search cancel

Agent system becomes unusable after applying 6.5.1 prevention policy to 6.5.0/6.5.0.HF1 agents

book

Article ID: 163624

calendar_today

Updated On:

Products

Embedded Security Critical System Protection

Issue/Introduction

The Block unsigned binary flag has been introduced in 6.5 policies shipped with release 6.5.1. If this new 6.5 policy is pushed down 6.5.0 agents, the device goes into unresponsive state as all the processes (including exe's from c:\windows\system32\, translate.exe) are redirected to deny_ps. There is no way to recover the machine. One way to identify older 6.5 policies and new 6.5 policies is the revision number.

Affected agent operating systems: All Windows operating systems

Resolution

Symantec recommends not to apply 6.5 policies which come with 6.5.1 on 6.5.0 agents. It is always recommended to apply policies appropriate for the agent version. You can apply an old policy to a newer agent, but not the new policy to an older agent.