Agent system becomes unusable after applying 6.5.1 prevention policy to 6.5.0/6.5.0.HF1 agents
Last Updated September 30, 2016
The Block unsigned binary flag has been introduced in 6.5 policies shipped with release 6.5.1. If this new 6.5 policy is pushed down 6.5.0 agents, the device goes into unresponsive state as all the processes (including exe's from c:\windows\system32\, translate.exe) are redirected to deny_ps. There is no way to recover the machine. One way to identify older 6.5 policies and new 6.5 policies is the revision number.
Affected agent operating systems: All Windows operating systems
Symantec recommends not to apply 6.5 policies which come with 6.5.1 on 6.5.0 agents. It is always recommended to apply policies appropriate for the agent version. You can apply an old policy to a newer agent, but not the new policy to an older agent.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe