ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Upcoming change to validation certificates for Endpoint Protection reputation lookups may affect Windows XP / Server 2003

book

Article ID: 150319

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

In October, 2016, the SHA-1 certificate that Symantec uses to validate reputation lookups expires. A new SHA-2 certificate replaces it. However, the Windows XP (SP 2 and earlier, 32-bit or 64-bit) and Windows Server 2003 (SP2 and earlier) operating system libraries that facilitate client communication and certificate validation do not properly validate SHA-2 certificates. Therefore, the efficacy of the Symantec Endpoint Protection (SEP) client lowers because it cannot correctly validate reputation lookups.

To prevent this scenario, you must ensure that you apply one of the following hotfixes:

Affected operating systems:

  • Windows XP SP 2 and earlier, 32-bit and 64-bit
  • Windows Server 2003 SP2 and earlier