Are Symantec Encryption products vulnerable to the “POODLE" vulnerability (CVE-2014-3566). None of the Symantec Encryption products are vulnerable, but Symantec Endpoint Encryption servers can potentially be affected by the “POODLE” vulnerability.
None of the client products are vulnerable, including Endpoint Encryption with Drive Encryption functionality or Removable Encryption functionality, SEE Full Disk, SEE Removable Storage, and SEE Device Control. For more information about the POODLE vulnerability, see http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566.
Important Note: It is advisable to always be on the lastest version of Symantec Endpoint Encryption. SEE 11.2.0 and above no longer use TLS 1.0 or SSL v3.0. For the current version of Symantec Endpoint Encryption, see article: 156303.
If TLSv1 is disabled on the Endpoint Encryption Management Server, then client/server communications use the next secure protocol, which would be SSL v3.0. As this is the version that is currently vulnerable, it is recommended to disable SSL v3.0 on the server.
Disable SSL 3.0 in Windows
To disable SSL v3.0 protocol on Microsoft Windows:
Note: This workaround disables SSL v3.0 for all server software installed on a system, including IIS.
Note: After applying this workaround, clients that rely only on SSL v3.0 will not be able to communicate with the server.