Frequently Asked Questions: Google Project Zero Vulnerabilities Impact on Symantec Products
Last Updated July 01, 2016
What are the vulnerabilities and where can I find more details?
Vulnerabilities reported are in the decomposer component of our AV Engine. This is a common component that is utilized in multiple Symantec Products. More details can be found in the posted Security Advisory for SYM16-010.
How do I know if my organization is affected?
We have created a security advisory page on Symantec.com that provides a list of all affected enterprise and Norton security products. On this page you will be able to identify if your product version is affected along with instructions on how to resolve the vulnerability. Refer to: Security Advisory for SYM16-010.
If my product is affected, what is the recommended solution for my product?
All reported issues have been patched and updates are available to customers for the following products:
Via Product Upgrade
Norton product lines
Advanced Threat Protection (ATP) Network
Data Center Security:Server (DCS:S)
Web Security Server .Cloud (WSS)
Email Security Server .Cloud (ESS)
Symantec Web Gateway
Symantec Endpoint Protection for Mac
Symantec Endpoint Protection
Symantec Protection Engine
Symantec Mail Security for Microsoft Exchange(SMSMSE)
Symantec Mail Security for Domino (SMSDOM)
Symantec Message Gateway (SMG)
Symantec Endpoint Protection for Linux
Symantec Protection for Sharepoint Server
How can I verify if I am protected?
Ensure that you have the latest LiveUpdate content or the most recent product upgrade as listed in the ‘Update Information’ section of the Security Advisory for SYM16-010.
Is Symantec aware of these vulnerabilities being exploited in the wild?
No, Symantec is not aware of any of these vulnerabilities currently being exploited in the wild.
What if I can’t upgrade a product immediately? Are there any mitigations or workarounds?
Customers are recommended to upgrade for the products listed above (“Via Product Upgrade” column). Symantec has created signatures to detect and block exploit attempts in certain circumstances. While they provide some mitigation, they are not intended as a replacement for upgrades. Symantec will continue to monitor the effectiveness of these signatures and update where needed.
What products are NOT affected by the vulnerability?
The Security Advisory on Symantec.com provides a list of Symantec products that were affected by the vulnerability. If your product is not listed, there is no action to take.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.