console to statically set the minimum allowed definition date to 30/12, Symantec advised.

In a support document published on Sunday, the company identified other complications that may affect enterprise customers. These include end users not receiving certain alerts, issues with the SEPM console, and possibly erroneous SEPM notifications being sent out.

New definitions will be posted once a day, Symantec director of product management for SEP, Jim Waggoner, wrote in a forum discussion on Monday.

Details on the number of customers faced with the datestamp issue were not available at the time of writing. However, Symantec said that all of its SEP customers had been affected.

The glitch also applies to Symantec's consumer products, the company said in a separate statement on Tuesday. Norton Internet Security, Norton 360, Norton AntiVirus, Symantec AntiVirus, Symantec Client Security, and other products, were hit by the problem on 1 January. The issue was resolved for consumer customers on 2 January, according to Symantec.

Editorial standards