search cancel

Upcoming change to validation certificates for Endpoint Protection reputation lookups may affect Windows XP / Server 2003


Article ID: 150319


Updated On:


Endpoint Protection




In October, 2016, the SHA-1 certificate that Symantec uses to validate reputation lookups expires. A new SHA-2 certificate replaces it. However, the Windows XP (SP 2 and earlier, 32-bit or 64-bit) and Windows Server 2003 (SP2 and earlier) operating system libraries that facilitate client communication and certificate validation do not properly validate SHA-2 certificates. Therefore, the efficacy of the Symantec Endpoint Protection (SEP) client lowers because it cannot correctly validate reputation lookups.

To prevent this scenario, you must ensure that you apply one of the following hotfixes:

Affected operating systems:

  • Windows XP SP 2 and earlier, 32-bit and 64-bit
  • Windows Server 2003 SP2 and earlier