Symantec LiveUpdate Certificate Expiration Notice


Symantec LiveUpdate Certificate Expiration Notice

Direct from Symantec I thought I’d pass this information along in case you are still using some older symantec products.  I believe we already have all our clients off of these older products, but some of you out there might still be on an older version.  Please look at the chart below to see if you are affected by this certificate expiration.

*UPDATE* Added 2-24-11 – Updated Symantec TechNote on this problem

Important LiveUpdate Certificate Expiration Notice


An older Symantec root certificate, SymRoot1, will expire on April 30, 2011. With an expired certificate, older LiveUpdate clients would no longer authenticate, download, or install content such as AntiVirus definitions or product updates.


To allow customers additional time to plan migrations, Symantec has introduced a workaround that allows LiveUpdate to continue to successfully authenticate valid content from Symantec through July 4, 2012. This date may be extended if needed on a product-by-product basis.

In addition, a newer Symantec root certificate, SymRoot2, will expire on August 23, 2020. Newer Symantec products and recently patched products are compatible with SymRoot2. All customers utilizing SymRoot1-based products are recommended to upgrade to SymRoot2-based products.

What is the impact of using SymRoot1 definitions after the certificate expiration?

The product will continue to download and install new updates, such as AntiVirus definitions and product updates. You do not need to do anything to continue to receive definitions for these products after the certificate expiration, but you are encouraged to upgrade to a version that supports SymRoot2 as soon as feasible.

Will products without SymRoot2 support still be able to use Intelligent Updater or Rapid Release to update definitions?

Yes, Intelligent Updater and Rapid Release definition packages will be signed by both SymRoot1 and SymRoot2.

Which products are affected?

The following table shows which product versions support SymRoot2 in green, which product versions will continue to receive SymRoot1 definitions after the certificate expiration in orange, and which product versions require an upgrade in red.

ProductVersionStatusAction Needed
AntiVirus Corporate Edition10.1 MR 10SymRoot2 SupportNone
AntiVirus Corporate Edition10.xSymRoot1 SupportUpgrade recommended
AntiVirus Corporate Edition9.xNo definitions after 4/30/2011Upgrade required
AntiVirus for LinuxMR 10SymRoot2 SupportNone
AntiVirus for LinuxMR 9 and earlierSymRoot1 SupportUpgrade recommended
AntiVirus for Macintosh10.xSymRoot2 Support with LiveUpdate 5.1.2Update to LiveUpdate for Macintosh 5.1.2
Brightmail Gateway7.7 and laterSymRoot2 SupportNone
Brightmail Gateway5.x through 7.6SymRoot1 SupportUpgrade recommended
Brightmail Message FilterAllDoes not use SymRootNone
Client Security3.1 MR 10SymRoot2 SupportNone
Client Security3.xSymRoot1 SupportUpgrade recommended
Client Security2.xNo definitions after 4/30/2011Upgrade required
Endpoint Protection12.0 / 11.0SymRoot2 SupportNone
Enterprise Security Manager10.xSymRoot2 SupportNone
Enterprise Security Manager9.x and laterSymRoot2 Support with LiveUpdate 3.3Update to Windows LiveUpdate 3.3
Enterprise Security Manager6.5.xNo definitions after 4/30/2011Upgrade required
IM Manager8.4.1.16SymRoot2 SupportNone
IM ManagerPrior to SupportUpgrade recommended
LiveUpdate Administrator2.xSymRoot2 SupportNone
LiveUpdate Administration Utility1.5SymRoot1 SupportUpgrade recommended
Mail Security for Domino8.0.5 and laterSymRoot2 SupportNone
Mail Security for Domino8.0, 8.01, 8.02, 8.03SymRoot1 SupportUpgrade recommended
Mail Security for Domino7.5SymRoot2 SupportNone
Mail Security for Domino5.xSymRoot1 SupportUpgrade recommended
Mail Security for Domino4.x and earlierNo definitions after 4/30/2011Upgrade required
Mail Security for Domino MPE3.2SymRoot1 SupportUpgrade or Java LiveUpdate patch recommended
Mail Security for Domino MPE3.0No definitions after 4/30/2011Upgrade required
Mail Security for Exchange6.5SymRoot2 SupportNone
Mail Security for Exchange6.0.xSymRoot2 SupportNone
Mail Security for Exchange5.0.xSymRoot1 SupportUpdate recommended
Mail Security for Exchange4.6SymRoot1 SupportUpgrade recommended
Mail Security for Exchange4.5 and earlierNo definitions after 4/30/2011Upgrade required
Mail Security for SMTP5.xSymRoot1 SupportUpgrade recommended
Scan Engine5.2.8SymRoot2 SupportNone
Scan Engine5.2.7 and earlierSymRoot1 SupportUpgrade recommended
Security Information Manager4.7 MP3 (release TBD)SymRoot2 SupportNone
Security Information Manager4.7.2 and earlierNo updates after 4/30/11Upgrade required

My product version will not be updated. How do I upgrade?

If possible, Symantec recommends that you upgrade to a version that supports SymRoot2. SymRoot2 compatible products appear in green in the table above. You can download the latest version of your product from File Connect or from the Business Critical Services Web site.
For some products, you may need to apply patch instead of upgrading. Please refer to the following links for more information to assist you with migration.

Endpoint Protection/ AntiVirus Corporate Edition

AntiVirus for Linux

How to obtain the latest release of Symantec AntiVirus for Linux

AntiVirus for Macintosh

If you configured LiveUpdate to run automatically and download all updates, you should already have LiveUpdate 5.1.2. Before April 30, 2011, you can run LiveUpdate and select “Update everything now” to receive the update. After April 30, 2011, follow the directions in the document Download the latest version of LiveUpdate for Macintosh (5.1.2).

Brightmail Gateway (formerly Mail Security 8300/8200 Series)

How to upgrade a Symantec Mail Security Appliance or Symantec Brightmail Gateway to its latest release

Enterprise Security Manager

If you use Enterprise Security Manager 9.x, download and run the installer for LiveUpdate 3.3. If you are upgrading to a new version of Enterprise Security Manager, follow the installation guide for your version on the Enterprise Security Manager Documentation page.

IM Manager

How to upgrade IM Manager to a newer version

Mail Security for Domino

Mail Security for Domino Multi-Platform Edition

If you use Mail Security 3.2 for Domino Multi-Platform Edition, your product can continue to download SymRoot1 definitions after certificate expiration; however, you are encouraged to apply a Java LiveUpdate patch to update your product to be SymRoot2 compatible. For directions, read Patching Symantec Mail Security 3.2 for Domino Multi-Platform Edition for SymRoot2 compliance.

Mail Security for Microsoft Exchange

Mail Security for SMTP

Migrating from Symantec Mail Security for SMTP to Symantec Brightmail Gateway

Scan Engine

How to Upgrade to Scan Engine 5.2
Note: Scan Engine connector products do not download virus definitions on their own. Ensure that your version of Scan Engine is compliant.

Security Information Manager

The SymRoot2-compliant version of Security Information Manager is targeted for release at the end of February 2011. Java LiveUpdate patches will also be made available for customers who run Security Information Manager version 4.5, 4.6 and earlier versions of 4.7, Symantec Event Agent 4.7, SSIM Agent 4.5, and SESA Agent 2.5.2.
To receive product alerts for Security Information Manager, click the “Subscribe: Email” link in the upper right corner of the Security Information Manager Alerts page. Before you upgrade, read Best practices before updating or upgrading your Symantec Security Information Manager environment.

More About the Author

Richard Clapp

Systems Engineer
Cleaning Up WinSXS Folder on Windows Server 2008 R2 I finally found some good information for cleaning up the WinSXS folder on new instances of Windows. I found the following site ...
Getting Access to Multiple Branches while Using a Split VPN Tunnel for Performance I recently had to help a client who was having performance issues over the VPN. They had a fast connection at home, but just a standard ...

See more from this author →

Subscribe to our newsletter

  • I understand that InterWorks will use the data provided for the purpose of communication and the administration my request. InterWorks will never disclose or sell any personal data except where required to do so by law. Finally, I understand that future communications related topics and events may be sent from InterWorks, but I can opt-out at any time.
  • This field is for validation purposes and should be left unchanged.

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK


Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Geschäftsführer: Mel Stephenson

Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072