Direct from Symantec I thought I’d pass this information along in case you are still using some older symantec products. I believe we already have all our clients off of these older products, but some of you out there might still be on an older version. Please look at the chart below to see if you are affected by this certificate expiration.
*UPDATE* Added 2-24-11 – Updated Symantec TechNote on this problem
Important LiveUpdate Certificate Expiration Notice
An older Symantec root certificate, SymRoot1, will expire on April 30, 2011. With an expired certificate, older LiveUpdate clients would no longer authenticate, download, or install content such as AntiVirus definitions or product updates.
To allow customers additional time to plan migrations, Symantec has introduced a workaround that allows LiveUpdate to continue to successfully authenticate valid content from Symantec through July 4, 2012. This date may be extended if needed on a product-by-product basis.
In addition, a newer Symantec root certificate, SymRoot2, will expire on August 23, 2020. Newer Symantec products and recently patched products are compatible with SymRoot2. All customers utilizing SymRoot1-based products are recommended to upgrade to SymRoot2-based products.
What is the impact of using SymRoot1 definitions after the certificate expiration?
The product will continue to download and install new updates, such as AntiVirus definitions and product updates. You do not need to do anything to continue to receive definitions for these products after the certificate expiration, but you are encouraged to upgrade to a version that supports SymRoot2 as soon as feasible.
Will products without SymRoot2 support still be able to use Intelligent Updater or Rapid Release to update definitions?
Yes, Intelligent Updater and Rapid Release definition packages will be signed by both SymRoot1 and SymRoot2.
Which products are affected?
The following table shows which product versions support SymRoot2 in green, which product versions will continue to receive SymRoot1 definitions after the certificate expiration in orange, and which product versions require an upgrade in red.
My product version will not be updated. How do I upgrade?
If possible, Symantec recommends that you upgrade to a version that supports SymRoot2. SymRoot2 compatible products appear in green in the table above. You can download the latest version of your product from File Connect or from the Business Critical Services Web site.
For some products, you may need to apply patch instead of upgrading. Please refer to the following links for more information to assist you with migration.
Endpoint Protection/ AntiVirus Corporate Edition
- Endpoint Security Migration and Installation
- Symantec Endpoint Protection 11.0 Frequently Asked Questions
- Migration paths for Symantec Endpoint Protection 11.0
AntiVirus for Linux
How to obtain the latest release of Symantec AntiVirus for Linux
AntiVirus for Macintosh
If you configured LiveUpdate to run automatically and download all updates, you should already have LiveUpdate 5.1.2. Before April 30, 2011, you can run LiveUpdate and select “Update everything now” to receive the update. After April 30, 2011, follow the directions in the document Download the latest version of LiveUpdate for Macintosh (5.1.2).
Brightmail Gateway (formerly Mail Security 8300/8200 Series)
How to upgrade a Symantec Mail Security Appliance or Symantec Brightmail Gateway to its latest release
Enterprise Security Manager
If you use Enterprise Security Manager 9.x, download and run the installer for LiveUpdate 3.3. If you are upgrading to a new version of Enterprise Security Manager, follow the installation guide for your version on the Enterprise Security Manager Documentation page.
How to upgrade IM Manager to a newer version
Mail Security for Domino
- Mail Security for Domino product documentation
- Upgrading to Symantec Mail Security for Domino 8.x on Windows
- Upgrading to Symantec Mail Security for Domino 7.5
Mail Security for Domino Multi-Platform Edition
If you use Mail Security 3.2 for Domino Multi-Platform Edition, your product can continue to download SymRoot1 definitions after certificate expiration; however, you are encouraged to apply a Java LiveUpdate patch to update your product to be SymRoot2 compatible. For directions, read Patching Symantec Mail Security 3.2 for Domino Multi-Platform Edition for SymRoot2 compliance.
- Mail Security for Domino Multi-Platform Edition product documentation
- System requirements for Symantec Mail Security 8.0 for Domino Multi-Platform Edition
- System Requirements for installing Symantec Mail Security 3.2 for Domino – MPE on AIX
- System Requirements for installing Symantec Mail Security 3.2 for Domino – MPE on Linux
- System Requirements for installing Symantec Mail Security 3.2 for Domino – MPE on Solaris
- System Requirements for installing Symantec Mail Security for Domino — MPE on OS/400
Mail Security for Microsoft Exchange
- Mail Security for Microsoft Exchange product documentation
- About upgrading to Symantec Mail Security 6.5 for Microsoft Exchange from a previous version
- How to upgrade to Symantec Mail Security for Microsoft Exchange 6.0.9 or later on Exchange 2007
- How to upgrade to Symantec Mail Security for Microsoft Exchange 6.0.x
- Upgrading Symantec Mail Security for Microsoft Exchange in a Microsoft Cluster implementation
Mail Security for SMTP
Migrating from Symantec Mail Security for SMTP to Symantec Brightmail Gateway
How to Upgrade to Scan Engine 5.2
Note: Scan Engine connector products do not download virus definitions on their own. Ensure that your version of Scan Engine is compliant.
Security Information Manager
The SymRoot2-compliant version of Security Information Manager is targeted for release at the end of February 2011. Java LiveUpdate patches will also be made available for customers who run Security Information Manager version 4.5, 4.6 and earlier versions of 4.7, Symantec Event Agent 4.7, SSIM Agent 4.5, and SESA Agent 2.5.2.
To receive product alerts for Security Information Manager, click the “Subscribe: Email” link in the upper right corner of the Security Information Manager Alerts page. Before you upgrade, read Best practices before updating or upgrading your Symantec Security Information Manager environment.