Symantec Endpoint Protection 12.1.2 uses a strong hashing algorithm (SHA-256 with salt) to create a password that is required for scans of network drives. In previous releases, Symantec Endpoint Protection used MD5 hashing. To maintain backwards compatibility, Symantec Endpoint Protection 12.1.2 uses both the MD5 field and a new field for the SHA-256 hash in its profile.
When you upgrade to Symantec Endpoint Protection Manager 12.1.2, any legacy MD5 network scan password is retained as MD5. Legacy clients can use the MD5 password. The MD5 hash, however, cannot be migrated to SHA-256, since the hash is one-way and SEPM does not maintain a clear text copy of the network scan password which was entered previously. You must re-enter the network scan password in the Virus and Spyware Protection policy to create the password with SHA-256 hashing for Symantec Endpoint Protection 12.1.2 clients.
In the Symantec Endpoint Protection Manager 12.1.2 console, on the
Policies tab, open a Virus and Spyware Protection policy.
Global Scan Options tab, under Scan Network Drive, make sure you check
Ask for a password before scanning a mapped network drive.
Enter the password.
OK. The password is saved with both MD5 and SHA-256 hashing.
OK to save the policy.
Apply the policy to the relevant group.
Note: The change from MD5 to SHA-256 does not affect Symantec Endpoint Protection small business edition, which does not support the network scan feature.
Imported Document ID: TECH194754
Subscribing will provide email updates when this Article is updated. Login is required.