Managing Upcoming Symantec SAV10 End-of-Life Issues
It looks like Symantec intends to force customers trying to stay on SAV10 past April 2012 to upgrade sooner than they might want to. Symantec today announced that a root certificate (SymRoot1) related to LiveUpdate will expire on 30 April 30 2011. If nothing was done SAV10 clients running SAV10 MR9 and lower would no longer be able to authenticate, download, or install new AV definitions or product updates.
To provide some relief, Symantec will make a change that will allow SAV10 MR9 and lower clients to continue to function properly with LiveUpdate through 04 July 2012. Note that the formal end-of-life date for SAV10 is 27 April 2012. Up until today, if you stayed on SAV10 MR9 or lower past 27 April 2012 you only risked running definitions that weren’t tested by Symantec. With today’s change, LiveUpdate breaks unless you upgrade to SAV10 MR10 or SEP11 or higher.
If you are running SAV10 MR10, SEP11, or SEP12 you are fine since those all use a root certificate (SymRoot2) that is good through August 23, 2020.
Enterprise-wide SAV upgrades to either SAV10 MR10 or SEP11 are notoriously difficult. If you need assistance automating such an upgrade for your organization, we have extensive experience worldwide doing just that successfully for large populations of both Windows clients and servers. This article shows you how to go about such an upgrade. If you need further help creating install packages, managing the upgrade project, or preparing your staff to handle the upgrade yourselves, please contact us at david @ sharpesecurity.com and we will help get you on the right path. As always, if you aren’t 100% satisfied with our work or follow-up support, we don’t get paid.