Endpoint Protection Small Business Edition

Today I read that all Norton and Symantec Virus products are in jeapardy, because of a buffer overflow attacking check of compressed files. There was a list attached for most products on what to do. Most are already fixed. BUT: Endpoint Protecion Small Business Edition 12.1.5 is not on that list. Since I have at least two dozend server installations all over my costumers servers I am really worried. Due to company restrictions for most companies the cloud based version (which might or might not be protected against this error) is off limits. And an easy and cheap upgrade to bigger version seems not to be available through Symantec. Most of those contracts are still running a year or two - so just offering an xgrade gives those costumers a huge disadvantage. We are already exchanging all to be renewed contracts, but those long term ones....!?! Will there be a work around for 12.1.5? What can I do to make it work, if the cloud is off limits. Thanks for your time Helmut Lieb

Symantec doesn't specifically state SBE 12.1x is affected but SEP SBE 12.x is EOL so there aren't any additional product upgrades that will be available. So aside from moving to SEP.cloud or SEP Enterprise, I believe the product is going to remain vulnerable.

I know it is being EOL - but it is still renewed and old subscriptions are still running. Therefore leaving it with such a big vulnerability without giving any work around seems a bit odd. Those costumers still pay quite some money, but don't get the protection they deserve.

I suggest Symantec either gives away free or cheap SEP Enterprise versions to those costumers or they fix the problem.

Leaving them alone could get Symantec so much bad press, it really could affect business in the future.

To mitigate the vulnerabilities which have been identified, we recommend that affected products should be updated to latest version. Also, Symantec has released the list of signatures also in an effort to block/detect attempts at exploitation.  So make sure SEP clients are at least updated with the latest definitions. 

Either you continue using the same version or install cloud manage client on those machines or upgrade to Enterprise Edition. 

Check out this Symantec blog: https://www.symantec.com/connect/blogs/symantec-updates-now-available-norton-and-enterprise-products">https://www.symantec.com/connect/blogs/symantec-updates-now-available-norton-and-enterprise-products">https://www.symantec.com/connect/blogs/symantec-updates-now-available-norton-and-enterprise-products 

" At Symantec, we take our mission to protect the world’s information very seriously. To ensure that our products are as effective as possible, we rely on Symantec experts and the security research community to watch for potential product vulnerabilities so we can act swiftly to remediate and issue product updates accordingly. As part of our standard best practices, we continually improve the protection delivered in our products through regular updates and encourage both our Norton and enterprise customers to keep their products updated to get the best protection possible.

In this case, we were alerted by a researcher on Google’s Project Zero to eight vulnerabilities he discovered after reviewing our product portfolio. Symantec has not seen evidence of any of these vulnerabilities being exploited in the wild. More importantly, fixes are currently in place and updates are now available for customers to install.  While many products update themselves automatically, we encourage all of our customers to review the full list of impacted products and installation instructions, which can be found here.

Staying ahead of the threats from attackers requires vigilance and industry-wide information sharing. We remain committed to ensuring our products address today’s most sophisticated threats and we thank the security community for their assistance."

Since the description of the error is out, there will be exploits shortly. And as far as I know the cloud version is not fixed either up to this point.

Since the enterprise client works with the SBE Manager, Symantec should allow SBE users to push that to their costumers. We tested that and it works.

This is surprising enterprise clients works with the SBE manager. Could you post the screen-shot?

The older SEP SBE (on-premises) product reached End of Life in May 2015 and at this point we do not have a timeline to fix this older product. In the meantime, those SEP SBE (on-premises) agents will have the new AntiVirus detections to provide some protection.

It is recommended that machines running this product be moved to the SEP SBE (cloud) agent once the updated version of it is available which is included in your license.

For more information on the vulnerabilities and cross-product fixes, please see the Symantec Security Advisory - https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00.  

Hi,

The new Cloud SBE server client has been released. To install the new version, which resolves the vulnerabilities (SYM16-010/011) please uninstall your existing client and then use one of the methods below to re-install:
 
NOTE:  If you have more than one server to re-install I would recommend the redistributable option. You will need to uninstall the existing agent before you proceed with the new install
 
How to Install a Client:
https://support.symantec.com/en_US/article.TECH215636.html
 
 
You do have an option that will allow the install to happen without first uninstalling the existing agent
NOTE: This will reboot the system (once on Desktop OSs and twice on Server OSs) without a warning
- Download a new SymantecPackageCreator.exe 
- Create a new install package from the package creator.
- On a affected system, place the new SymRedistributable.exe at the C:\ location
- Open an Administrative Command prompt, navigate to C:\ and type the following command: SymRedistributable.exe -silent -refreshall
- After pressing enter you should notice no additional prompts. The only way to confirm if the commands worked is to open the task manager and look for the process msiexec.exe (should be there after a few seconds).
- Wait a few minutes to for machine to reboot. After reboot, the agent should be successfully installed.
 
This type of reinstall allows the agents to keep their same Computer Profile in the hosted portal, in the same group, with the same policies applied to it.
  
I will share more information about new client for workstations when I know more.

A workstation agent for desktops/laptops has been released and requires you to take action to update to the latest version.

At this point auto-update is not available for Symantec.cloud agents but i believe you can expect it within few days. It's mentioned in the HOWTO124395">http://www.symantec.com/docs/HOWTO124395">HOWTO124395 also. But for immediate upgrade need to uninstall & reinstall.

Refer this guide: https://support.symantec.com/en_US/article.HOWTO124395.html">https://support.symantec.com/en_US/article.HOWTO124395.html">https://support.symantec.com/en_US/article.HOWTO124395.html

We are in the process of upgrading to SEP MP5. However, we have a group of servers that can only be restarted during our maintentaice windows. Is there a way to remediate these issues without restarting?

Thanks, 

Mike

no, needs a reboot to close it off.