About the Symantec Root Certificate expiration in 2011

Article:TECH97817  |  Created: 2009-01-01  |  Updated: 2013-10-26  |  Article URL http://www.symantec.com/docs/TECH97817
Article Type
Technical Solution


Issue



An older Symantec root certificate, SymRoot1, will expire on April 30, 2011. With an expired certificate, older LiveUpdate clients would no longer authenticate, download, or install content such as AntiVirus definitions or product updates. 

 


Solution



To allow customers additional time to plan migrations, Symantec has introduced a workaround that allows LiveUpdate to continue to successfully authenticate valid content from Symantec through July 4, 2013. Note that after your product version reaches its End of Support Life, definitions may not be available after that time. We  recommend that you periodically check our website by first selecting your product, then clicking on "release details," for information with respect to the dates of End of Life and End of Support Life for your specific Licensed Software.

In addition, a newer Symantec root certificate, SymRoot2, will expire on August 23, 2020.  Newer Symantec products and recently patched products are compatible with SymRoot2.   All customers utilizing SymRoot1-based products are recommended to upgrade to SymRoot2-based products.

What is the impact of using SymRoot1 definitions after the certificate expiration?
The product will continue to download and install new updates, such as AntiVirus definitions and product updates.  You do not need to do anything to continue to receive definitions for these products after the certificate expiration, but you are encouraged to upgrade to a version that supports SymRoot2 as soon as feasible.

Will products without SymRoot2 support still be able to use Intelligent Updater or Rapid Release to update definitions?
Yes, Intelligent Updater and Rapid Release definition packages will be signed by both SymRoot1 and SymRoot2.

Which products are affected?
The following table shows which product versions support SymRoot2 in green, which product versions will continue to receive SymRoot1 definitions after the certificate expiration in orange, and which product versions require an upgrade in red.

Product

Version

Status

Action Needed

AntiVirus Corporate Edition

10.1 MR 10

SymRoot2 Support

None

AntiVirus Corporate Edition

10.x

SymRoot1 Support

Upgrade recommended

AntiVirus for Linux

MR 10

SymRoot2 Support    

None

AntiVirus for Linux

MR 9 and earlier

SymRoot1 Support

Upgrade recommended

AntiVirus for Macintosh

10.x

SymRoot1 Support

Upgrade Recommended

AntiVirus for Network Attached Storage 5.2.8 and later SymRoot2 Support None
AntiVirus for Network Attached Storage 5.2.5 and earlier

SymRoot1 Support

   Upgrade recommended

Brightmail Gateway

7.7 and later

SymRoot2 Support

None

Brightmail Gateway

5.x through 7.6

SymRoot1 Support

Upgrade recommended

Brightmail Message Filter

All

Does not use SymRoot

None

Client Security

3.1 MR 10

SymRoot 2 Support

None

Client Security

3.x

SymRoot1 Support

Upgrade recommended

Endpoint Protection

12.0 / 11.0

SymRoot2 Support    

None

Enterprise Security Manager

10.x

SymRoot2 Support

None

Enterprise Security Manager

9.x and later

SymRoot2 Support with LiveUpdate 3.3

Update to Windows LiveUpdate 3.3

Enterprise Security Manager

6.5.x

No updates after 4/30/11

Upgrade required

IM Manager

8.4.1.16

SymRoot2 Support

None

IM Manager

Prior to 8.4.1.16

SymRoot1 Support

Upgrade recommended

LiveUpdate Administrator

2.x

SymRoot2 Support

None

LiveUpdate Administration Utility

1.5

SymRoot1 Support

Upgrade recommended

Mail Security for Domino

8.0.5 and later

SymRoot2 Support

None

Mail Security for Domino

8.0, 8.01, 8.02, 8.03

SymRoot1 Support

Upgrade recommended

Mail Security for Domino

7.5

SymRoot2 Support

None

Mail Security for Domino

5.x

SymRoot1 Support

Upgrade recommended

Mail Security for Domino MPE

3.2

SymRoot1 Support

Upgrade or Java LiveUpdate patch recommended

Mail Security for Exchange

6.5

SymRoot2 Support

None

Mail Security for Exchange

6.0.x

SymRoot2 Support

None

Mail Security for Exchange

5.0.x

SymRoot1 Support

Upgrade recommended

Mail Security for Exchange

4.6

SymRoot1 Support

Upgrade recommended

Mail Security for SMTP

5.x

SymRoot1 Support

Upgrade recommended

Protection for Sharepoint

5.1.4 and later

SymRoot2 Support

None

Protection for Sharepoint

5.1.3 and earlier SymRoot2 Support    Upgrade recommended

Scan Engine

5.2.8

SymRoot2 Support

None

Scan Engine

5.2.7 and earlier

SymRoot1 Support

Upgrade recommended

Security Information Manager

4.7 MP3

SymRoot2 Support

None

Security Information Manager

4.7.2 and earlier

No updates after 4/30/11

Java LiveUpdate upgrade required

My product version will not be updated.  How do I upgrade?
If possible, Symantec recommends that you upgrade to a version that supports SymRoot2.  SymRoot2 compatible products appear in green in the table above.  You can download the latest version of your product from
File Connect or from the Business Critical Services Web site.

For some products, you may need to apply patch instead of upgrading.  Please refer to the following links for more information to assist you with migration.

Endpoint Protection/ AntiVirus Corporate Edition

·          Endpoint Security Migration and Installation

·          Symantec Endpoint Protection 11.0 Frequently Asked Questions

·          Migration paths for Symantec Endpoint Protection 11.0

AntiVirus for Linux
How to obtain the latest release of Symantec AntiVirus for Linux

AntiVirus for Macintosh
Symantec recommends that you upgrade to Endpoint Protection for Macintosh to receive SymRoot2-signed content. 

Brightmail Gateway (formerly Mail Security 8300/8200 Series)
How to upgrade a Symantec Mail Security Appliance or Symantec Brightmail Gateway to its latest release

Enterprise Security Manager
If you use Enterprise Security Manager 9.x, download and run the installer for
LiveUpdate 3.3.  If you are upgrading to a new version of Enterprise Security Manager, follow the installation guide for your version on the Enterprise Security Manager Documentation page.

IM Manager
How to upgrade IM Manager to a newer version

Mail Security for Domino

Mail Security for Domino Multi-Platform Edition
If you use Mail Security 3.2 for Domino Multi-Platform Edition, your product can continue to download SymRoot1 definitions after certificate expiration; however, you are encouraged to apply a Java LiveUpdate patch to update your product to be SymRoot2 compatible.  For directions, read
Patching Symantec Mail Security 3.2 for Domino Multi-Platform Edition for SymRoot2 compliance.

Mail Security for Microsoft Exchange


Mail Security for SMTP
Migrating from Symantec Mail Security for SMTP to Symantec Brightmail Gateway

Scan Engine
How to Upgrade to Scan Engine 5.2
Note:  Scan Engine connector products do not download virus definitions on their own. Ensure that your version of Scan Engine is compliant. 

Security Information Manager
The SymRoot2-compliant version of Security Information Manager 4.7 MP3 is now available and can be downloaded from File Connect.  Before you upgrade, read Best practices before updating or upgrading your Symantec Security Information Manager environment.

Java LiveUpdate upgrade patches will also be made available for customers who run Security Information Manager version 4.5, 4.6 and earlier versions of 4.7, Symantec Event Agent 4.7, SSIM Agent 4.5, and SESA Agent 2.5.2. For details, read Download Security Information Manager Java LiveUpdate Upgrade Patch.



Legacy ID



2009120112323448


Article URL http://www.symantec.com/docs/TECH97817


Terms of use for this information are found in Legal Notices