Symantec LiveUpdate Certificate Expiration Notice

IT

Symantec LiveUpdate Certificate Expiration Notice

Direct from Symantec I thought I’d pass this information along in case you are still using some older symantec products.  I believe we already have all our clients off of these older products, but some of you out there might still be on an older version.  Please look at the chart below to see if you are affected by this certificate expiration.

*UPDATE* Added 2-24-11 – Updated Symantec TechNote on this problem

Important LiveUpdate Certificate Expiration Notice

Problem

An older Symantec root certificate, SymRoot1, will expire on April 30, 2011. With an expired certificate, older LiveUpdate clients would no longer authenticate, download, or install content such as AntiVirus definitions or product updates.

Solution

To allow customers additional time to plan migrations, Symantec has introduced a workaround that allows LiveUpdate to continue to successfully authenticate valid content from Symantec through July 4, 2012. This date may be extended if needed on a product-by-product basis.

In addition, a newer Symantec root certificate, SymRoot2, will expire on August 23, 2020. Newer Symantec products and recently patched products are compatible with SymRoot2. All customers utilizing SymRoot1-based products are recommended to upgrade to SymRoot2-based products.

What is the impact of using SymRoot1 definitions after the certificate expiration?

The product will continue to download and install new updates, such as AntiVirus definitions and product updates. You do not need to do anything to continue to receive definitions for these products after the certificate expiration, but you are encouraged to upgrade to a version that supports SymRoot2 as soon as feasible.

Will products without SymRoot2 support still be able to use Intelligent Updater or Rapid Release to update definitions?

Yes, Intelligent Updater and Rapid Release definition packages will be signed by both SymRoot1 and SymRoot2.

Which products are affected?

The following table shows which product versions support SymRoot2 in green, which product versions will continue to receive SymRoot1 definitions after the certificate expiration in orange, and which product versions require an upgrade in red.

Product Version Status Action Needed
AntiVirus Corporate Edition 10.1 MR 10 SymRoot2 Support None
AntiVirus Corporate Edition 10.x SymRoot1 Support Upgrade recommended
AntiVirus Corporate Edition 9.x No definitions after 4/30/2011 Upgrade required
AntiVirus for Linux MR 10 SymRoot2 Support None
AntiVirus for Linux MR 9 and earlier SymRoot1 Support Upgrade recommended
AntiVirus for Macintosh 10.x SymRoot2 Support with LiveUpdate 5.1.2 Update to LiveUpdate for Macintosh 5.1.2
Brightmail Gateway 7.7 and later SymRoot2 Support None
Brightmail Gateway 5.x through 7.6 SymRoot1 Support Upgrade recommended
Brightmail Message Filter All Does not use SymRoot None
Client Security 3.1 MR 10 SymRoot2 Support None
Client Security 3.x SymRoot1 Support Upgrade recommended
Client Security 2.x No definitions after 4/30/2011 Upgrade required
Endpoint Protection 12.0 / 11.0 SymRoot2 Support None
Enterprise Security Manager 10.x SymRoot2 Support None
Enterprise Security Manager 9.x and later SymRoot2 Support with LiveUpdate 3.3 Update to Windows LiveUpdate 3.3
Enterprise Security Manager 6.5.x No definitions after 4/30/2011 Upgrade required
IM Manager 8.4.1.16 SymRoot2 Support None
IM Manager Prior to 8.4.1.16 SymRoot1 Support Upgrade recommended
LiveUpdate Administrator 2.x SymRoot2 Support None
LiveUpdate Administration Utility 1.5 SymRoot1 Support Upgrade recommended
Mail Security for Domino 8.0.5 and later SymRoot2 Support None
Mail Security for Domino 8.0, 8.01, 8.02, 8.03 SymRoot1 Support Upgrade recommended
Mail Security for Domino 7.5 SymRoot2 Support None
Mail Security for Domino 5.x SymRoot1 Support Upgrade recommended
Mail Security for Domino 4.x and earlier No definitions after 4/30/2011 Upgrade required
Mail Security for Domino MPE 3.2 SymRoot1 Support Upgrade or Java LiveUpdate patch recommended
Mail Security for Domino MPE 3.0 No definitions after 4/30/2011 Upgrade required
Mail Security for Exchange 6.5 SymRoot2 Support None
Mail Security for Exchange 6.0.x SymRoot2 Support None
Mail Security for Exchange 5.0.x SymRoot1 Support Update recommended
Mail Security for Exchange 4.6 SymRoot1 Support Upgrade recommended
Mail Security for Exchange 4.5 and earlier No definitions after 4/30/2011 Upgrade required
Mail Security for SMTP 5.x SymRoot1 Support Upgrade recommended
Scan Engine 5.2.8 SymRoot2 Support None
Scan Engine 5.2.7 and earlier SymRoot1 Support Upgrade recommended
Security Information Manager 4.7 MP3 (release TBD) SymRoot2 Support None
Security Information Manager 4.7.2 and earlier No updates after 4/30/11 Upgrade required

My product version will not be updated. How do I upgrade?

If possible, Symantec recommends that you upgrade to a version that supports SymRoot2. SymRoot2 compatible products appear in green in the table above. You can download the latest version of your product from File Connect or from the Business Critical Services Web site.
For some products, you may need to apply patch instead of upgrading. Please refer to the following links for more information to assist you with migration.

Endpoint Protection/ AntiVirus Corporate Edition

AntiVirus for Linux

How to obtain the latest release of Symantec AntiVirus for Linux

AntiVirus for Macintosh

If you configured LiveUpdate to run automatically and download all updates, you should already have LiveUpdate 5.1.2. Before April 30, 2011, you can run LiveUpdate and select “Update everything now” to receive the update. After April 30, 2011, follow the directions in the document Download the latest version of LiveUpdate for Macintosh (5.1.2).

Brightmail Gateway (formerly Mail Security 8300/8200 Series)

How to upgrade a Symantec Mail Security Appliance or Symantec Brightmail Gateway to its latest release

Enterprise Security Manager

If you use Enterprise Security Manager 9.x, download and run the installer for LiveUpdate 3.3. If you are upgrading to a new version of Enterprise Security Manager, follow the installation guide for your version on the Enterprise Security Manager Documentation page.

IM Manager

How to upgrade IM Manager to a newer version

Mail Security for Domino

Mail Security for Domino Multi-Platform Edition

If you use Mail Security 3.2 for Domino Multi-Platform Edition, your product can continue to download SymRoot1 definitions after certificate expiration; however, you are encouraged to apply a Java LiveUpdate patch to update your product to be SymRoot2 compatible. For directions, read Patching Symantec Mail Security 3.2 for Domino Multi-Platform Edition for SymRoot2 compliance.

Mail Security for Microsoft Exchange

Mail Security for SMTP

Migrating from Symantec Mail Security for SMTP to Symantec Brightmail Gateway

Scan Engine

How to Upgrade to Scan Engine 5.2
Note: Scan Engine connector products do not download virus definitions on their own. Ensure that your version of Scan Engine is compliant.

Security Information Manager

The SymRoot2-compliant version of Security Information Manager is targeted for release at the end of February 2011. Java LiveUpdate patches will also be made available for customers who run Security Information Manager version 4.5, 4.6 and earlier versions of 4.7, Symantec Event Agent 4.7, SSIM Agent 4.5, and SESA Agent 2.5.2.
To receive product alerts for Security Information Manager, click the “Subscribe: Email” link in the upper right corner of the Security Information Manager Alerts page. Before you upgrade, read Best practices before updating or upgrading your Symantec Security Information Manager environment.

More About the Author

Richard Clapp

Systems Engineer
Cleaning Up WinSXS Folder on Windows Server 2008 R2 I finally found some good information for cleaning up the WinSXS folder on new instances of Windows. I found the following site ...
Getting Access to Multiple Branches while Using a Split VPN Tunnel for Performance I recently had to help a client who was having performance issues over the VPN. They had a fast connection at home, but just a standard ...

See more from this author →

Subscribe to our newsletter

  • I understand that InterWorks will use the data provided for the purpose of communication and the administration my request. InterWorks will never disclose or sell any personal data except where required to do so by law. Finally, I understand that future communications related topics and events may be sent from InterWorks, but I can opt-out at any time.
  • This field is for validation purposes and should be left unchanged.

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK