Hello, I've been relying on the manual Intelligent Updater to update the virus defs on NIS 21.7.x (can't trust/use LU anymore as the process would force-upgrade the program to 22.x.x which causes problems on the XP system).  Lately there is a problem with the definitions file 20220324-010-v5i32.exe from here
https://www.broadcom.com/support/security-center/definitions/download/detail?gid=n95

After download, upon executing the said file, the update "completed" with split second, which is weird.  Checking the NIS program however indicates the virus derfs have NOT been updated and are stuck with the defs from the previous day.  (The last defs file that worked was 20220323-024-v5i32.exe).

I then unpacked the defs file and noticed that the unrar.dll file is different in size: 271kb instead of the usual 180kb.  I also tried swapping the unrar.dll and tried working on the 3-24 defs updates, but failed.  Checking the Logs.IntelligentUpdater.txt file shows that there's a problem with this very file.

So as a result, the virus defs files from 20220324-010-v5i32.exe failed to be extraced and put into the NIS folders concerned.  To reiterate, after executing the said file, the virus defs folder still remains in "20220323.024" and not the " 20220324.010" as expected.

Can someone please investigate the unrar.dll issue and correct the problem in all subsequent virus defs updates?

@imacri
Yes I know what you mean.  I've been busy these days so I put off the testing, ie. migrating to v22.15.x.x.  Already I need to migrate MBAM to v3.5.1 first (you already new that since you are active in that Forum as well).  After I've dealt with the MBAM upgrade I'll prepare to migrate NIS/NS to the said legacy v22.15.x version.

The fact that WTWASP has applied the April 5020 v22.x update with success has given me some hope that v22.x may finally work properly under XP; but still only time will tell.  What I don't like is the "silent upgrade" strategy which acts more like a virus commandeering the entire system.  Once I've backed up my system and made other preparations, I'll proceed to the v22.15.5.40 update and see what will happen.  We'll see from there...

As for why NLL and BC/Sym didn't take the initiative to fix the UNRAR.DLL mess, God knows why?  It is however hard to understand that, when a problem develops and gets discovered, even after vigorous vetting from the customer crowd, why the staff from those two entities would simply find ways to stall the problem without actually considering the ramifications they've done while migrating their software workflow.  In other words, they have not done well enough to ensure the legacy compatibility of certain support mechanism (eg. IU) and this is going to be smear both entities' reputation even further -- now that more and more people are aware of the problem (and that those affected have kept complaining).

When in the tech scenario, the people who are responsible for mess-ups like these, are those who are unfit to survive in such tech scenario, on top of other malpractices that exist in such circle.  Bad apples need to be weeded out.  We'll see......

Hi anon743:

Have you tried the upgrade to Norton v22.15.5.40 (released Sept 2020, the current legacy version for Win XP and Vista described <here>) to see if it runs correctly on your Win XP SP3 machine?

I realize that won't solve the unrar.dll failure when the Intelligent Updater tries to apply the full virus definition set on your Win XP SP3 machine, but if Norton v22.15.5.40 runs correctly then the automatic LiveUpdate task should be able to keep your virus definitions up-to-date.
-----------
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1766 * Firefox v102.0.0 * Microsoft Defender v4.18.2205.7-1.1.19300.2 * Malwarebytes Premium v4.5.10.200-1.0.1709 * Macrium Reflect Free v8.0.6758

anon743:

...There's now one more concern on my side.  In fact I've been considering upgrading to the legacy 22.x (22.15.5.40?) software version at some point, and let it run on LU.  But now, given the circumstances on the UNRAR/DLL issue, How do I know if I can do so without problem??   Can somebody at NLL answer this question? ...

Hi anon743:

Here are some things to consider while you're waiting for an official response from Norton LifeLock:

The old issue you and WTWASP posted about in FORCED NORTON PRODUCT (N360) UPGRADE CAUSING APPLICATION ERRORS IN XP! was fixed back in April 2020 when Norton v22.15.3 was released so I don't know of any reason why Norton v22.15.5.40 (released Sept 2020, the current legacy version for Win XP and Vista described <here>) would not run correctly on your Win XP SP3 as long as your CPU supports the SSE2 instruction set.  That assumes, of course, that you don't have missing or corrupted system files and/or root trust certificates on your Win XP SP3 machine. I can't speak from personal experience since I stopped using Norton Security Deluxe v22.15.x a few years ago when I purchased a Win 10 laptop and essentially retired my Vista SP2 machine, but I haven't seen any recent threads in this forum from Win XP SP3 or Vista SP2 users reporting a sudden problem with automatic LiveUpdates or other issues with the current legacy Norton v22.15.5.40.

The so-called "hijacking" you often refer to (i.e., the forced upgrade from v21.7.11 to v22.15.2 back in 2020) was done for a very good reason.  The v21.7.11 product you are currently using, as I noted <above>, is still vulnerable to the multiple critical security vulnerabilities disclosed in the June 2016 Symantec security advisory SYM16-010 that have been patched in all Norton v22.7.x and higher products.  From the 01-Jul-2020 CBC News article Google Finds Critical Flaws in Popular Symantec, Norton Antivirus Software about all Norton v22.6.x and earlier products:

"These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Tavis Ormandy, a member of the Google team that hunts for undiscovered security flaws in the world's software. Many are "wormable" vulnerabilities that can be used to make attacks remotely without the user doing anything: "Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it — the victim does not need to open the file or interact with it in any way".

Before starting your upgrade I'd suggest you contact Norton Customer Support via a Live Chat at https://www.norton.com/chat and ask for a download link for the latest v22.15.x legacy full offline installer for your product just in case something goes wrong with the "forced" upgrade from v21.7.11 to v22.15.5 and you have to perform a clean reinstall of v22.15.5.  Back in Dec 2018 I posted download links for the full 130 MB English-US installers for Norton Security v22.15.0 (Norton Security Deluxe is equivalent to Norton Internet Security) in my thread Download Links for NS/NSBU v22.15.1.8 Installers (XP and Vista) but I'm sure Norton could provide download links to much newer legacy installers.  If you want to stick with the Norton Internet Security product name (which I'm guessing is what you would get with a "forced" upgrade) Norton could probably provide a download link for a full offline installer for the legacy NIS v22.15.x as well, but it would have the same features and user interface as Norton Security Deluxe - only the product name at Help | General Information | About would be different.

In theory, running the Norton Remove and Reinstall (NRnR) tool in "regular" mode or using the small stub installer (download manager) you can download directly from your Norton Account at https://my.norton.com/account/subscriptions should handle the entire download and installation process for a legacy product because it should automatically detect your unsupported OS and pre-activate the legacy installation with the 25-digit product key associated with your subscription.  In practice, some Win XP SP3 and Vista SP2 users have found that reinstalling their legacy product this way doesn't always go smoothly, which is why I used to perform a clean reinstall [i.e., uninstalling from Control Panel | Programs and Features and choosing "Please remove all user data" from the uninstall options, re-booting and running the NRnR tool in advanced "Remove Only" mode to remove most of the orphaned files and registry entries, manually deleting the last traces of Norton (only if necessary, for really stubborn glitches)] before reinstalling the current legacy v22.15.x product using a full offline installer.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1.2522-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
-----------
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1766 * Firefox v101.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.6 * Malwarebytes Premium v4.5.10.200-1.0.1702 * Macrium Reflect Free v8.0.6758

Thanks for the post back again.  UNTIL, Norton / BC "officially" states such or otherwise, the issue simply is. Norton, nor Broadcom are going to take "a step-backwards". The legal and other liabilities are far too great, because, the release WILL NOT just be pushed to those who seek it, it will be available to anyone who can download it. There were serious remote code execution issues that forced the older UNRAR to be replaced, with one that isn't coupled with those vulnerabilities. This, as we are all sure, of isn't what customers want to read, nor hear. I just hope Norton / BC will OPENLY step up and make the statement needed putting the issue to rest. We are seriously beating a dead horse with it without that statement. 

SA

@SA
Sorry but I've been offline from desktop for the past 12+ hours.

Just to clarify, my original issue was supposedly with the update package 20220324-010-v5i32.exe (or similar, issued after the noted date), but that package has been removed from the general IU updater page and replaced with something smaller.  Only upon more digging did I realize it's not just one update package that has been affected, but ALL of them.

Unfortunately the defs update package you've referenced in your post, the "20220614-002-core15sdsv5i32", does NOT work in my case.  This is expected as the UNRAR.DLL involved is still on 6.11 which is incompatible with XP (due to the root certs not properly recognized by the IU scripts process).  The log is as follows:

******************************************************************************

Sat Jun 18 17:33:34 2022 : ******************************************************************
Sat Jun 18 17:33:34 2022 :         Starting Intelligent Updater - Version 5.1.8.36
Sat Jun 18 17:33:34 2022 : ******************************************************************
Sat Jun 18 17:33:34 2022 : AUTH SYMSIGNED BEGIN: Started.
Sat Jun 18 17:33:34 2022 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Sat Jun 18 17:33:34 2022 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Sat Jun 18 17:33:34 2022 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Sat Jun 18 17:33:34 2022 : IU RES SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the iuResource DLL
Sat Jun 18 17:33:34 2022 : IU RES LOAD: Successfully loaded the resource file..
Sat Jun 18 17:33:34 2022 : Identified as 32-bit product installation. Continuing...
Sat Jun 18 17:33:34 2022 : IU MODE: IU is running is FULL mode.
Sat Jun 18 17:33:36 2022 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
Sat Jun 18 17:33:36 2022 :     IU INFO: File-name : 20220614-002-Core15SDSv5i32.EXE
Sat Jun 18 17:33:36 2022 :     IU INFO: Creation-date : 20220614
Sat Jun 18 17:33:36 2022 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sat Jun 18 17:33:36 2022 : Entry details:
Sat Jun 18 17:33:36 2022 :     Update-File:             VIRSCAN.zip
Sat Jun 18 17:33:36 2022 :     Update-Desc:             Virus Definitions
Sat Jun 18 17:33:36 2022 :     Auth DLL Name:             SAVIUAuth
Sat Jun 18 17:33:36 2022 :     Auth DLL Location:         local
Sat Jun 18 17:33:36 2022 :     Auth Content-Type:         virus definitions core 1.5 sds x32
Sat Jun 18 17:33:36 2022 :     Deploy Content-Type:         virus definitions core 1.5 sds x32
Sat Jun 18 17:33:36 2022 :     Deploy DLL Name:         SAVIUDeploy
Sat Jun 18 17:33:36 2022 :     Deploy DLL Location:         local
Sat Jun 18 17:33:36 2022 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
Sat Jun 18 17:33:36 2022 : REG SUCCESS: Success while opening key
Sat Jun 18 17:33:36 2022 : REG FAILURE: Failed while fetching the path from registry.
Sat Jun 18 17:33:36 2022 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
Sat Jun 18 17:33:36 2022 : REG SUCCESS: Success while opening key
Sat Jun 18 17:33:36 2022 : REG FAILURE: Failed while fetching the path from registry.
Sat Jun 18 17:33:36 2022 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Sat Jun 18 17:33:36 2022 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Sat Jun 18 17:33:36 2022 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sat Jun 18 17:33:36 2022 : Entry details:
Sat Jun 18 17:33:36 2022 :     Update-File:             VIRSCAN.zip
Sat Jun 18 17:33:36 2022 :     Update-Desc:             Virus Definitions
Sat Jun 18 17:33:36 2022 :     Auth DLL Name:             ISAuthDLL
Sat Jun 18 17:33:36 2022 :     Auth DLL Location:         local
Sat Jun 18 17:33:36 2022 :     Auth Content-Type:         virus definitions core 1.5 sds x32
Sat Jun 18 17:33:36 2022 :     Deploy Content-Type:         virus definitions core 1.5 sds x32
Sat Jun 18 17:33:36 2022 :     Deploy DLL Name:         ISDeployDLL
Sat Jun 18 17:33:36 2022 :     Deploy DLL Location:         local
Sat Jun 18 17:33:36 2022 : AUTH DLL LOCATION: IU will read the DLL location from registry - ISAuthDLL
Sat Jun 18 17:33:36 2022 : REG SUCCESS: Success while opening key
Sat Jun 18 17:33:36 2022 : REG FAILURE: Failed while fetching the path from registry.
Sat Jun 18 17:33:36 2022 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - ISDeployDLL
Sat Jun 18 17:33:36 2022 : REG SUCCESS: Success while opening key
Sat Jun 18 17:33:36 2022 : REG FAILURE: Failed while fetching the path from registry.
Sat Jun 18 17:33:36 2022 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Sat Jun 18 17:33:36 2022 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Sat Jun 18 17:33:36 2022 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sat Jun 18 17:33:36 2022 : Entry details:
Sat Jun 18 17:33:36 2022 :     Update-File:             VIRSCAN.zip
Sat Jun 18 17:33:36 2022 :     Update-Desc:             Virus Definitions
Sat Jun 18 17:33:36 2022 :     Auth DLL Name:             Norton X32 AuthDLL
Sat Jun 18 17:33:36 2022 :     Auth DLL Location:         local
Sat Jun 18 17:33:36 2022 :     Auth Content-Type:         SDSDefs
Sat Jun 18 17:33:36 2022 :     Deploy Content-Type:         SDSDefs
Sat Jun 18 17:33:36 2022 :     Deploy DLL Name:         Norton X32 DeployDLL
Sat Jun 18 17:33:36 2022 :     Deploy DLL Location:         local
Sat Jun 18 17:33:36 2022 : AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X32 AuthDLL
Sat Jun 18 17:33:36 2022 : REG SUCCESS: Success while opening key
Sat Jun 18 17:33:36 2022 : REG SUCCESS: Succeeded while fetching the path from registry.
Sat Jun 18 17:33:36 2022 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X32 DeployDLL
Sat Jun 18 17:33:36 2022 : REG SUCCESS: Success while opening key
Sat Jun 18 17:33:36 2022 : REG SUCCESS: Succeeded while fetching the path from registry.
Sat Jun 18 17:33:36 2022 : AUTH SYMSIGNED BEGIN: Started.
Sat Jun 18 17:33:36 2022 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Sat Jun 18 17:33:36 2022 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
Sat Jun 18 17:33:36 2022 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Sat Jun 18 17:33:36 2022 : AUTH SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the authorization dll C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Sat Jun 18 17:33:36 2022 : AUTH LOAD SUCCESS: Successfully loaded the authorization dll - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Sat Jun 18 17:33:36 2022 : AUTH SYMSIGNED BEGIN: Started.
Sat Jun 18 17:33:36 2022 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Sat Jun 18 17:33:36 2022 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
Sat Jun 18 17:33:36 2022 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Sat Jun 18 17:33:36 2022 : DEPLOY SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the deployment dll C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Sat Jun 18 17:33:36 2022 : DEPLOY LOAD SUCCESS: Successfully loaded the deployment dll - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Sat Jun 18 17:33:36 2022 : AUTHORIZATION SUCCESSFUL: VIRSCAN.zip is successfully authorized for deployment.
Sat Jun 18 17:33:37 2022 : DEPLOY PATH SUCCESS: VIRSCAN.zip will be deployed at location C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\SDSDefs\tmp495c.tmp
Sat Jun 18 17:33:37 2022 : AUTH SYMSIGNED BEGIN: Started.
Sat Jun 18 17:33:37 2022 : AUTH SYMSIGNED: Provider is unknown, returning FALSE.
Sat Jun 18 17:33:37 2022 : UNRAR FAILURE: UNRAR DLL is not Symantec Signed.
Sat Jun 18 17:33:37 2022 : ERROR: unrar.dll is not Symantec Signed. IU cannot continue processing. Terminating all IU operations.
Sat Jun 18 17:33:37 2022 : Cleaning up the AuthorizationEngine
Sat Jun 18 17:33:37 2022 : Calling ReleaseInstance() on the object of IIntelligentUpdaterAuthorizationManager2.
Sat Jun 18 17:33:37 2022 : After release
Sat Jun 18 17:33:37 2022 : Done cleaning up authorization engine
Sat Jun 18 17:33:37 2022 : Done with IU Operations
******************************************************************************

Here's a recap of what the other NLL employee ("dkane") has commented earlier (post removed/not shown here for whatever reason):
**************************************************************************************
15-Jun-2022 | 2:29PM: dkane commented on Problem with Intelligent Updater file

<<Broadcom employee now>>

SoulAsylum is correct about XP support:
Intelligent Updater isn't supported on Windows XP because the patched version of unrar.dll doesn't support the OS.

Separately:
Intelligent Updaters are missing for all Norton clients as of last Friday.

A new SDS engine is being rolled out and we noticed incompatibilities between the old and new engine. We paused the rollout and removed the updaters so people don't get mixed versions. Everyone using automatic LiveUpdate continues to receive the appropriate protection updates. The engine release is expected to resume tonight or tomorrow, pending last-minute testing, and Intelligent Updaters will be published at that time.
**************************************************************************************

To those who were wondering what happened to the IU page where all defs updates packages have been pulled off, the SDS issue fix was why.

But still, no explanation is given on why their WinRAR workflow was upgraded to 6.1+, where previously it was on 4.1.  Just to reiterate, in order for IU (and perhaps even LU) to be compatible with down to XP, the WinRAR workflow would need to be maintained at a version compatible with XP, in this case, Version 5 (5.91 being the final v5 release) where the UNRAR.DLL version is kept at the XP-compatible 5.10.  Yes, I've read about security issues with older WinRAR workflow since v4, but have they actually considered v5?  And, while migrating to v6.1+, have they actually considered the effects on XP compatibility?  It seems to me that, BC/Sym has failed to observe that while hastily doing the WinRAR workflow migration, then realized the XP issue, but that they were brazen enough to stick to the mistake and such and make all sorts of excuses stalling the problem, and not fixing the problem.

On separate note, I was touch-basing with another forum member from the BC/Sym forum side, He told me he still has 100+ w2003 clients to maintain, and this IU problem is bothering him as well.  I'm not going to challenge why he hasn't migrated those clients to a newer OS; every customer has reasons to still maintain legacy OS environments, even though those reasons are often not justified in Forums like here.  But as tech entities (service providers etc.), they need to understand and respect such customers in need and to provide all the support available.  Right now, however, I don't see BC/Sym and NLL committing to that -- especially since NLL has announced back in early 2021 that they'll continue to support legacy XP/Vista clients, noting that there's still a plethora of users (paid customers) that still need to maintain XP clients.

There's now one more concern on my side.  In fact I've been considering upgrading to the legacy 22.x (22.15.5.40?) software version at some point, and let it run on LU.  But now, given the circumstances on the UNRAR/DLL issue, How do I know if I can do so without problem??   Can somebody at NLL answer this question?

I may probably give it another two weeks before I try the v22.6.x upgrade again (even though, I do NOT like NLL's "Silent Upgrade" routine which acts like a virus commandeering the entire OS during the install).  As for the problems with 22.6.x on XP regarding the Application Memory Error issues, we'll see from there, even though NLL has claimed that the updated legacy build version (circa April 2020) has fixed just that, who knows if the problem would return again.

But however that is, if the objective is to support customers down to the legacy XP/Vista then BC Sym and NLL must make sure they'll stick to that promise (at least for the time being).  And thus, instead of updating everything to the next higher number (which is a huge problem within the tech culture), making a small step backwards (plus a little sacrifice) to ensure the legacy compatibility is what they'll need to consider.

I think NLL needs to push this matter harder when they deal with the BC/Sym side.

Understood. I'm addressing the issue with the OP as well, where, the definitions aren't showing for older legacy versions on NIS. The file I linked MAY be the one he needs to correct his issue with XP and the decompiler used as well. Glad hearing your issue was resolved too. 

SA

For Imacri,

HP-Envy

Edition    Windows 10 Pro
Version    21H2
Installed on    ‎11/‎17/‎20
OS build    19044.1706
Experience    Windows Feature Experience Pack 120.2212.4170.0

2022-06 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5014699)

Norton 360 Deluxe, Latest Release.

For SoulAsylum,

You are correct SA.  I was not addressing the overall problem, just the portion I was having.   I was addressing the fact that virus definitions were missing (for some unknown reason) and users who did not use Intelligent Updater could not update manually. 

I apologize if I did not make that clear.  I am just a user of the software who had a specific problem.

I contacted Broadcom and they responded to me that the virus definition files would be up shortly and they have followed through.  I can download and manually update the definition file I need.  My part of the problem is solved.

The info you posted still doesn't address legacy software versions 22.6 or earlier. @anon743 have you tried installing the definitions that are posted as available yet?? If so what are your results?  http://definitions.symantec.com/defs/20220614-002-core15sdsv5i32.exe

Your original issue was with 20220324-010-v5i32.exe

SA

dasl1duh:

Thank you all,  my definition file is there and works.  I am gone (for now).

Hi dasl1duh:

Could you post back and let us know your Windows operating system and Norton product name and version number?

Thank you all,  my definition file is there and works.  I am gone (for now).

File NameCreation DateRelease DateFile SizeMD5 | all

20220617-002-core3sdsg2v5i64.exe | HTTP06/17/20226/17/202241.92 MBE76FA4D16AA2D44769C3BF795CD70947

Supports the following versions of Symantec antivirus software:

• Norton Security (version 22.9, 22.10 and later)
• Norton Security with Backup (version 22.9, 22.10 and later)
• Norton AntiVirus / Norton Internet Security (version 22.9, 22.10 and later)
• Norton 360 (version 22.9, 22.10 and later)

Thank you for posting on the Norton Community. The definitions are now available for download. 

Has anyone given these legacy definitions a shot? Not sure that it would be compatible as I don't have an older machine to test. Just a shot in the dark for the sake of helping find a solution

http://definitions.symantec.com/defs/symcdefscore15v5i3264_legacy.exe

http://definitions.symantec.com/defs/nis6avdefinitions.pkg.zip

http://definitions.symantec.com/defs/nis7avdefinitions.pkg.zip

SA

Looks like anything earlier than June 6, 2022 has been rescinded:

https://definitions.symantec.com/defs/download/symantec_enterprise/index.html

SA

Me too, the Intelligent Updater link https://www.broadcom.com/support/security-center/definitions/download/detail?gid=n95 gets you to the page where the definitions should be.  They are missing.

I used to go directly to the definitions with https://www.broadcom.com/support/security-center/definitions/download/detail?gid=n95#64-bit-platforms  but that doesn't work either, it brings up the headings

• 64-bit Platforms  The following definition sets are suitable for 64-bit operating systems only.  BUT NO DEFINITIONS THERE. 

If anyone can tell me where to find the current core3sdsg2v5i64 executable file that would be nice. 

My last protection update was May 30, 2022  https://definitions.symantec.com/defs/20220530-003-core3sdsg2v5i64.exe

BTW if a simple user like me is concerned then Norton should be really worried.  This is (in IBM parlance) a KNOWN problem.

@Ronny7 Only Norton and its employees can answer the questions regarding the links for downloads being deactivated. Norton employee Matt Boucher or someone from his team are the most reliable source for that information. My hope is they are developing a way around the issues discussed, with a fresh set of update sets for everyone. Of course, testing what may be in store will take time. A global vulnerability fiasco isn't something any A/V company would be willing to risk for the sake of speed. Lets hear from Norton vice speculation as we all have our own opinions about things.

SA

SoulAsylum:

...Norton also is no longer a part of Symantec as they were absorbed by Broadcom long ago. Broadcom isn't concerned with the UNRAR issue, again, they are not bound to taking a step backward for the same reasons as Norton....

Hi SoulAsylum:

Per my post <above>, this unrar.dll problem is also affecting Broadcom / Symantec Endpoint Protection (SEP) customer who have Win XP clients on their network.  The Broadcom knowledge base article ID 241845 Error: "unrar.dll is Not Symantec Signed. IU Cannot Continue Processing" When Installing Intelligent Updater After 3/24/2022 (last updated 16-May-2022) suggests that the problem might be related to missing root certificates that are required to authenticate the decompression module (unrar.dll) included in the Intelligent Updater file. Instructions are provided in that article for installing the "DigiCert Assured ID Root CA" certificate.

I also suggested <above> that anon743 might be unable to update from the unsupported NIS v21.7.0.11 to NIS v22.15.5.40 (i.e., the official legacy version of Norton for Win XP and Vista - see Gayathri_R's 24-Sep-2020 product announcement at Norton 22.15 for Windows XP, Windows Vista, Windows 7 SP0 is Now Available!) because of a missing root certificate that would normally be found on a Win XP SP3 computer, but that's just speculation on my part.  I know of many Win Vista SP2 users who performed a clean reinstall of their operating system after March 2020 (i.e., before Microsoft deactivated the Windows Update servers for Win XP and Vista in August 2020) and saw an error 800B0109 ("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider") when Windows Update attempted to install a cumulative security update for their .NET Framework that was released on 11-Apr-2017 before Vista reached end of extended support.  These Vista SP2 users had to manually apply the missing root certificates in the MicrosoftRootCertificateAuthority2011.cer file before they could update their .NET Framework - see greenhillmaniac's June 2020 solution in Certificate Trust Provider Error Installing Updates in the Vista board of the MFSN forum.

Ronny7:
There are no any updates on this page Norton Definitions for Windows XP/Vista/7/8/8.1/10 (broadcom.com) for several days.

However, none of this explains why all the 32-bit and 64-bit Intelligent Updater files have suddenly been removed from the Broadcom site at Norton Definitions for Windows XP/Vista/7/8/8.1/10.  Without those files the instructions in the Norton support article Update Virus Definition Files Using Intelligent Updater are useless for all Norton subscribers, regardless of their Windows OS.

SoulAsylum, that's really good, but what's about the definitions download page? Is it closed for maintenance?

How can we manually download antivirus bases for NS/NIS?

Thanks

Just a recap!! Have any of you performed the task that Norton employee Matt Boucher requested? Version 21.7.0.11 was released way back in 2015, the older the OS, especially those no longer getting support from Microsoft IS the issue here. From where I sit. Norton isn't going to take a "step backwards" for security reasons, coupled with the liability issues those still using the outdated OS will certainly spill onto Norton when/if they systems get borked. Norton also is no longer a part of Symantec as they were absorbed by Broadcom long ago. Broadcom isn't concerned with the UNRAR issue, again, they are not bound to taking a step backward for the same reasons as Norton. IF, they do release a powdered down UNRAR, it won't just go to a handful of users it will be available globally. There are serious implications there. Did all of you visit the article I posted specifically addressing the "Decomposer" and "Remote Code Execution" issues from 2016? Personally I believe there is where the answer to this ongoing XP issue lies.  @Matt_Boucher

https://www.exploit-db.com/exploits/40031

Please turn on LiveUpdate to make certain you are running the latest version associated with windows XP. I understand from your original post that you believe "process would force-upgrade the program to 22.x.x which causes problems on the XP system", have you tried this? What problems do you see?

SA

@Ronny7
Yes I noticed that as well.  However, it is too early to assume that NLL and BC/Sym have finally realized the problems as discussed throughout this entire thread, and have proceeded to repack all definitions updater packages via the older WinRAR workflow (pre-6.02), as the Rapid Release Virus Definitions page has not been equally taken down for similar maintenance
https://www.broadcom.com/support/security-center/definitions/download/detail?gid=rr

In other words, the definitions updater executable "symrapidreleasedefscore15-v5i32.exe"  from the aforementioned Rapid Release page is still being packed via the newer WinRAR workflow, which is incompatible with XP.

If you have not read this thread completely to understand the scope of the problem, may I suggest that you do that again.  Read EVERY post here and all the provided information and observations, to understand the severity of the problem.

But anyway, here's a recap:

1. The virus definitions updater packages from the Intelligent Updater (IU) page stopped working on XP clients since March 24.  This is due to an improper WinRAR workflow upgrade at NLL/BC Sym that is incompatible with tne XP environment;

2. The virus defs updater packages (executables) from the IU page are currently packed via WinRAR 6.10 or later, with the accompanied Dynamic Library file UNRAR.DLL version being 6.11.  This version of UNRAR.DLL is incompatible with the XP environment as the embedded root certificates cannot be properly interpreted under XP.  As a result, when running IU, this UNRAR.DLL CANNOT be authenticated by the IU process scripts, and thus IU operation terminates without unpacking the bundled VIRSCAN.ZIP archive and appending the contents to the client's software product;

3. In order for IU to be compatible down to XP, an older (fallback) WinRAR workflow needs to be reinstated, ie. earlier than version 6.02 (5.91 recommended) where the UNRAR.DLL version is maintained at 5.10, which is XP-compatible;

4. The botched WinRAR workflow is entirely of NLL and BC/Sym's fault.  In order to resolve the problem, it will be up to these entities to take the initiative to revert to the said older WinRAR workflow, or else the IU will continue to be rendered incompatible with XP environment;

5. This problem affects BOTH consumer customers (from the NLL side) as well as enterprise customers (from the BC/Sym side, who are running Symantec Endpoint Protection software on XP clients);

6. This issue has been elevated to NLL a few times, yet no progress has been reported throughout the past weeks at all.

But that's NOT all.  Apparently, even Live Update (LU) is affected, given the same logic.
Refer to this thread
https://forum-ru--board-com.translate.goog/topic.cgi?forum=5&topic=24492&glp&_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

... and notice member Strannik06's comment below:
"I'm investigating the problem further, I found that in  
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\liveupdate\LiveUpdateDownloads
 
All databases are downloaded new, in ZIP format.
It turns out that LiveUpdate works fine, the databases are downloaded, but they cannot be installed.
What could be the problem?"

This can be a strong indication that, all ZIP resources deployed via Live Update are also being packed via the newer WinRAR workflow, which, under XP, CANNOT be unpacked via the accompanied UNRAR.DLL (v6.11); as a result, under XP environment, Live Update operation will fail and terminate.

@Matt_Boucher
Please refrain from posting curt and insensitive comments like you did.  Read this entire thread carefully to understand the scope of the problem.  Your comments are of NO help except to result in more customer resentment, and to berate those who are in need of a fix from this very ordeal here.

My problems with NIS/NS 22.x.x on XP dated from mid-late 2015 and continued throughout 2020.   I chose to hang on to NIS 21.7.xx as version 22.x has given me a horrible user experience under XP, and even after NLL claimed they've fixed the problems I've reported since having released a newer legacy v22.x build in April 2020, I simply lost faith with v22.x.  All these have been mentioned from a few other threads in this Community Forum; I suggest that you go research them.