Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

OFFICIAL STATUS: SEPM Definitions stay at 31-12-2009 (LAST UPDATED: 28-FEB-2010)

Created: 04 Jan 2010 • Updated: 19 Aug 2010 | 24 comments
Paul Murgatroyd's picture

Update 28-FEB-2010

Previously Symantec communicated that 2009 dated definition content would no longer be available as of Sunday, February 28th.  Due to a minority of customers still relying on these definitions, a decision has been made to continue posting these definitions three times per week until Saturday, March 13th.  After this date no new 2009 definition content will be made available. 

It is imperative that customers still deploying 2009 dated definitions make plans to immediately apply the patch to avoid leaving systems in an unprotected state.  Customers running Symantec Endpoint Protection should confirm that all SEPMs are patched, either automatically via LiveUpdate or manually in order to continue to receive current definition content. 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Update 16-JAN-2010

The SEPM patch for the RTM, MR1, MR1MP1, MR2, MR2MP1, and MR2MP2. have been posted to the LU servers. WIth this update all GA versions of SEP that have been released since September 2008 have a patch available for them. That list includes the following versions:

 

 

Symantec Endpoint Protection Product version

SEPM component version

Symantec Endpoint Protectoin 11 Release to Manufacturer (RTM) - 11.0.776.942 11.0.780.942
Symantec Endpoint Protection 11 Maintenance Release 1 (MR1) - 11.0.1000.1375 11.0.1000.1049
Symantec Endpoint Protection 11 Maintenance Release 1 Maintenance Patch 1 (MR1 MP1) 11.0.1006.103 11.0.1006.106

Symantec Endpoint Protection 11 Maintenance Release 2 (MR2)  11.0.2000.1567

11.0.2000.1213

Symantec Endpoint Protection 11 Maintenance Release 2 Maintenance Patch 1 (MR2MP1)   11.0.2010.25

11.0.2010.17

Symantec Endpoint Protection 11 Maintenance Release 2 Maintenance Patch 2  (MR2MP2)   11.0.2020.56

11.0.2020.26

Symantec Endpoint Protection 11 Maintenance Release 3 (MR3) - 11.0.3001.2224

11.0.3001.1106

Symantec Endpoint Protection 11 Maintenance Release 4 (MR4) - 11.0.4000.2295

11.0.4000.1171

Symantec Endpoint Protection 11 Maintenance Release 4 Maintenance Patch 1 (MR4MP1) - 11.0.4010.19

11.0.4010.17

Symantec Endpoint Protection 11 Maintenance Release 4 Maintenance Patch 1a (MR4MP1a) - 11.0.4014.26

11.0.4010.17 (same as MP1)

Symantec Endpoint Protection 11 Maintenance Release 4 Maintenance Patch 2 (MR4MP2) - 11.0.4204.75

11.0.4204.73

Symantec Endpoint Protection 11 Release Update 5 (RU5) - 11.0.5002.333

11.0.5002.282

 

Previously Symantec communicated that 2009 dated definition content would no longer be available as of Sunday, February 28th. Due to a minority of customers still relying on these definitions, a decision has been made to continue posting these definitions three times per week until Saturday, March 13th. After this date no new 2009 definition content will be made available. 
 
It is imperative that customers still deploying 2009 dated definitions make plans to immediately apply the patch to avoid leaving systems in an unprotected state. Customers running Symantec Endpoint Protection should confirm that all SEPMs are patched, either automatically via LiveUpdate or manually in order to continue to receive current definition content. 

---------------------------------------------------------------------------------------------------------------------------------

 


 


For those who have SEPM's which do not have access to LiveUpdate the manual fix tool is also available for download from the KB referenced. If you need instructions view this video highlighting the manual patch. https://www-secure.symantec.com/connect/downloads/sepm-patch-definition-issue -

Please refer to the following KB document for details regarding this issue if you need to download the manual patch.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348

 

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348

***** In particular, if you use LiveUpdate Administrator and the following critieria are true:

  1. The SEPM is configured to download updates through LUA instead of Public LiveUpdate
  2. SEP Clients are configured to download updates from their SEPM.

then please ensure you read the following KB: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010901022848

-----------------------------------------------------------------------------------------------------------------------------------------------------

An issue has been identified in the Symantec Endpoint Protection Manager (SEPM) server whereby all types of SEP definition content [AV/AS, IPS] with a date greater than December 31, 2009 11:59pm are considered to be “out of date”.

  1. The SEPM is configured to download updates through LUA instead of Public LiveUpdate
  2. SEP Clients are configured to download updates from their SEPM.

Then PLEASE ensure you read the following KB: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010901022848

Customers running SEP are still protected, and we are continuing to release updated definitions as normal.  However, for the time being, SEP definitions will display a date of December 31, 2009, with increasing revision numbers.

        AVDate1.jpg

         AVDate2.jpg

Symantec is working on a solution and will update customers when a solution becomes available.

IMPORTANT: This issue does not impact any other enterprise products (e.g. SAV or SCS) or consumer products.

For further information please see Symantec KB:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348

Impacted Products:

  • Symantec Endpoint Protection v11.x Product Line
  • Symantec Endpoint Protection Small Business Edition v12.x Product Line

For those customers also running NAC who have Host Integrity configured to check their clients definitions, this issue will cause the HI check to fail.  The following options are available to you:
 

  • To more accurately, for now, report on SEP clients that are genuinely behind on AV/AS defs, statically set the min allowed def date to be 30/12, so anything older than this fails HI.

         HICheck1-2.jpg

  • Disable the HI check on definition date

  • For the specific AV/AS definition date check, you could temporarily check the box to “allow HI to pass even if it fails”, so you can still log and report centrally on HI results

        HICheck2.jpg

This discussion will remain locked and serve as the official status post for this issue.  It will be updated by Symantec Employee's with the latest information.


If you wish to discuss the issue further, please use the following post: https://www-secure.symantec.com/connect/forums/sepm-update

 

Symantec Endpoint Protection Engineering has completed their testing of the MR3 patch.  We are posting the patch for MR3 and expect it to go live and be available for download within the next few hours.

 In preparation of the first patch being released, please review the KB document for this issue.  There are a number of conditions customers will need to keep in mind depending on their specific situation.  The KB document can be located at: 

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348

REMINDER: DO NOT downgrade from newer versions of SEPM to get this patch. We will be posting patches over the next week or so.

I will post another message once the patch is confirmed to be live on the LiveUpdate server.

Update 12-Jan-2010

Our Symantec Endpoint Protection Engineering team is continuing to work around the clock on the patch to resolve the SEPM definition issue.  In the meantime, two different sets of definitions will be made available for SEP.  A certified December 31st, 2009 dated definition set will be released three times a day and a certified 2010 definition set will be released 3x times a day for SEP Clients to download directly from LiveUpdate.

Comments 24 CommentsJump to latest comment

Paul Murgatroyd's picture

Updated 07-JAN-2010

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Paul Murgatroyd's picture

Updated 08-JAN-2010

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Paul Murgatroyd's picture

Updated 09-JAN-2010

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Paul Murgatroyd's picture

Updated 10-JAN-2010, please do read if you are using LiveUpdate Administrator

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Paul Murgatroyd's picture

Updated 12-JAN-2010

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

JimW's picture

Posted Update when MR3 went live.

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

cosp's picture

I was trying to subscribe to this post on subscriptions last down on this page, is that the wrong way?

Vikram Kumar-SAV to SEP's picture

 @cosp -- That is the right way..I think this thread has been un-locked so that people and subscribe to it.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Paul Murgatroyd's picture

Updated 13-JAN-2010, added latest 2009 virus definition version

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Paul Murgatroyd's picture

You should still be able to subscribe to the first thread in this post, even when its locked.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Hear4U's picture

Want to make sure those who subscribed receive the latest info:

A patch that enables MR3 SEPM to download content dated 2010 has successfully posted to our LiveUpdate servers.  Customers who have manually configured their SEPM to not download the patch via LU can apply the patch manually using a standalone tool.  For more information about the issue and the patch, please see the following KB document:
 
 
In addition to technical information about the issue, the document will be updated regularly to contain a list of all fixed builds (currently only MR3) and a link to the standalone tool.  The document has been updated for the MR3 patch.

check out the community at www.infoblox.com/community

Paul Murgatroyd's picture

Updated 15-JAN-2010, added RU5 patch details

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

JimW's picture

Updated with MR4MP2 patch info.

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

Paul Murgatroyd's picture

updated with MR4 and MR4 MP1/a patch info

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

JimW's picture

Updated with MR2, MR2MP1 and MR2MP2 information.

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

AL76's picture

MR1 and RTM version has been posted.

Alan Lee

Sr Manager, Regional Product Management, APJ

Enterprise Security, Mobility & Management

JimW's picture

Updated to include RTM, MR1, MR1MP1

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

Subhani's picture

Hi , I am using SEPM 11 MR4MP1A ( 11.0.4014.26) . I have applied the patch manually on my SEPM .I have also updated it from our Internal Liveupdate Server and the content catalog file is updated however it is not showing the Latest Release as it should show .How can I verify if the patch is applied correctly and what could be wrong .
sepm1.JPG

All my Clients are configured to get updates from SEPM as well as liveupdate server so the clients show the latest Definition however SEPM is not able to publish them yet .

LUdownloads.JPG

Any Suggestions .

ellegi2's picture

How to download manual patch?

Some one have any idea to download the manual patch? 

if i click patch link on  http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010011512020748,  It doesn't work and brorwser Tell "page not found".

Where i can find a working link??

Thanks 

Luca  

roberta's picture

Good Day Luca,

I have just tried the given ftp link & it's working OK.

Best Regards,
Roberta

Greetings from The Land Downunder

ellegi2's picture

 I try link with internet explorer (Previously i used firefox and chrome), and it works well. 

Thanks.

pg23db's picture

Hi,

As mentioned by Roberta, it is a ftp link and some times in browers ftp links misbehave.
I did not have any issue downloading patch for maual download from following page http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010011512020748

Thank you

Paul Murgatroyd's picture

Updated 28th FEB 2010

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint