In October, 2016, the SHA-1 certificate that Symantec uses to validate reputation lookups expires. A new SHA-2 certificate replaces it. However, the Windows XP (SP 2 and earlier, 32-bit or 64-bit) and Windows Server 2003 (SP2 and earlier) operating system libraries that facilitate client communication and certificate validation do not properly validate SHA-2 certificates. Therefore, the efficacy of the Symantec Endpoint Protection (SEP) client lowers because it cannot correctly validate reputation lookups.
To prevent this scenario, you must ensure that you apply one of the following hotfixes: