The Block unsigned binary flag has been introduced in 6.5 policies shipped with release 6.5.1. If this new 6.5 policy is pushed down 6.5.0 agents, the device goes into unresponsive state as all the processes (including exe's from c:\windows\system32\, translate.exe) are redirected to deny_ps. There is no way to recover the machine. One way to identify older 6.5 policies and new 6.5 policies is the revision number.

Affected agent operating systems: All Windows operating systems

Symantec recommends not to apply 6.5 policies which come with 6.5.1 on 6.5.0 agents. It is always recommended to apply policies appropriate for the agent version. You can apply an old policy to a newer agent, but not the new policy to an older agent.