Method for working around NIS10 17.5.0.127 and XP problems

Mark_Kratzer · ‎07-05-2009

I thought I would post this as an aid to those (including myself) who are experiencing this problem. In the most severe cases where NIS10 always fails to load and the PC is not behind a hardware firewall and ISP AV filtering, the PC can be left totally exposed to hacking and malware.

I was surprised that Symantec has not offered a quick temporary fix given the scale of the problem and that XP continues to be the largest installed OS base.

Here is what I did to get back up running on four XP systems and maintain some semblance of current security:

(1) I disconnected each system from the Internet. The easiest way to do this is simply unplug your network cable if you have one. I am not sure about WIFI users (probably just temporarily disable it in the BIOS).

(2) I restored image backups of my system disk which were still running NIS10 17.1.0.19. (If you don't have an image backup, then you need to uninstall NIS10 and find out from Symantec where you can get a direct download link to NIS10 17.1.0.19. Of course, do this before you take yourself off the Internet.) If someone knows a link for this, then please post.

(3) Reboot and go into NIS10 Computer Settings and turn off Automatic Live Update. This will prevent the 17.5.0.127 patch from getting pulled down again.

(4) Reconnect to the Internet.

(5) Daily download the security defs from Symantec and run the executable which will update NIS10. This will keep you up to date while avoiding 17.5.0.127. Here is the link (use the first updater):

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=n95

I hope that will help some of you until Symantec addresses this. Personally, I don't understand why patching and streaming security updates cannot be two separate options in NIS. Also, I don't understand why Symantec has not made NIS10 17.1.0.19 available for download/reinstallation while at the same time pulling the 17.5.0.127 patch until a new and working patch can be provided.

I hope this helps.

Plankton · ‎07-26-2009

Hi Mark_Kratzer:

Thank you for the information. Any effort is appreciated!

However, this is not only a bit much (strictly IMHO) but akin to placing a band-aid on a gushing wound.

Please look at the other two threads...

http://community.norton.com/t5/Norton-Internet-Security-Norton/Problem-with-NIS-2010-Windows-XP-SP3-...

http://community.norton.com/t5/Norton-Internet-Security-Norton/NIS-System-Tray-icon-missing/td-p/196...

Obviously, not a good situation. The ball is in their court now.

Plankton - MCSE, CSQE

- NIS 2009 • NIS 2010 -

Windows XP • Vista • 7 • IE 8

Mark_Kratzer · ‎07-05-2009

Yes, I have been following all these XP threads, but I haven't seen anything offered as a work around to get people back up and into a secure state, other than cross your fingers and keep rebooting.

Even just 60 seconds on the Internet with no security, especially a firewall, is too long.

You would think that this will be resolved quickly, and yet, one only has only to look at how long it took to provide proper Firefox 3.5 support when Firefox 3.5 had been in beta for months and was not in any way a surprize event. Symantec has a track record of being fast with AV definitions, but slow and not proactive when it comes to compatibility issues.

huwyngr · ‎04-13-2008

Mark,

If your procedure is to get back to 17.1 then an alternative to imaging, especially for those who don't have imaging software or whose last image might be too old, might be to use the Norton Removal Tool to clean out NIS 17.5 and then download 17.1 from the CNET Downloads site.

Here's my boilerplate on that:

We heard from Norton Staff recently that you can download the 30 trial versions from CNET without any formality like the CC business apart from filling in your email address. And in case you are worried when you click on Download it takes you to a Norton download site, not to a third party site.

Norton Internet Security 2010

Norton AntiVirus 2010

Norton 360

I downloaded NIS 17.1 two days ago and I doubt it will be updated for a while. It should pick up your KEY automatically either from info left by the NRT or it's in a KEY.TXT file in a Symantec Folder under My Documents but if there's any problem just get onto Customer Support, tell them about reinstalling and they can easily sort it out.

Boilerplate again:

To contact customer support Click on this link and work on from there.

You can choose CHAT or Email; phone may have a long wait time and feedback from users tells us that CHAT is by far the best at resolving problems.

Note that that link is to the USA/CAN website so if you are located elsewhere I'm sure you will be able to find the equivalent location on your local Symantec website; some pages have a link at the top right where you can select the country you are located in.

FWIW

Hugh

RonCzap · ‎10-12-2009

Mark,

Great idea!

I spent four hours restoring my C: drive back to Jan 1 and another hour or two reinstalling and tweaking software and other files but I am now back to version 17.1.0.19 of NIS 2010.

A lot of work but I feel better from a security standpoint! I wonder if the AV updates will stay compatible with the older version of NIS...

NIS 2013

Windows XP Pro SP3

IE8

Plankton · ‎07-26-2009

Hi Mark, Ron and others:

Not meaning to sound redundant, but there are some very good people at Symantec working real hard to solve this issue. I am assisting them as requested - hopefully the problem will be rectified soon.

Going with the 17.1 regression is an idea for now, but I can't do it since there is data on the 17.5 which I need to trap and submit. Maybe that will be the Rosetta Stone that unlocks the whole problem, I hope.

Plankton - MCSE, CSQE

- NIS 2009 • NIS 2010 -

Windows XP • Vista • 7 • IE 8

rlsanders · ‎01-21-2010

As Plankton says, Symantec employees are taking this very seriously and working hard to resolve it. In my case, what the bug means is that something like one out of every three reboots I need to reboot a second time, after which everything is fine until my next reboot. That's irritating, but it's certainly something I can live with for the short period of time until the bug is fixed. IF my experience is typical, it's hard for me to understand why people are going to extreme lengths like rolling back to 17.1 or switching to NIS 2009. The time involved in doing that is likely to far exceed the time required by some extra reboots until the problem is fixed.

Mark_Kratzer · ‎07-05-2009

I had one system where no matter how many reboots, it never loaded. I had another where it was loading 1 out of 3.

It seemed to me that today I could be scoring 1 out of 3 and tomorrow I could simply not be able to load NIS at all. There is no reason to assume that won't be the case.

When you are looking at rolling back your system disk, then every day you wait makes it more problematic when you do it. I first tried a few other things which I thought made a difference, but I realized that I was practicing voodoo tweaking.

I image the system disks each week to protect against hard drive crashes, successful zero day attacks, and catastrophic software upgrades. This would fall into the last category. The procedures were there ... so, why not use them. Admittedly, this zero-day exercise rather than being result of malware was the result of a security suite. Ironic, isn't it? (Taoism as applied to systems software.)

People may do whatever they want about this problem. I am not trying to push anyone into anything. Simply to provide the steps needed for non-technical users to get back to where they were before the end of last week.

Symantec may be working hard to resolve this matter, but I can still be displeased:

* That such a wide spread problem was not caught by SQA lab testing.

* That there has been a failure to provide a simple and expedient work around for this problem.

I respect the Symantec employees who develop NIS and support it. I would hope that they also respect their customers enough to tolerate polite criticism of NIS and Symantec's procedures.

rlsanders · ‎01-21-2010

>> I respect the Symantec employees who develop NIS and support it. I would hope that they also respect their customers enough to tolerate polite criticism of NIS and Symantec's procedures. <<

If that's a response to my post, I just want to clarify that I'm not a Symantec employee. Apologies if anything I said sounded disrespectful--I certainly didn't intend it that way.