Symantec have now released a patch that fixes the issue of definitions being dated 12/31/2009. However, the patch so far is only available for those running 11.03 or 11.05. For more details read the official statement on the Symantec forums or the Symantec Knowledgebase article . Most of our Endpoint Protection Servers were running 11.0.4 (as live update does not upgrade the server console component) so we have to upgrade to 11.0.5 first. This can be seen as a good thing as 11.0.4 has the nasty feature of filling up the hard drive of the server as Symantec downloads and keeps 3 copies of the av definitions every few minutes as it tries to download definitions dated in 2010 (and fails). So far, most of the Endpoint Protection Manager upgrades have been fairly simple with straightforward instructions – a 25 minute process after the files have been downloaded (including backing up the database) but we had one site that didn’t work and we had to reinstall every single Symantec Endpoint Protection client and server by hand. Not a lot of fun.
Month: January 2010
Yes I deliberately posted the date this way as that is how the shortsighted programmers as Symantec did it. Needless to say, when the year rolled around to 00101 this is a lot less that 91231 so the definitions were treated as old. It scares me to see that this bug managed to get into the product – did they not learn anything from the Y2K issues?
To make matters worse we found some servers were continually downloading definitions onto the server and in one case filled up 73gb of disk space. The fix for this is to ensure that the endpoint protection manager software is running 11.0.5 – this is a new download and upgrade installation although for one of our clients it meant uninstalling and reinstalling every single pc at that location – not an upgrade at all.
To top it all, Symantec also decided this week to announce the end of life for the v10 of their products – the only version that was actually working with correct definition dates. Although end of life is in 2012, support should really have coordinated with sales to ensure that the notice didn’t go out *this* week.
I think I still have a few servers that haven’t updated, so I will be checking those out next week. If we continue to use Symantec (which I really do not want to do), I’m hoping to look at an MSP installation of the product – one server managing all the clients so I only have one place to check for client status (and only one server to install, patch and configure)
Most of our Symantec Endpoint Protection clients are alerting that the definition dates are old (we reduce the alert time to less than the default 30 days). These alerts are coming in through the desktop client and also through both of our monitoring systems. Apparently Symantec are aware of the issue (see “The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009”) and their definitions cannot have a date in 2010. Therefore their work around is to push out new updates with a date of December 31st 2009 and they are just increasing the version number until engineering come up with a patch to fix the issue of not accepting dates in 2010.
I sure hope that their update plan works better than our most recent upgrade that meant we had to reinstall the client by hand at every desktop. None of the upgrade processes would work.
Following up from the previous post on most viewed pages of Absoblogginlutely.net in 2009, here are the most popular posts that were written in 2009. All but two of these are solutions to problems that I encountered during the 2009. Some of them were quick google searches, others were based on research and experience but hopefully the solutions have helped others in the same situation that I’ve been in.
- Firewall exception requirements for Symantec Endpoint Protection
- MYSql failed to install with the most recent install package
- Skype plugin caused firefox to slow down
- How to install 32bit print drivers on a Windows 64bit server
- Windows7 upgrade advisor failed to work
- Archiving an Exchange2007 mailbox using Powershell
- Fix to Exchange2003 NDR’s being delivered weeks after the mail failed.
- Granting Full access to a mailbox allowed me to export from Exchange 2007
- Fix to Out Of Office in Outlook 2007 failing
- My attempts at dual booting Windows 7 and Windows XP with Truecrypt on the original XP Installation disk
In common with a lot of other bloggers I’m posting a top 10 list of the most popular pages from Absoblogginlutely.net in the year 2009. It is rather worrying that all of the pages are from posts I have done in previous years. Even more concerning is that a couple of the posts are about updating antivirus software from 2004 so it is a bit scary that people were coming across the same problem in 2009. Either people are 5 years behind upgrading their antivirus software or Symantec still haven’t fixed the issue 5 years later…..
- Manually removing Google Desktop – my most popular post each year and of all time. Originally posted April 2005.
- Instructions on how to setup Dell’s Open Manage Server Administrator alerts. Rather than manually typing in all of the settings to configure a server, I wrote a script to configure the server and setup alerts. The setup process went from about 30 minutes per server to less than 5 minutes. Originally posted November 2007.
- A zero day exploit for a Microsoft vulnerability had us all rushing around trying to patch our client servers in the middle of the day and before the patches were available on WSUS servers. I posted direct links to the 958644 patch as Windows Update was having issues in providing the url to the downloads due to the vast number of servers being checked worldwide. Having the blog entry made it very quick for me and obviously lots of other users to grab the patch at each client location. Originally posted October 2008 for a zero day exploit it is concerning this was so popular in 2009.
- My instructions on how to Fixing a Blackberry hanging during the activation process was also still popular. Originally posted November 2007.
- Back in 2006 there was a wireless vulnerability and I posted about my experiences about trying to obtain a current version of Dell’s wifi drivers for the Inspiron 610m. At the time the Dell driver package was corrupt so a link to the Intel package was posted. Originally posted October 2006. I can understand why this page is popular as navigating the Dell website for drivers can be rather confusing. Driver downloads are not too bad, but management software and applications can be missing from the driver list or poorly named so it’s not obvious which cd image should be downloaded.
- A little know utility, clientdiag, for debugging wsus client issues was my next popular post. I still find myself having to use this utility so I’m not surprised it’s still popular.
- Due to feedback and experience with my Dell OMSA setup script, the Dell Open Manage Server Administrator setup script was updated and the original page updated to link to this one. I would have thought that this page should therefore have got more hits. I guess some people must be running an old version of my script! Originally posted November 2008 I now have a category specifically for OMSA
- Way back in 2003 I discovered an issue that when Symantec Antivirus was updated, the outlook addin would not be correctly updated and an error message about vpmsece.dll would be displayed when outlook was started. Originally posted October 2003, it is very scary that this issue is still being discovered by users. I have seen references to my solution on Symantec support forums and I got several comments requesting help with the simple solutions.
- I used to use Audible in 2004 and found a way to convert Audible data to mp3 so I could listen to the audio books on devices other than my mp3 player. Originally posted June 2004. I’m not sure if this solution is still a viable option (or if it is needed) as I don’t need Audible anymore.
- Users not having their home directory mapped at login and cryptic msgina 1010 errors turned out to be users saving their passwords in Internet Explorer to access other servers on the network. Originally posted July 2007 but this is a problem that could occur at any point in time.