Symantec has posted the advisory “SYM16-015 - Symantec Decomposer Engine Security Update”. This document describes the options available for responding to this advisory as a user of Symantec Endpoint Protection 12.1.
Apply one of the following solutions:
The client computers get the content update directly from the Symantec Endpoint Protection Manager or through a Group Update Provider, or by running LiveUpdate.
Note: If you apply the content update to a Symantec Endpoint Protection 12.1.6 MP5 client, and later change the feature set or repair this installation, the updated components revert to their original version. You must then upgrade to 12.1.6 MP6.
You can determine which clients have not yet applied the update by the following methods:
When the update has been successfully applied, it writes one of the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\HOTFIXREVISION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\HOTFIXREVISION
You can use a script to check for the presence of this registry value.
Note: If you apply the update, and later change the feature set or repair this installation, the key remains even though the updated files revert to an earlier original version.
With the use a Host Integrity (HI) policy, you can determine whether or not the appropriate files were updated. After the policy has propagated, you can then view the Compliance Logs to see which clients passed and which clients failed the Host Integrity compliance check.
#HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\\CCROOT#\ccScanW.dll
If the policy is not new and is already assigned to a group or groups, then the new requirement automatically applies to them.