Why is Symantec breaking the Section 8.5.9 of PCI DSS Standard by OS?