Hello!
There are no any updates on this page Norton Definitions for Windows XP/Vista/7/8/8.1/10 (broadcom.com) for several days.
Could you pls. tell what's the reason?
Please turn on LiveUpdate to make certain you are running the latest version associated with windows XP. I understand from your original post that you believe "process would force-upgrade the program to 22.x.x which causes problems on the XP system", have you tried this? What problems do you see?
It's now May 26 as we speak and yet this IU fiasco has still NOT been sorted out. I'm extremely concerned with why this problem has been stalled this long? Not sure what the heck NLL and BC/Sym are thinking right now?
Just a reminder that, it wasn't just me who was raising the IU issue, but also those pro customer base at the BC/Sym forum as well (as referenced in imacri's provided forum link above). Yet all of our concerns have seemed to have fallen into deaf ears. WHY??
But even though the NLL side has claimed they have escalated this issue, if NLL fails to push BC/Sym into taking action to review their virus definitions file packing/unpacking workflow, then pretty much the entire IU mechanism will continue to be crippled.
What is even more ridiculous is that, on the BC/Sym's IU (or Rapid Response Virus Defs) page, only one or two of the definitions packages have been taken down for some time, then redeployed -- but without having done anything, and this having VERY SAME PROBLEM. But the rest of the definitions update packages which are having the same problem, have remained to be available.
Folks at NLL, can you do better than this? AFAIK this matter has been escalated since late March. Obviously, with all those logs and customer testimony, the culprit with the IU fiasco points to the bad WinRAR workflow where a newer version (6+) has been deployed to pack the virus defs packages, without careful consideration. Tell your associates at BC/Sym to IMMEDIATELY STOP USING WinRAR 6+ and revert to an earlier version (v5.91 or earlier). It needs to be done ASAP, or the problem will continue to persist (esp. on the XP side).
So I've examined the root certificate properties on various UNRAR.DLL files, and here are the screencaps for everyone's reference:
UNRAR.DLL version 6.11 (ie. the one that is causing IU deployment after 3-24, especially under XP environment):
UNRAR.DLL version 4.10 (ie. the one that is working all well within the successful IU deployment, down to XP, up to 3-23):
This UNRAR.DLL version 5.10 is from my local system where WinRAR v5.91 is currently in use. The root certs' signing however is completely different:
Additional discussion on this IU fiasco amongst BC/Sym SEP customers from this Russian forum (Google translated):
https://forum-ru--board-com.translate.goog/topic.cgi?forum=5&topic=24492&glp&_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
... which also includes this reference
https://sockettools.com/kb/invalid-digital-signatures-on-windows-xp/
Meanwhile there's a Japanese article from the BC site which discusses the IU problem after March 24:
https://knowledge.broadcom.com/external/article/239467/2022324intelligent-updater.html
However, the proposed solution to install these root certificates, does NOT solve the problem at all, at least under the XP environment. In my case, it turns out these certs have long been installed, and that full permissions have been enabled. I now believe this is due to the issue as discussed on the above Socket Tools link.
May I ask NLL to beg BC/Sym to do something to fix this ASAP......
@lmacri
@SA
Many thanks for the BC reference. Exactly what's been happening all these weeks; everyone in that form thread were dead-on, especially Gino.
What is shocking to hear is from Fred's post, saying:
"Have the same issue with Endpoint Protection 14.2 standalone on Windows Server 2012 R2 (officially supported OS) applying latest definitions file 20220419-003-core15sdsv5i64.exe. "
Glad that other professional customers also found the problem (at the time I did) and were voicing concerns as well, but sadly the BC side has not been enthusiastic (or serious) enough to tackle the issue, which prompts me suspect that BC may be trying to skirt responsibility.
Earlier this month I also tried (again) to contact BC to report on the problem. The Case # is [Removed]. But the response?
*********************************************************************
"Greetings from Broadcom
This is in regards with Case # [Removed].
We request you to please contact Norton. For more information please check https://support.norton.com/sp/en/in/home/current/contact
Thank you for contacting Broadcom Support
Regards,
Arvind Sharma
Broadcom Customer Assistance"
*********************************************************************
This kind of questionable attitude is ridiculous and should NOT be tolerated. And especially in this case, both BC/Sym and NLL need to come together to solve the problem. Only that the NLL side could only do as much, and the rest would be up to BC/Sym to take responsibility for this mess.
[Edit: Removed case ID to conform with the Participation Guidelines and Terms of Service]
Update: Its confirmed the unrar.dll issue IS being pro-actively addressed by Norton. Personally, I believe and have posted a link with the reference, regarding older unrar.dll having remote code issues, as well as a proof of concept for it in my earlier post. Norton is assuredly aware of that as well. Lets sit tight a bit longer for something official.
SA
Everyone: I've sent a direct e-mail to two of my Norton contacts asking for intervention directly from Norton. Hoping some answers will be forthcoming soon.
SA
Hi anon743:
Just an FYI that I found a 08-Apr-2022 thread in Broadcom's Symatec Endpoint Protection (SEP) board at Core3 SDS v5i64 Intelligent Updater Executable Installation Failing that mentions the same "UNRAR FAILURE: UNRAR DLL is not Symantec Signed" failure on older standalone Win XP clients. No one from Broadcom / Symantec has responded in that thread.
anon743:... they actually DO appear on the IU logs from SUCCESSFUL IU updating sessions as well. So I don't think those DLL resources associated with the client product have anything to do with failing to recognize the UNRAR.DLL in question....
Hi anon743:
Thanks for posting an older Aug 2021 (successful) Intelligent Updater log for comparison.
Have you contacted official NortonLifeLock support via Live Chat at https://www.norton.com/chat? Norton employees are the only ones that can tell you if they've finally discontinued all support for the Norton v21.x product line (v21.7.0.11 released March 2015). As a general rule the Norton v21.x product line is only installed on very old machines Win XP and Vista machines with CPUs that do not support the SSE2 instruction set, and I'm not sure how many Norton customers still own one of these old (pre-Pentium 4) machines.
Your particular system appears to be an outlier since most Win XP SP3 and Vista SP2 users can run legacy Norton v22.15.x products (v22.15.5.40 released Sept 2020), which I why I still suspect you could have a problem with missing or corrupted Win XP trust certificates. This type of thing has been know to happen to Win XP/Vista/Win 7 users, especially those who performed a clean reinstall of their OS after it reached end of support and needed to manually update their root trust certificates - see greenhillmaniac's 06-Apr-2020 post in mickey881's Certificate Trust Provider Error Installing Updates in the MSFN Vista board for one example.
Hopefully you're correctly and there's just a problem with the latest unrar.dll v6.11 file bundled inside the 202205xx-00x-core3v5i32.exe Intelligent Updater for Norton v22.6 and earlier products. If this latest unrar.dll version is incompatible with Win XP SP3 and all Win XP3 SP3 users are now unable to use the Intelligent Updater as you've suggested then Norton will have to switch back to using an older unrar.dll file. I can speculate all I want but at the end of the day someone from Norton will have to step in and explain what's actually going on.
@lmacri
I apologize if I didn't provide enough IU log data for reference. As for the log status lines you've disputed, I too recognize those lines, but they actually DO appear on the IU logs from SUCCESSFUL IU updating sessions as well. So I don't think those DLL resources associated with the client product have anything to do with failing to recognize the UNRAR.DLL in question.
Also, to respond to the other member: if my system were compromised then how come I had been able to run the IU since March 2020 on daily basis, while successfully updated the virus defs to my NIS product, until after the 3-23 update? Why would all these failure suddenly happen since 3-24??
Anyway I was unable to capture the logs of successful IU deployment back in March, since those data has been purged. However I was able to retrieve older logs of such successful IU deployment back in last year (from ghost system backups) and thus I've saved them for reference. See below:
(When applying file 20210828-003-v5i32.EXE to NIS 21.7.xx on XPSP3; embedded UNRAR.DLL version 4.10)
*********************************************************************************************
Sun Aug 29 14:26:21 2021 : ******************************************************************
Sun Aug 29 14:26:21 2021 : Starting Intelligent Updater - Version 5.1.8.36
Sun Aug 29 14:26:21 2021 : ******************************************************************
Sun Aug 29 14:26:21 2021 : AUTH SYMSIGNED BEGIN: Started.
Sun Aug 29 14:26:21 2021 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Sun Aug 29 14:26:21 2021 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Sun Aug 29 14:26:21 2021 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Sun Aug 29 14:26:21 2021 : IU RES SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the iuResource DLL
Sun Aug 29 14:26:21 2021 : IU RES LOAD: Successfully loaded the resource file..
Sun Aug 29 14:26:21 2021 : Identified as 32-bit product installation. Continuing...
Sun Aug 29 14:26:21 2021 : IU MODE: IU is running is FULL mode.
Sun Aug 29 14:26:23 2021 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
Sun Aug 29 14:26:23 2021 : IU INFO: File-name : 20210828-003-Core16v5i32.EXE
Sun Aug 29 14:26:23 2021 : IU INFO: Creation-date : 20210828
Sun Aug 29 14:26:23 2021 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sun Aug 29 14:26:23 2021 : Entry details:
Sun Aug 29 14:26:23 2021 : Update-File: VIRSCAN.zip
Sun Aug 29 14:26:23 2021 : Update-Desc: Virus Definitions
Sun Aug 29 14:26:23 2021 : Auth DLL Name: SAVIUAuth
Sun Aug 29 14:26:23 2021 : Auth DLL Location: local
Sun Aug 29 14:26:23 2021 : Auth Content-Type: virus definitions x32
Sun Aug 29 14:26:23 2021 : Deploy Content-Type: virus definitions x32
Sun Aug 29 14:26:23 2021 : Deploy DLL Name: SAVIUDeploy
Sun Aug 29 14:26:23 2021 : Deploy DLL Location: local
Sun Aug 29 14:26:23 2021 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
Sun Aug 29 14:26:23 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:23 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:23 2021 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
Sun Aug 29 14:26:23 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:23 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:23 2021 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Sun Aug 29 14:26:23 2021 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Sun Aug 29 14:26:23 2021 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sun Aug 29 14:26:23 2021 : Entry details:
Sun Aug 29 14:26:23 2021 : Update-File: VIRSCAN.zip
Sun Aug 29 14:26:23 2021 : Update-Desc: Virus Definitions
Sun Aug 29 14:26:23 2021 : Auth DLL Name: ISAuthDLL
Sun Aug 29 14:26:23 2021 : Auth DLL Location: local
Sun Aug 29 14:26:23 2021 : Auth Content-Type: virus definitions x32
Sun Aug 29 14:26:23 2021 : Deploy Content-Type: virus definitions x32
Sun Aug 29 14:26:23 2021 : Deploy DLL Name: ISDeployDLL
Sun Aug 29 14:26:23 2021 : Deploy DLL Location: local
Sun Aug 29 14:26:23 2021 : AUTH DLL LOCATION: IU will read the DLL location from registry - ISAuthDLL
Sun Aug 29 14:26:23 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:23 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:23 2021 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - ISDeployDLL
Sun Aug 29 14:26:23 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:23 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:23 2021 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Sun Aug 29 14:26:23 2021 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Sun Aug 29 14:26:23 2021 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sun Aug 29 14:26:23 2021 : Entry details:
Sun Aug 29 14:26:23 2021 : Update-File: VIRSCAN.zip
Sun Aug 29 14:26:23 2021 : Update-Desc: Virus Definitions
Sun Aug 29 14:26:23 2021 : Auth DLL Name: Norton X32 AuthDLL
Sun Aug 29 14:26:23 2021 : Auth DLL Location: local
Sun Aug 29 14:26:23 2021 : Auth Content-Type: VirusDefs
Sun Aug 29 14:26:23 2021 : Deploy Content-Type: VirusDefs
Sun Aug 29 14:26:23 2021 : Deploy DLL Name: Norton X32 DeployDLL
Sun Aug 29 14:26:23 2021 : Deploy DLL Location: local
Sun Aug 29 14:26:23 2021 : AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X32 AuthDLL
Sun Aug 29 14:26:23 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:23 2021 : REG SUCCESS: Succeeded while fetching the path from registry.
Sun Aug 29 14:26:23 2021 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X32 DeployDLL
Sun Aug 29 14:26:23 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:23 2021 : REG SUCCESS: Succeeded while fetching the path from registry.
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED BEGIN: Started.
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the authorization dll C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Sun Aug 29 14:26:23 2021 : AUTH LOAD SUCCESS: Successfully loaded the authorization dll - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED BEGIN: Started.
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Sun Aug 29 14:26:23 2021 : DEPLOY SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the deployment dll C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Sun Aug 29 14:26:23 2021 : DEPLOY LOAD SUCCESS: Successfully loaded the deployment dll - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Sun Aug 29 14:26:23 2021 : AUTHORIZATION SUCCESSFUL: VIRSCAN.zip is successfully authorized for deployment.
Sun Aug 29 14:26:23 2021 : DEPLOY PATH SUCCESS: VIRSCAN.zip will be deployed at location C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\tmp4d18.tmp
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED BEGIN: Started.
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
Sun Aug 29 14:26:23 2021 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Sun Aug 29 14:26:23 2021 : UNRAR LOAD SUCCESS: Successfully loaded the UNRAR DLL.
Sun Aug 29 14:26:23 2021 : UNRAR OPEN SUCCESS: Success opening RAR file VIRSCAN.zip
Sun Aug 29 14:26:30 2021 : UNRAR EXTRACT SUCCESS: Succesfully extracted VIRSCAN.zip to C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\tmp4d18.tmp
Sun Aug 29 14:26:39 2021 : POST PROCESS SUCCESS: Successfully performed post processing for VIRSCAN.zip
Sun Aug 29 14:26:40 2021 : Cleaning up the AuthorizationEngine
Sun Aug 29 14:26:40 2021 : Calling ReleaseInstance() on the object of IIntelligentUpdaterAuthorizationManager2.
Sun Aug 29 14:26:40 2021 : After release
Sun Aug 29 14:26:40 2021 : Done cleaning up authorization engine
Sun Aug 29 14:26:40 2021 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sun Aug 29 14:26:40 2021 : Entry details:
Sun Aug 29 14:26:40 2021 : Update-File: VIRSCAN.zip
Sun Aug 29 14:26:40 2021 : Update-Desc: Virus Definitions
Sun Aug 29 14:26:40 2021 : Auth DLL Name: SSEIUAuth
Sun Aug 29 14:26:40 2021 : Auth DLL Location: local
Sun Aug 29 14:26:40 2021 : Auth Content-Type: virus definitions x32
Sun Aug 29 14:26:40 2021 : Deploy Content-Type: virus definitions x32
Sun Aug 29 14:26:40 2021 : Deploy DLL Name: SSEIUDeploy
Sun Aug 29 14:26:40 2021 : Deploy DLL Location: local
Sun Aug 29 14:26:40 2021 : AUTH DLL LOCATION: IU will read the DLL location from registry - SSEIUAuth
Sun Aug 29 14:26:40 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:40 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:40 2021 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SSEIUDeploy
Sun Aug 29 14:26:40 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:40 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:40 2021 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Sun Aug 29 14:26:40 2021 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Sun Aug 29 14:26:40 2021 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sun Aug 29 14:26:40 2021 : Entry details:
Sun Aug 29 14:26:40 2021 : Update-File: VIRSCAN.zip
Sun Aug 29 14:26:40 2021 : Update-Desc: Virus Definitions
Sun Aug 29 14:26:40 2021 : Auth DLL Name: SSEIUAuth
Sun Aug 29 14:26:40 2021 : Auth DLL Location: local
Sun Aug 29 14:26:40 2021 : Auth Content-Type: csapi_defs
Sun Aug 29 14:26:40 2021 : Deploy Content-Type: csapi_defs
Sun Aug 29 14:26:40 2021 : Deploy DLL Name: SSEIUDeploy
Sun Aug 29 14:26:40 2021 : Deploy DLL Location: local
Sun Aug 29 14:26:40 2021 : AUTH DLL LOCATION: IU will read the DLL location from registry - SSEIUAuth
Sun Aug 29 14:26:40 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:40 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:40 2021 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SSEIUDeploy
Sun Aug 29 14:26:40 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:40 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:40 2021 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Sun Aug 29 14:26:40 2021 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Sun Aug 29 14:26:40 2021 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sun Aug 29 14:26:40 2021 : Entry details:
Sun Aug 29 14:26:40 2021 : Update-File: VIRSCAN.zip
Sun Aug 29 14:26:40 2021 : Update-Desc: Virus Definitions
Sun Aug 29 14:26:40 2021 : Auth DLL Name: SMSDOMIUAuth
Sun Aug 29 14:26:40 2021 : Auth DLL Location: local
Sun Aug 29 14:26:40 2021 : Auth Content-Type: virus definitions x32
Sun Aug 29 14:26:40 2021 : Deploy Content-Type: virus definitions x32
Sun Aug 29 14:26:40 2021 : Deploy DLL Name: SMSDOMIUDeploy
Sun Aug 29 14:26:40 2021 : Deploy DLL Location: local
Sun Aug 29 14:26:40 2021 : AUTH DLL LOCATION: IU will read the DLL location from registry - SMSDOMIUAuth
Sun Aug 29 14:26:40 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:40 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:40 2021 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SMSDOMIUDeploy
Sun Aug 29 14:26:40 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:40 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:40 2021 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Sun Aug 29 14:26:40 2021 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Sun Aug 29 14:26:40 2021 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Sun Aug 29 14:26:40 2021 : Entry details:
Sun Aug 29 14:26:40 2021 : Update-File: VIRSCAN.zip
Sun Aug 29 14:26:40 2021 : Update-Desc: Virus Definitions
Sun Aug 29 14:26:40 2021 : Auth DLL Name: SMSMSEIUAuth
Sun Aug 29 14:26:40 2021 : Auth DLL Location: local
Sun Aug 29 14:26:40 2021 : Auth Content-Type: virus definitions x32
Sun Aug 29 14:26:40 2021 : Deploy Content-Type: virus definitions x32
Sun Aug 29 14:26:40 2021 : Deploy DLL Name: SMSMSEIUDeploy
Sun Aug 29 14:26:40 2021 : Deploy DLL Location: local
Sun Aug 29 14:26:40 2021 : AUTH DLL LOCATION: IU will read the DLL location from registry - SMSMSEIUAuth
Sun Aug 29 14:26:40 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:40 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:40 2021 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SMSMSEIUDeploy
Sun Aug 29 14:26:40 2021 : REG SUCCESS: Success while opening key
Sun Aug 29 14:26:40 2021 : REG FAILURE: Failed while fetching the path from registry.
Sun Aug 29 14:26:40 2021 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Sun Aug 29 14:26:40 2021 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Sun Aug 29 14:26:42 2021 : Done with IU Operations
*********************************************************************************************
Please compare this log with the other one posted earlier (ie. the one that indicates the failed IU update) for your reference.
The other bad news: I just revisited the Broadcom Rapid Release Virus Definitions page and found that the symrapidreleasedefscore15-v5i32.exe file (as well as the x64 variant) has been removed. Not sure why??
This updater package concerned is designed for the following products
"Supports the following versions of Symantec antivirus software:
- Norton AntiVirus / Norton Internet Security (later than 2012)
- Norton AntiVirus / Norton Internet Security 2008/2009/2010/2011/2012
- Norton 360 (later than 6.0)
- Norton 360 version 2.0/3.0/4.0/5.0/6.0
- Symantec Endpoint Protection 12.1
- Symantec Endpoint Protection 12.1.2 and later
- Symantec Protection Engine 7.x for Windows
- Symantec Mail Security for Domino (32-bit) v 8.1.3 (or higher)
- Symantec Mail Security for Microsoft Exchange v 7.5.2 (or higher)"
Anyway this matter is getting even more messed up than expected. Not sure what BC Symantec/NLL are trying to pull??
I'm in agreement with Lmacri regarding the registry errors in your logs. Has any attempt been made to run the Registry Checker Tool ? Any prior notices / chance that the computer has already become compromised?
Thu May 12 17:40:13 2022 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
Thu May 12 17:40:13 2022 : REG SUCCESS: Success while opening key
Thu May 12 17:40:13 2022 : REG FAILURE: Failed while fetching the path from registry.
Thu May 12 17:40:13 2022 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
Thu May 12 17:40:13 2022 : REG SUCCESS: Success while opening key
Thu May 12 17:40:13 2022 : REG FAILURE: Failed while fetching the path from registry.
Thu May 12 17:40:13 2022 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Thu May 12 17:40:13 2022 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Edited: There may also be some advantage to updating root certificates from the MS Catalog .
SA
anon743:.... So just to reiterate: ALL Norton software versions (legacy pre-22.6 and current post-22.7), as well as certain Symantec Endpoint Protection products, are affected by this UNRAR.DLL (v6.11) fiasco, which has rendered IU operation crippled ...
Hi anon743:
That is your current assumption, but your Intelligent Updater log also mentions the deployment .DLL (C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll), and I have no idea if the version number of the NUMEng.dll file in NIS v21.7.0.11 and the recommended legacy NIS v22.15.5.40 are identical and whether this could be related in any way to your Intelligent Updater failure. I also see multiple error messages about a missing iuconfig.xml file and failures to find the correct path in your registry to .DLLs for SAVIUAuth, SAVIUDeploy, ISAuthDLL and ISDeployDLL.
You could be correct that the unrar.dll version bundled with 202205xx-00x-core3v5i32.exe since 23-Mar-2022 is not compatible with Win XP SP3 (your installation log only notes the unrar.dll file is not signed by Symantec), but there might be other issues that are specific to NIS v21.7.0.11 and/or missing/outdated security certificates on your specific Win XP SP3 machine that are at least contributing the problem. Do you know of any other Win XP SP3 or Vista SP2 users who have reported that they are unable to run the Intelligent Updater?
@lmacri
Thanks for participating in this thread discussion. You're mostly correct regarding my situation, as discussed before.
Please read all my previous posts (and all accompanied log lines) on this thread for a better description of the problem I've reported. I believe I've basically covered everything I know (or learned about this problem).
Now, a few things to add or clarify:
1. The entire Intelligent Updater mechanism has been rendered faulty since March 24, due to the newer UNRAR.DLL (version 6.11) embedded in ALL of the definitions updater executables issued since the said date. So all users who need to use this manual definitions updating routine will be affected (at least from the XP perspective).
For instance, even if I have NIS legacy version 22.x installed (and running) on XP, if for any reason I cannot run Live Update and have to revert to the manual Intelligent Update routine, then I'll run into the VERY SAME problem of NOT ABLE to update the definitions files. (Simply put, the IU updater logs do NOT lie.)
So just to reiterate: ALL Norton software versions (legacy pre-22.6 and current post-22.7), as well as certain Symantec Endpoint Protection products, are affected by this UNRAR.DLL (v6.11) fiasco, which has rendered IU operation crippled;
2. I continued to stick with software version 21.7.xx after the events of March 2020 (regarding forced "hijacked" version upgrade via Live Update, without prior notice) because at that point the reputation and usability of NIS v22.x has become highly in question. Do be reminded that, the problem regarding "Application Memory Error" on XP first occurred since 2015 when NIS v22.x first rolled out. When I realized the problem was with v22 I quickly ghosted back my system to when v21.7.xx was still in place, and continued to use it, having switched off all user preferences regarding "Automatic Download of New Version" and such. I also reported the problem to the Forum admin (which happened to be G_R back then), and was instructed to submit data logs regarding those error instances, which I did, but NOTHING had been done afterwards, resulting in the problem having stalled for some SIX years until March 2020, when the problem had to be revisited again after the forced hijacked software version upgrade was rolled out; only this time, the "Application Memory Error" became consistent on various program/application exits. But even though NLL has announced that they've released a newer legacy v22.x build version to fix the (Application Memory Error) problem on April 2020 (after having submitted additional log data upon request), at that point I simply could not trust them, also having known that v22 has suffered from other performance and stability issues which would further drain my system resources.
As a result, since April 2020 (after suffering from software version v22.x for a month), I've continued to stick to v21.7.x while switching to IU. I've been downloading the IU updater packages since then, EVERY DAY, to at least keep my virus definitions updated (even though I knew I would be missing other "dynamic" updates, as well as to live with the software product's security vulnerabilities as you've stated).
The other reason I find it extremely concerning on deployment of software version v22.x is the so-called "Silent Upgrade" routine, where upon execution (after running LU), the entire system gets commandeered by the process (Norton Update Agent?) like a virus (you can't even shut down the system). This involves slowing tearing down the existing software version, bit by bit, then gradually reinstalling with the newer version components, again bit by bit, to the point that the user is prompted to restart. Then, after a few more updates and restarts, the software v22.x becomes in place. This entire process could take at least 3-4 hours, perhaps even more. This was not the case with older versions, where you would simply download the newer version and let the process perform a top-off upgrade and such. Seriously, why NLL can't present such v22.x upgrade in a more transparent way (or at least, as before) is beyond everyone's understanding;
3. Just to reiterate, the last good IU updates definitions packages that I could apply to my NIS v21.7.x, was dated March 23, where the executable was packed apparently with an older WinRAR version, resulting in an older UNRAR.DLL version (4.10) embedded inside. But since the 24th, I have NOT been able to do the same update because of the new embedded UNRAR.DLL fiasco. To be specific, while I was able to download the daily definitions updater executables, I simply COULD NOT apply and append those updates to my NIS product because the problematic UNRAR.DLL (v6.11) gets in the way, thus terminating the entire IU process (refer to the specific log lines from my previous posts for reference);
4. I have not been able to test the definitions updater packages in question on other systems (eg. w7). However, I do not believe the WinRAR's XP compatibility issue appears purely coincidental. Also, why Symantec/Norton was sticking to an older WinRAR product (ver 4.x) for so long, then suddenly "migrated" to the newer 6.x while skipping 5.x (5.x has been in place for the past few years)? Do be reminded that the last XP-compatible WinRAR product is 6.02, but that the UNRAR.DLL embedded in the current updater executable is 6.11. Could this be the reason why the UNRAR.DLL in question cannot get recognized, resulting in the "UNRAR.DLL not Symanted-signed" status in the updater log? IMO, had Symantec/Norton migrated to the older WinRAR v5.x for packing the definitions updater packages, then perhaps all these issues might not (and would not) have happened.
And it seems to me that those at Symantec/Norton may have totally missed the WinRAR's system compatibility issue when switching to the newer product version in their workflow (also at an odd time of the month). That said, I'm NOT all convinced that such action is due to security concerns. In fact, the Intelligent Updater process appears to be a very secure one, as the UNRAR.DLL inside such updater executable CANNOT be swapped with another one from another definitions updater executable. In other words, in order for the bundled VIRSCAN.ZIP package to be unpacked and appended to the software product, the IU process needs to go through the bundled UNRAR.DLL and nothing else, and only after the UNRAR.DLL has been authenticated (see log lines from my previous posts regarding the successful instance of UNRAR.DLL authentication).
And since NLL/Symantec are customers of RARLabs and thus have the necessary licenses to run the WinRAR product(s), it is actually not difficult for them to fallback to an older product version (6.02 or earlier), when necessary, to deal with their IU definitions packaging/unpacking workflow;
5. I've mentioned this before, and I'll say this again: the Intelligent Updater scheme was concocted back when Symantec/Norton were still a single entity. Even though now both brands are separated in some ways, both parties need to be accountable when dealing with crises like this, ie. this IU mishap. I don't know why this matter has been stalled for so long, but I have a feeling that both current parties are skirting responsibility at some point; as when I tried to contact BC Symantec regarding the issue, at one instance I was asked to refer back to NLL instead, which is ridiculous, as this IU fiasco also affects their products as well (ie. Symantec Endpoint Protection). Why the current state of BC Symantec and NLL have resulted in so much disharmony (or finger pointing), I have no idea. I do however believe that, had this problem occurred some ten years back, it would've have been probably resolved within weeks, if not days.
SoulAsylum:... Norton products for your OS have also been in "maintenance mode" for quite some time. Additionally, Norton most likely moved from the older UNRAR version due to remote code execution vulnerabilities ...
Hi SoulAsylum:
Just note that most Win XP SP3 and Vista SP2 users currently use the recommended legacy version of Norton v22.15.5.40 (released Sept 2020) that is described in the product update announcement Norton 22.15 for Windows XP, Windows Vista, Windows 7 SP0 is Now Available! and may not be affected by this problem with unrar.dll and the Intelligent Updater. I can't say for certain because I don't own a Win XP SP3 machine and I no longer have a legacy Norton v22.15.x product installed on my Vista SP2 machine.
The OP anon743 noted in their original post that they are using NIS v21.7.0.11 (released Mar 2015) described in Product Update - 21.7 of Norton Antivirus, Norton Internet Security & Norton 360 because they "can't trust/use LU anymore as the process would force-upgrade the program to 22.x.x which causes problems on the XP system". Version 21.7.0.11 is the last version released for the Norton v21.x product line and was found to have multiple critical security vulnerabilities disclosed in the June 2016 Symantec security advisory SYM16-010, and all Norton v21.7.0.11 and earlier users (including those with Win XP / Vista OSs and a Pentium 4 or newer CPU that supports SSE2) were encouraged to upgrade to a patched Norton v22.7.0.76 product ASAP back in June 2016. The OP anon743 apparently can't upgrade to any v22.x product, including the legacy Norton v22.15.5.40 currently recommended for Win XP and Vista, because it "causes problems" on their particular Win XP machine.
It would help to determine the scope of the problem if someone with a Win XP SP3 OS and a legacy Norton v22.15.5.40 product could run a test to see if the Intelligent Updater still runs correctly on their machine.
From my perspective the issue is Windows XP which as we already know, hasn't been supported by Microsoft for ages. No support equates to no current security updates as well as OS functionality. Norton products for your OS have also been in "maintenance mode" for quite some time. Additionally, Norton most likely moved from the older UNRAR version due to remote code execution vulnerabilities. Just an educated guess on my part, there is a reference of it here. Coupled with an outdated OS, I don't see how a "Step backward" would moot Norton of their product liabilities in the event of an infection. Hoping Norton will step into the picture and soon.
Previously, Norton employee/administrator asked for a screenshot of the issue you are seeing. Have you / can you provide that if you haven't already done so for a reference? Thanks in advance. Note: I AM NOT a Norton employee, I donate my time and expertise to the community at large helping other customers such as I am.
SA
It has been almost FIFTY days since the Intelligent Updater problem has started (since March 24), and as we speak, the problem has still NOT BEEN FIXED.
Just today, I visited the BC IU page
https://www.broadcom.com/support/security-center/definitions/download/detail?gid=n95
A fourth download entry has been re-uploaded (20220511-023-Core3v5i32.EXE), which claims to deal with software versions up to 22.6. However, the file size has become much smaller. Unfortunately, downloading and running this definitions updater file still results in the VERY SAME OUTCOME (definitions NOT updated), due to the same problem regarding the UNRAR.DLL component not being dealt with. In other words, the exe file still contains the newer version of UNRAR.DLL (version 6.11) which breaks the updater's operation, as shown in this log:
******************************************************************************
Thu May 12 17:40:11 2022 : ******************************************************************
Thu May 12 17:40:11 2022 : Starting Intelligent Updater - Version 5.1.8.36
Thu May 12 17:40:11 2022 : ******************************************************************
Thu May 12 17:40:11 2022 : AUTH SYMSIGNED BEGIN: Started.
Thu May 12 17:40:11 2022 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Thu May 12 17:40:11 2022 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Thu May 12 17:40:11 2022 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Thu May 12 17:40:11 2022 : IU RES SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the iuResource DLL
Thu May 12 17:40:11 2022 : IU RES LOAD: Successfully loaded the resource file..
Thu May 12 17:40:11 2022 : Identified as 32-bit product installation. Continuing...
Thu May 12 17:40:11 2022 : IU MODE: IU is running is FULL mode.
Thu May 12 17:40:13 2022 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
Thu May 12 17:40:13 2022 : IU INFO: File-name : 20220511-023-Core3v5i32.EXE
Thu May 12 17:40:13 2022 : IU INFO: Creation-date : 20220511
Thu May 12 17:40:13 2022 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Thu May 12 17:40:13 2022 : Entry details:
Thu May 12 17:40:13 2022 : Update-File: VIRSCAN.zip
Thu May 12 17:40:13 2022 : Update-Desc: Virus Definitions
Thu May 12 17:40:13 2022 : Auth DLL Name: SAVIUAuth
Thu May 12 17:40:13 2022 : Auth DLL Location: local
Thu May 12 17:40:13 2022 : Auth Content-Type: virus definitions x32
Thu May 12 17:40:13 2022 : Deploy Content-Type: virus definitions x32
Thu May 12 17:40:13 2022 : Deploy DLL Name: SAVIUDeploy
Thu May 12 17:40:13 2022 : Deploy DLL Location: local
Thu May 12 17:40:13 2022 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
Thu May 12 17:40:13 2022 : REG SUCCESS: Success while opening key
Thu May 12 17:40:13 2022 : REG FAILURE: Failed while fetching the path from registry.
Thu May 12 17:40:13 2022 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
Thu May 12 17:40:13 2022 : REG SUCCESS: Success while opening key
Thu May 12 17:40:13 2022 : REG FAILURE: Failed while fetching the path from registry.
Thu May 12 17:40:13 2022 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Thu May 12 17:40:13 2022 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Thu May 12 17:40:13 2022 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Thu May 12 17:40:13 2022 : Entry details:
Thu May 12 17:40:13 2022 : Update-File: VIRSCAN.zip
Thu May 12 17:40:13 2022 : Update-Desc: Virus Definitions
Thu May 12 17:40:13 2022 : Auth DLL Name: ISAuthDLL
Thu May 12 17:40:13 2022 : Auth DLL Location: local
Thu May 12 17:40:13 2022 : Auth Content-Type: virus definitions x32
Thu May 12 17:40:13 2022 : Deploy Content-Type: virus definitions x32
Thu May 12 17:40:13 2022 : Deploy DLL Name: ISDeployDLL
Thu May 12 17:40:13 2022 : Deploy DLL Location: local
Thu May 12 17:40:13 2022 : AUTH DLL LOCATION: IU will read the DLL location from registry - ISAuthDLL
Thu May 12 17:40:13 2022 : REG SUCCESS: Success while opening key
Thu May 12 17:40:13 2022 : REG FAILURE: Failed while fetching the path from registry.
Thu May 12 17:40:13 2022 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - ISDeployDLL
Thu May 12 17:40:13 2022 : REG SUCCESS: Success while opening key
Thu May 12 17:40:13 2022 : REG FAILURE: Failed while fetching the path from registry.
Thu May 12 17:40:13 2022 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Thu May 12 17:40:13 2022 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Thu May 12 17:40:13 2022 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Thu May 12 17:40:13 2022 : Entry details:
Thu May 12 17:40:13 2022 : Update-File: VIRSCAN.zip
Thu May 12 17:40:13 2022 : Update-Desc: Virus Definitions
Thu May 12 17:40:13 2022 : Auth DLL Name: Norton X32 AuthDLL
Thu May 12 17:40:13 2022 : Auth DLL Location: local
Thu May 12 17:40:13 2022 : Auth Content-Type: VirusDefs
Thu May 12 17:40:13 2022 : Deploy Content-Type: VirusDefs
Thu May 12 17:40:13 2022 : Deploy DLL Name: Norton X32 DeployDLL
Thu May 12 17:40:13 2022 : Deploy DLL Location: local
Thu May 12 17:40:13 2022 : AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X32 AuthDLL
Thu May 12 17:40:13 2022 : REG SUCCESS: Success while opening key
Thu May 12 17:40:13 2022 : REG SUCCESS: Succeeded while fetching the path from registry.
Thu May 12 17:40:13 2022 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X32 DeployDLL
Thu May 12 17:40:13 2022 : REG SUCCESS: Success while opening key
Thu May 12 17:40:13 2022 : REG SUCCESS: Succeeded while fetching the path from registry.
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED BEGIN: Started.
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the authorization dll C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Thu May 12 17:40:13 2022 : AUTH LOAD SUCCESS: Successfully loaded the authorization dll - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED BEGIN: Started.
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Thu May 12 17:40:13 2022 : DEPLOY SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the deployment dll C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Thu May 12 17:40:13 2022 : DEPLOY LOAD SUCCESS: Successfully loaded the deployment dll - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.7.0.11\NUMEng.dll
Thu May 12 17:40:13 2022 : AUTHORIZATION SUCCESSFUL: VIRSCAN.zip is successfully authorized for deployment.
Thu May 12 17:40:13 2022 : DEPLOY PATH SUCCESS: VIRSCAN.zip will be deployed at location C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\tmp37e.tmp
Thu May 12 17:40:13 2022 : AUTH SYMSIGNED BEGIN: Started.
Thu May 12 17:40:14 2022 : AUTH SYMSIGNED: Provider is unknown, returning FALSE.
Thu May 12 17:40:14 2022 : UNRAR FAILURE: UNRAR DLL is not Symantec Signed.
Thu May 12 17:40:14 2022 : ERROR: unrar.dll is not Symantec Signed. IU cannot continue processing. Terminating all IU operations.
Thu May 12 17:40:14 2022 : Cleaning up the AuthorizationEngine
Thu May 12 17:40:14 2022 : Calling ReleaseInstance() on the object of IIntelligentUpdaterAuthorizationManager2.
Thu May 12 17:40:14 2022 : After release
Thu May 12 17:40:14 2022 : Done cleaning up authorization engine
Thu May 12 17:40:15 2022 : Done with IU Operations
***************************************************************************************************************
What is really ridiculous is that this problem has been stalled for some 50 days, yet those people at Noron LL (and BC Symantec) still didn't make the effort to look into it. Are these people playing slacky or what??
As a reminder, this problem NOT ONLY affects Norton consumer products but also certain Symantec Endpoint Security products as well. Whjy is it thjat nobody has noticed this?
I've already said this many times, it is NOT the definitions updates files that are incompatible with the Norton product. It's the faulty WinRAR component that is preventing the definitions updater operation from running as it should (just like before March 23). Sometimes it really takes a step BACKWARD to resolve a problem, and this is certain one of such cases, where using a fallback WinRAR version to pack/unpack the definitions packages would probably solve it all. Why is it that those NLL/BC Symantec people are NOT looking into this?? What is preventing these people from even trying, based on my observations??
This is VERY, VERY FRUSTRATING. Are NLL/BC Symantec deliberately doing this to undermine customers (like myself) who absolutely need to manually update via IU? What's in it for them anyway??
@SoulAsylum
The simple answer to your question, is NO -- your suggestion does NOT work (I've already tried, but no dice).
The definitions updater package contains the following components:
- intiupdater.exe
- iuconfig.xml
- iuresource.dll
- unrar.dll
- VIRSCAN.ZIP
The VIRSCAN.ZIP can be locally unpacked using any existing decompressor program in the system, without any issue. However, this is of NO use because the intiupdater.exe has specific instructions in running the updater operation, and that it needs to run through the UNRAR.DLL check, before using this bundled DLL to unpack VIRSCAN.ZIP, save the contents into a temporary file (of random filename eg. tmpxxxxx), then have the rest of the updater process append the new definitions updates into the product application and complete the update process. And this process cannot be tempered, AFAIK. In other words, the updater process will NOT recognize the unpacked VIRSCAN.ZIP contents other than the ones initiated by this very updater process.
Right now I can only determine that the UNRAR.DLL is faulty as it is, per the update logs, "not Symantec-signed" and thus the entire IU operation terminates. However, it is also highly possible that this new version of UNRAR.DLL (6.11, previously 4.10) has compatibility issues with XP (as WinRAR product support for XP ends after version 6.02), and if this is the case, then Symantec must take steps and revert to a previous WinRAR product (eg. 5.91 or earlier) when prepping and packing the virus definitions files for web download.
And as of this writing, this problem has still NOT been rectified. I also note that the entire Intelligent Updater scheme was concocted and managed by Symantec during the time when Symantec and Norton were still as a whole. I don't know if there are any grudges, conflicts between the current state of BC/Symantec and NLL, even though they're still sharing resources like the virus definitions as discussed here.
I did try to contact BC Symantec and sent a message reporting this problem, complete with all the details. The message went through, but I've still yet to receive any reply (despite having checked the box in the message form asking for a reply). This is really, really frustrating now.......
Have you tried downloading the package and using a tool such as 7-zip to locally unpack the package contents, then run the installer from there?
SA
As of this writing, the problem concerned has still NOT been resolved. What the heck is happening here NLL? This is a serious issue, as those having the need to run Intelligent Updater cannot update the definitions files past March 23. Can someone at NLL please treat this matter with a bit more priority??
Update: as it turns out, the new UNRAR.DLL (version 6.11, minimum requirement Vista) is also being utilized on all other IU updater packages as of date, ie. those for software versions 22.7 or later. So ALL updater packages from the IU page -- as well as the symrapidreleasedefscore15-v5i32.exe file package from the Rapid Release Virus Definitions page -- are affected.
So the worse case scenario is that, if a user still runs on XP, has software version 22.7 or later installed, but has to manually run Intelligent Updater for whatever reason, then this operation will FAIL, and NO definitions update files will be applied to the product in question.
Just to reiterate: an XP-compatible UNRAR.DLL version needs to be included in the said updater packages to be properly deployed and applied. In other words, a fallback UNRAR.DLL version such as 4.10 (as previously used in all updater packages) and no later than 6.02.
NLL admin please take note and expedite fixes to this problem.
G, the requested screencap is provided as above. However, it appears to be irrelevant to the issue discussed here.
I'm pretty sure there's a problem with the UNRAR.DLL component (RAR Decompression Library) in the definitions file packages, and apparently it needs to be fixed by throwing back to a previous version. Here's what I found:
1. The last good virus definitions update package that could be applied to my product is 20220323-024-v5i32.exe. The UNRAR.DLL version used is 4.10 with a file size of 180kb;
2. The first defective virus defs update package, 20220324-010-v5i32.exe, contains a newer version of UNRAR.DLL, version 6.11. The file size is around 277kb;
3. The problem is that version 6.11 of the UNRAR.DLL component is incompatible with the XP environment, due to the fact that RARLabs has discontinued XP support on its WinRAR products starting from version 6.10 (minimal requirement is now Vista). The last XP-compatible WinRAR version is 6.02.
The release notes on WinRAR is here
https://www.win-rar.com/whatsnew.html?&L=0
4. The VIRSCAN.ZIP file inside the updater package in question has no problems whatsoever, and can be extracted with any older version of WinRAR. It is just that the UNRAR.DLL that is incompatible (with the XP environment) and thus fails to extract the zip file throughout the entire manual updating process. Had the older UNRAR.DLL version (4.10) been retained in the updater package, the manual updating process would've completed without issue.
Meanwhile, on the Rapid Release Virus Definitions page...
https://www.broadcom.com/support/security-center/definitions/download/detail?gid=rr
The symrapidreleasedefscore15-v5i32.exe (for all legacy product versions, including v22.6) has been updated to March 30 (as we speak). However, it too contains the newer UNRAR/DLL componnent (6.11) that is causing problems under the XP environment.
So apparently, the fix to the problem, as mentioned above, is to throw back to an older UNRAR.DLL version, prior to 6.02. Only then would any subsequent IU updater packages be applied to the products concerned (under XP) without issue.
So please take my suggestion and use the older (but correct) UNRAR/DLL component on these manual IU updater packages. It has been five days since my last IU update and now my NIS keeps saying that my virus defs are outdated. Please make an effort to help out legacy customers like us!