• Gesamte Community
    • Gesamte Community
    • Foren
    • Ideen
    • Blogs
Erweitert

Nicht was Sie suchen? Die Experten fragen!

Dieser Thread braucht eine Lösung.
Danksagungen3 Stats

Is it safe to install August 2019 Windows 7 update??

Hello,

Running W7 x64 , latest 22.18.0.213 NS and I'm gathering that info from Microsoft:

https://support.microsoft.com/en-us/help/4512486

Quoted from that KB:

"Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available."

So my question is, should I manually install this update and it's prerequisite: Prerequisite: The SHA-2 update (KB4474419) must be installed before installing this update. For more information on SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

or skip it for the moment??

Thanks.

P.S. I suppose the same issue should affect W10 also, but haven't the time yet to check my W 10 x64 systems.

Antworten

Danksagungen3 Stats

Re: Is it safe to install August 2019 Windows 7 update??

As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, Microsoft will release an update to Windows 7 SP1 on August 13th, where the Microsoft Windows Updates are now SHA-2 signed instead of SHA-1 signed. 

We have identified the potential for a negative interaction between Norton and the changes explained within the Microsoft KB. Symantec and Microsoft worked together to only allow the update to be visible to versions of Norton that offer full support for Windows 7 Updates that are solely SHA-2 signed.

We will release a Norton patch in the coming days to support the installation of updates that are only SHA-2 signed.

We don’t expect much impact. We can recommend that the customers click on ‘Always Allow’ when there is an alert, thereby allowing the Microsoft applications to function seamlessly.

We will be posting about this issue on the public forums, if we see large impact.
We already have an Enterprise KB article for this issue. 

Norton Forums Global Community Administrator | Symantec Corporation 

Danksagungen3 Stats

Re: Is it safe to install August 2019 Windows 7 update??

I think that this significant issue with Norton Security and this month's Microsoft security updates should be stated in a pinned announcement at the top of the Norton Security section to make it much more visible as it will impact many Norton Security users.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

bjm_:

As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, Microsoft will release an update to Windows 7 SP1 on August 13th, where the Microsoft Windows Updates are now SHA-2 signed instead of SHA-1 signed. 

We have identified the potential for a negative interaction between Norton and the changes explained within the Microsoft KB. Symantec and Microsoft worked together to only allow the update to be visible to versions of Norton that offer full support for Windows 7 Updates that are solely SHA-2 signed.

We will release a Norton patch in the coming days to support the installation of updates that are only SHA-2 signed.

We don’t expect much impact. We can recommend that the customers click on ‘Always Allow’ when there is an alert, thereby allowing the Microsoft applications to function seamlessly.

We will be posting about this issue on the public forums, if we see large impact.
We already have an Enterprise KB article for this issue. 

Norton Forums Global Community Administrator | Symantec Corporation 

Hey BJM_,

I manually install W7 Security only updates from MS Catalogue website, so the quoted text : "to only allow the update to be visible to versions of Norton that offer full support for Windows 7 Updates that are solely SHA-2 signed." , how would work with Norton Security installed???

Cheers,

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

Apostolos:

Hey BJM_,

I manually install W7 Security only updates from MS Catalogue website, so the quoted text : "to only allow the update to be visible to versions of Norton that offer full support for Windows 7 Updates that are solely SHA-2 signed." , how would work with Norton Security installed???

Sorry.....  
Hopefully, with the Norton patch in the coming days, will come information re Microsoft Update Catalog website.

Lets hear from Community

Danksagungen3 Stats

Re: Is it safe to install August 2019 Windows 7 update??

Apostolos , Snowman 1. Defer the update until Norton has an official statement AND it clearly states a patch is available BEFORE attempting to install those updates at a later time.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
Danksagungen3 Stats

Re: Is it safe to install August 2019 Windows 7 update??

I'm running Norton Security v. 22.18.0.213 on Win 7 SP-1 Pro x64.

Windows Update informed me that KB4474419 was available. I installed it, and my computer works fine.

This update, however, is not the problem. The problem is apparently with KB4512506 -- Monthly Rollup and KB4512486 -- Security-only update. Even after installing KB4474419, MS Updates didn't offer me either or the problematic ones.

The Symantic Enterprise KB article only indicates that the problem is with Enterprise Endpoint Solutions; it doesn't mention any of the Norton products at all. 

The answers provided to this Forum Thread are not at all clear except for this: "Defer the update until Norton has an official statement AND it clearly states a patch is available BEFORE attempting to install those updates at a later time."

This should be in big red letters at the at the head of this Forum. I'm sure lots of Norton users around the world are wondering what's going on with the August MS updates.

I'm wondering out loud how Norton intends to distribute its official statement and clearly state that a patch is available to address this specific issue.

Danksagungen1 Stats

Re: Is it safe to install August 2019 Windows 7 update??

The question also is what happens if a user tries to install manually those updates from Microsoft Catalogue.

https://support.microsoft.com/en-us/help/4512486

Will it install or Norton will destroy the installation process??

For the moment I manuallyinstalled KB4474419 and 2019-08 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based systems (KB4511872) with no side-effects.

I won't use Windows Update to update other components like Office or .NET Framework, (if available this month), until Symantec releases a patch.

Cheers,

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

The question also is what happens if a user tries to install manually those updates from Microsoft Catalogue.
I think this has been addressed in previous postings. Anyway, the short answer (as far as I understand) is "Don't do it".

For the moment I manually installed KB4474419 ...
As mentioned previously, there is apparently no problem with KB4474419. I installed it on several machines directly from Windows Update without incident.

I won't use Windows Update to update other components like Office or .NET Framework, (if available this month), until Symantec releases a patch.
Good idea, but it almost sounds like you don't trust M$ in this case.

To me, they've actually handled this MUCH better than Symantec. (And no, I'm definitely not a Microsoft fanboy!)

My understanding of computers is quite limited, but I assume that in order to block computers running Norton products, Microsoft had to invest some time and money in programming/reprogramming their Windows Update system. After all, the Aug 2019 Windows Update somehow immediately identified machines all around the world running Norton products and "miraculously" blocked the delivery of the potentially damaging updates.

In contrast, Symantec made available an inane statement about Enterprise Endpoint Solutions that doesn't even mention their Norton product line, which I assume brings in lots of money for them.

Anyway, I'm hanging on to see how this works out. My guess is that if and when Microsoft releases the potentially dangerous updates to Norton users, it's a reasonable assumption that they think the problem has been solved. Of course Symantec will address the issue at some point and update the Norton programs as required. I just wonder how they're going to let us know when this has been done.

In the recent past, I've only received new Norton versions when I manually run "LiveUpdate". I assume this practice will continue. Only when a new version is out will I check Windows Update to see if the problematic August 2019 Updates are available.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

FWIW.
​Offered x2 W7 64 Home Premium Updates. Both installed, OK.
KB4507449 installed, Last Month.
SinecoalCirph4.

Danksagungen1 Stats

Re: Is it safe to install August 2019 Windows 7 update??

Apostolos, I just posted a thread in the Tech Outpost area concerning the latest update KB4512508 for Windows 10 from the August 13 patch cycle. Installing it cause SERIOUS heating issues on the one devices I installed it on. Although not related to Win 7, I see in your original post that you have a WIN10 system as well. Please advise if you see anything funky while updating your W10 system which may relate to that thread if you'd be so kind.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

"FWIW.
​Offered x2 W7 64 Home Premium Updates. Both installed, OK.
KB4507449 installed, Last Month.
SinecoalCirph4."

Last month?

 
Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

houri. Last month?

​It appears in Windows Updates for 10/07/2019. LAST MONTH !
SinecoalCirph4.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

ITMA:

houri. Last month?

​It appears in Windows Updates for 10/07/2019. LAST MONTH !
SinecoalCirph4.

KB4507449, the July Monthly Rollup, had an issue with McAfee. There was no problem with Norton products as far as I'm aware.

Please excuse me, but I'm not sure I understand the relevance of your post. The problems under discussion here relate to The August Monthly Rollup KB4512506 (link is external) and KB4512486 (link is external) -- the Security-only update.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

The following article might be of interest to followers of this thread, though it really doesn't add any information toward a solution of the problem.

https://borncity.com/win/2019/08/14/symantec-norton-blocks-windows-updates-sha-2/

There have also been a couple of questions regarding manually installing the updates in question.

Microsoft wrote, "We recommend that you do not manually install affected updates until a solution is available."(https://support.microsoft.com/en-us/help/4512486/windows-7-update-kb4512486)

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

houri. Please excuse me, but I'm not sure I understand the relevance of your post.

I keep an eye out for current trends, in what's coming up, and what's gone 'phut'. Hopefully, to mitigate against the 'phuts', I'll see if there's a manual install available, and install it. So, I don't encounter, what others are experiencing. It's a continual process.
SinecoalCirph4.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

ITMA:

houri. Please excuse me, but I'm not sure I understand the relevance of your post.

I keep an eye out for current trends, in what's coming up, and what's gone 'phut'. Hopefully, to mitigate against the 'phuts', I'll see if there's a manual install available, and install it. So, I don't encounter, what others are experiencing. It's a continual process.
SinecoalCirph4.

So far so good. But I still don't see where you've addressed the August 2019 updates issue. 

I know you started your first post with FWIW, so you've certainly given yourself some breathing space. 

What I'd really like to know though, is whether you've installed the August 2019 Windows Update and, if so, what the outcome was.

Thanks for your ongoing feedback.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

So far so good. But I still don't see where you've addressed the August 2019 updates issue. I know you started your first post with FWIW, so you've certainly given yourself some breathing space. What I'd really like to know though, is whether you've installed the August 2019 Windows Update and, if so, what the outcome was.

houri.
It's all to do with changes to SHA-*, and how users best address the issue. Prudence dictates that when in doubt, wait for official fixes, and don't manually load updates, not offered by WU. What I do is exclusive to me; certainly not satisfactory elsewhere.
ALWAYS UTILISE 3RD PARTY ADVICE, WITH EXTREME CAUTION !
SinecoalCirph4.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

ITMA:

houri.
It's all to do with changes to SHA-*, and how users best address the issue. Prudence dictates that when in doubt, wait for official fixes, and don't manually load updates, not offered by WU. What I do is exclusive to me; certainly not satisfactory elsewhere.
ALWAYS UTILISE 3RD PARTY ADVICE, WITH EXTREME CAUTION !
SinecoalCirph4.

 @ IMTA

I find your evasiveness perplexing. As I wrote, "What I'd really like to know ... is whether you've installed the August 2019 Windows Update and, if so, what the outcome was."

Please excuse my persistence. To me this is not a philosophical debate regarding computer practice but rather a simple attempt to gather information about other people's experience with the August 2019 Microsoft Updates and the purported interaction issue with Norton products.

I will make make my own decision as to what to do. 

Again, thank you for your ongoing input.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

I find your evasiveness perplexing. As I wrote, "What I'd really like to know ... is whether you've installed the August 2019 Windows Update and, if so, what the outcome was."
Please excuse my persistence. To me this is not a philosophical debate regarding computer practice but rather a simple attempt to gather information about other people's experience with the August 2019 Microsoft Updates and the purported interaction issue with Norton products.
I will make make my own decision as to what to do. 

 houri.
NOTHING LEFT TO MENTION !

SinecoalCirph4.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

Folks. Microsoft began the SHA-2 migration with monthly update back in March of this year. The final mitigation is with this month's roll up. IF, you have been staying on top of and installing regular updates as they are released you are ahead of the game. That being said, someone here said third party advice doesn't have merit. To each their own as installing updates is a decision which is user based. Personally, I stand by my previous statement NOT to install this update until Norton has patched their products. AND, its ready for prime time. NOT Norton just waiting to "see what the impact within the community is", then they patch. If you don't want data loss or the risk of it, don't patch unless you backup your system with an image on a regular basis.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

Regarding the 7 entry on this thread from houri "... it doesn't mention any of the Norton products at all." and " I'm wondering out loud how Norton intends to distribute its official statement and clearly state that a patch is available to address this specific issue. "

Maybe following support article (which was referred to in the German Norton Forum by a moderator) might help you (hopefully it will be updated when there is an update)

https://support.norton.com/sp/en/us/home/current/solutions/v133892938

I think the Norton product line will be automatically updated via live update (probably around or before the 22nd of August - this is the possible release date of the Enterprise product line patches) and after that the (maybe manually triggered) automatic windows update will detect the compatible file version of the Norton driver and will offer the August security update.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

Apostolos:

I manually install W7 Security only updates from MS Catalogue website, so the quoted text : "to only allow the update to be visible to versions of Norton that offer full support for Windows 7 Updates that are solely SHA-2 signed." , how would work with Norton Security installed???

Cheers,

Technically Microsoft blocks the installation of the new updates which contains SHA-2 only signed files via a precondition check in their automatic windows update only (either on the existence of files with a specific version number or existence of a registry key). So when you download the msu directly this check will never be executed (the catalog website doesn't verify any prerequirements either) and it will install anytime (with any consequences) as this check is only contained in the metadata verified by the automatic windows update component - so you have to verify compatibility manually before executing the msu files.

https://support.microsoft.com/en-us/help/4512486

Officially you should NOT install it unless you have your Norton Security patched with the SHA-2 compatible version of the signature verification component which has to be released yet.

As soon as Norton installs the compatible patch the precondition will be true at the next automatic check and the update will be automatically offered by automatic windows updates. As far as I remember: If you download from the update catalog only to install the security-only update and not the cumulative update, you can do this by hiding the cumulative update with right mouse click and starting a new search.

So one possibility would be to install all applicable updates and then to set your automatic windows update to never or check but not download and as soon as you see KB4512506 or KB4512486 being offered downloading and installing them should be safe (at least on this computer).
Or you wait until there is more information about the location and version number of the compatible driver component of Norton (then you can verify compatibility manually and install the August security update when the compatible driver component is installed).

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

John Owens claimed in the Enterprise forums that there would be currently no known issues with the mentioned Windows Updates - at least for Symantec Endpoint Protection - and people having installed the update manually should have no problems, but this can't be guaranteed for future updates (Norton's signature verification component on Windows 7 SP1 and Windows 2008 R2 SP1 systems only is unable to verify the SHA-2 signatures of these files and so there is fear that it might give this critical system files a bad reputation at any time causing them to be deleted and thus your computer fail to boot).

It is not clear whether this can be also applied exactly to Norton because of the maybe different additional detection engines.

Regarding experiences: I installed KB4512506 manually on a testing computer after all other applicable updates had been installed (see prerequisites and latest SSU in the KB article). Strangely after that automatic windows updates wanted to install 4 updates which had been released in 2016 or before after that. This also occurs when you deinstall Norton, install all windows updates (the August security updates will be then automatically installed) and then reinstall Norton. I'm unsure whether automatic windows updates doesn't handle this case properly (as the update is being regarded as not installable with Norton and so it is confused that some files of those old updates don't match anymore and might even downgrade those files to a very early version - I haven't tried or verified what really would happen by installing them) or if Norton really messes up (deletes/blocks update of) the files as this does not occur when Norton is not being installed. Even if Norton doesn't mess anything up the automatic windows update detection behaves strangely when Norton is installed and so the resulting system state is questionable and probably unsupported by Microsoft and Symantec.

Officially Symantec has decided to have the updates blocked for the SHA-2 incompatible Norton/Symantec signature verification driver versions. For manual installs on these versions you'll probably be on your own and have to decide whether you risk the issues of false positives or temporarily replace your protection solution (be aware that there are warnings (German BSI and CERTs) against (company) computers with activated remote desktop and not having all August security-patches applied). You might need updated installer files when you remove Norton, install the updates and then want to install it again. You should also verify that you have backups of your Password Manager if you choose to deinstall Norton temporarily.

You could also think about upgrading your Windows 7 SP1 to a newer version (when I read the information correctly only the Windows 7 SP1 version of Norton is affected by this problem)  as it will be EOS soon (January 2020).

Danksagungen1 Stats

Re: Is it safe to install August 2019 Windows 7 update??

As a user of Norton Security I think that the way that Norton have handled their SHA-2 problem is appalling.

The problem should not have happened in the first place - Microsoft gave notice about the SHA-2 signing change months ago.

Given that the problem did happen I would then expect the following from a professional, customer-focused organization:

- An apology to customers recognizing that the problem should not have happened and giving a commitment to investigate why it happened and then put in place measures to try to prevent a similar situation in future.

- An official statement that includes the following information:
a) Which versions of which Norton / Symantec products in which Windows environments have the SHA-2 problem.
b) An estimated date when each Norton / Symantec product will be fixed.
c) Where to go for status updates - if the estimated fix dates change and announcing when the problem has actually been fixed for each product version.
d) What actions a user is expected to take for each product and when to take them.

The very limited information that Norton / Symantec have officially published seems to relate to Symantec Endpoint Protection, which is a product that I do not use. It is not clear whether the estimated timescales for fixing Symantec Endpoint Protection have any bearing on the timescale for fixing Norton Security.

On 13th Aug bjm_ helpfully obtained and posted a comment from the Norton Forums Global Community Administrator in this thread:

https://community.norton.com/en/comment/8190831#comment-8190831

To my mind this seems to indicate that Norton don't seem to think this issue is a big deal:
- It says 'We don't expect much impact'.
- It says 'We will be posting about this issue on the public forums, if we see large impact.'

5 days have now elapsed.

I think that Norton are underestimating the feelings of Norton users regarding their SHA-2 problem and that their response to the problem has been inadequate.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

- An apology to customers recognizing that the problem should not have happened and giving a commitment to investigate why it happened and then put in place measures to try to prevent a similar situation in future.

I agree that it is a shame that they haven't noticed that earlier (as MS published information about this going to be happen as early as Nov 2018, but with uncertain time frame).

As they seem to have had no fix ready to be deployed their decision to have the update precautionously blocked to prevent the possibility of their customer's computers not booting up any more is understandable. I think we would have been much more angry on them when they forgot to prepare their product AND then let automatic updates make the computers unusable. And we would also not have been happy when they deployed a quick untested patch with the possibility of crashing the systems.

In combination with the RDP security issues and no clear communication how to proceed now the situation clearly isn't ideal. The question is whether they really could not implement a temporary whitelist of the new system files and thus allowing the updates to be installed (maybe they decided not to do that, because they probably would have to use weak SHA checksums and MS will have a good reason for not using them anymore or because it would have also had the possibility to negatively effect the systems stability).

As John_Owen stated that there seems to be no negative effect on manually installing the updates on systems with SEP (although he does NOT recommend that), an official statement of Symantec whether this is also true for the Norton product line and how to proceed would be nice, but I personally think they are waiting and going to release the updates around the 22nd of August and then this will not matter anymore (unless you are responsible for a company and have to decide how to properly safeguard your systems against all vulnerabilities in the meantime).

I don't work for Symantec/Norton so I don't have secret/further information nor can I speak for them, but I will try to answer your questions with the currently available informations.

The very limited information that Norton / Symantec have officially published seems to relate to Symantec Endpoint Protection, which is a product that I do not use.

I posted the link from the German Norton forum in this thread before (I think they will update it when they have patches available):

https://support.norton.com/sp/en/us/home/current/solutions/v133892938

a) Which versions of which Norton / Symantec products in which Windows environments have the SHA-2 problem.

I think the information about the reasons from John_Owens (a Symantec Technical Support Employee) about this issue for Symantec Endpoint Protection is applicable to Norton as well:

https://www.symantec.com/connect/forums/issue-about-sha2-windows-update-...

The issue is that the file verification component for Norton running on Windows 7 SP1/Windows 2008 R2 SP1 systems can't handle SHA2 signatures (on other systems there seems to be a newer verification component and thus they should not be affected). As Microsoft has switched to SHA2 only file signature with the latest updates there was the possibility that Norton might distrust the new system files (as it can't verify the signature to be a trusted Microsoft signature) and this could lead in combination with other false positive detections to the decision to delete/block critical system files causing your system to fail to boot.

Norton on Windows 10 should not be affected as Microsoft switched there earlier to SHA2 only signatures and so there this issue would have been triggered earlier: https://support.microsoft.com/en-us/help/4472027

Norton on Windows 8.1 should currently also not be affected (if it not already uses the newer verification component - I think it does already), because MS seems to have not changed to SHA2 only signature of system components yet.

b) An estimated date when each Norton / Symantec product will be fixed.

I don't have real information, but when SEP is being fixed on about 22nd of August, I think they will deploy similar updates to Norton about this date, but check the support documents and new posts.

c) Where to go for status updates - if the estimated fix dates change and announcing when the problem has actually been fixed for each product version.

As John_Owen stated SEP will only receive fixes for the latest versions. Regarding status updates I would refer to the official support documents for Norton (posted above) and Endpoint Protection

d) What actions a user is expected to take for each product and when to take them.

If you are not running Windows 7 SP1 you probably have to do nothing.

When you are running Windows 7 SP1 there are two possibilities:

1) When you are not a business user (and not running RDP) you probably are using Norton products and you will have to be more careful when you are online (as you don't have all the security patches) until the Norton patches are released.

For installation of the Norton patches I think the only thing you have to do is to trigger live update regularly (as product updates are deployed via live update on the Norton product line) and check afterwards whether Windows update will offer you newer Windows updates after triggering a search. As soon as Windows detects that the Norton file verification component has been updated with a compatible version it should start offering the updates on a new update search (maybe MS has to update the WU metadata for verification, but this is something Symantec has to take care of if they not already have agreed on the version number of the fixed component or a "I'm compatible"-registry key).

2) When you are a business user  you should consider how to protect against the RDP and other security holes and when you are using Endpoint Protection you have to check whether you are current on maintenance (eligible to download the released patches) as it seems that Symantec won't publish these via liveupdate for Endpoint Protection, but you will have to manually download and apply them.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

Beating a dead horse here it appears folks. Windows 10 is all set for the SHA-2 change? Not entirely as I had issues on a couple of machines with the latest Win10 monthly update. Over heating, CPU fans stopped working. Yep!! It was drivers that caused those issues. SHA-2? I cannot prove it either way. Are Windows 7 and Norton ready? For some yes, others maybe not. Microsoft has advised AGAINST manually installing the Win7 updates as others here have stated. WU checks for signing while a manual install doesn't. WAIT for Norton to deliver an official statement and hotfix. The impact is already obvious so. Don't ask for possible issues when others are warning about them. Just my dime!! @Sunil_GA

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

In the Enterprise Forum John_Owens said

Out of an abundance of caution we worked with MSFT to have the update hidden so that the potential for a False Positive could be prevented. The reason for this is that the version of SymVT that's in use with legacy Operating Systems (Win7/Win2K8R2) does not have the ability to see SHA-2 signatures.

By removing the signature from the evaluation process, there is the potential that the final reputation score is impacted which may result in Conviction/Exoneration variance. For this update, we observed no such False Positives.

However, it's possible a future update may have different behavior, so it's in everyone's best interest to pick up one of the fixed releases as soon as they're available so that this concern can be avoided.

Once the machines have the SEP hotfix installed they will be update the MS updates and it will not be blocked. We are not working with MS to remove the block/hiding for updates being delivered by Windows Update.  The hotfix must be installed on these systems once available.  

I think the same is applicable to Norton with the difference that they are probably going to deliver the patch automatically via live update.

The file verification driver of Norton on Windows 7 SP1 systems currently can't verify SHA-2 signatures and even if currently there might be no negative noticable impact, some future definition updates could contain detections which trigger by incident on critical system files and as Norton can't whitelist the critical system files by verification of their signatures they might be deleted. When this happens, you might experience serious impacts (crash, system not booting). If this should happen during a firmware update or something other critical steps your hardware might even be damaged.

So is it guaranteed to be SAFE to install the August update (not KB4474419 which is always offered, but the monthly updates)?

I would say NO otherwise Symantec wouldn't have requested the install blocker for automatic updates.

But you are free to consider the situation and the possible impacts on your environment yourself. Officially suggestion by Symantec and Microsoft seems to be wait until the fix has been deployed via live update (for Norton product line) and then automatic windows updates will offer all the previously blocked Windows updates automatically on next search.

Danksagungen0

Re: Is it safe to install August 2019 Windows 7 update??

And what about the monthly rollup 2019-08 preview KB4512514 now available via Windows Update (Win7 x64) ?