search cancel

Agent system becomes unusable after applying 6.5.1 prevention policy to 6.5.0/6.5.0.HF1 agents


Article ID: 163624


Updated On:


Embedded Security Critical System Protection


The Block unsigned binary flag has been introduced in 6.5 policies shipped with release 6.5.1. If this new 6.5 policy is pushed down 6.5.0 agents, the device goes into unresponsive state as all the processes (including exe's from c:\windows\system32\, translate.exe) are redirected to deny_ps. There is no way to recover the machine. One way to identify older 6.5 policies and new 6.5 policies is the revision number.

Affected agent operating systems: All Windows operating systems


Symantec recommends not to apply 6.5 policies which come with 6.5.1 on 6.5.0 agents. It is always recommended to apply policies appropriate for the agent version. You can apply an old policy to a newer agent, but not the new policy to an older agent.