search cancel

EFAIL Report and Symantec Email Encryption products


Article ID: 150870


Updated On:


Desktop Email Encryption Encryption Management Server PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Drive Encryption Endpoint Encryption File Share Encryption Gateway Email Encryption


EFAIL Report and Symantec Email Encryption products


Symantec received a report of a potential vulnerability in encrypted S/MIME and OpenPGP standards and how it relates to the Symantec Encryption products. 

Symantec has included a fix for this report in the following encryption products:
Symantec Encryption Management Server 3.4.2 HF1 and above
Symantec Encryption Desktop 10.4.2 HF1 and above
Symantec PGP Command Line 10.4.2 HF1 and above

For information on how to download Symantec Encryption products, see the following article:

193931 - How to download Symantec Encryption products from the Broadcom download Portal (And where to find the license number for PGP)


There were reports that uninstalling Encryption software is recommended to mitigate EFAIL--This is incorrect and show not be done.  If updating to the above versions is not immediately possible, Symantec recommends that you leave Encryption software installed, and that you continue to encrypt sensitive data.  Always ensure you have security software, such as Symantec Endpoint Protection installed on your systems to mitigate against Efail.  Uninstalling Encryption software puts data in a much lower security posture and greater risk of data compromise.  Symantec recommends that you disable the “download images” feature in the mail clients.

For more information on how to configure this feature in Outlook, review the Microsoft document:

Third-party location of the report:

Related CVE Reports (Information not yet populated):
CVE-2017-17688: OpenPGP CFB gadget attacks
CVE-2017-17689: S/MIME CBC gadget attacks

If you are experiencing issues decrypting PGPzip files or decrypting emails, refer to the links in the "Additional Information" section for more guidance.

Additional Information

150870 - EFAIL Report and Symantec Email Encryption products

173550 - Unable to decrypt email after installing Encryption Desktop (PGP Desktop) 10.4.2 HF1 or above

173613 - Unable to decrypt PGP Zip files after installing Encryption Desktop (PGP Desktop) 10.4.2 HF1 or above