Outdated Symantec Endpoint Protection Anti-Virus Engine Detected - Symantec Enpoint Protection 12
Log In or Register to download the BES file, and more.

1 Votes

Description

BigFix has detected that Symantec Endpoint Protection is using an older version of Anti-Virus Engine (AVE) that is vulnerable to the Malformed PE Header Parser Memory Access Violation (SYM16-008).

Please use the action below to trigger Symantec LiveUpdate to update the Symantec Anti-Virus Engine (AVE).

Note: The Fixlet is released in https://bigfix.me/, which is not an official release channel of IBM BigFix. We highly suggest testing the content before deploying to production. Use of the content is done at the user’s own risk and the user will be solely responsible for any damage to any computer system or loss of data that results from use of the content.

Property Details

ID20899
StatusBeta - Preliminary testing ready for more
TitleOutdated Symantec Endpoint Protection Anti-Virus Engine Detected - Symantec Enpoint Protection 12
CategoryUnspecified
SourceBigFix
Source IDSYM16-008
Source Release Date7/11/2016 2:14:38 AM
CVENamesCVE-2016-2208
KeywordsOutdated Symantec Endpoint Protection Anti-Virus Engine Detected , Symantec Endpoint Protection 12, Malformed PE Header Parser Memory Access Violation, SYM16-008
Is TaskTrue
Added by on 7/11/2016 2:14:38 AM
Last Modified by on 7/11/2016 2:14:38 AM
Counters 7444 Views / 9 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 1 rating. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists running application "rtvscan.exe" whose (version of it >= "12" as version) OR exists running application "Smc.exe" whose (version of it >= "12" as version) OR exists regapp "Smc.exe" whose (version of it>="12" as version)
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists file "NAVENG32.DLL" whose (version of it < "20151.1.1.4") of folders of folder "ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs\" of drive of system folder | False

Actions

Action 1

Action Link Click here to trigger the LiveUpdate.
Script Type BigFix Action Script 
if {x64 of operating system}
wait {name of drive of system folder & "\Program Files (x86)\Symantec\Symantec Endpoint Protection\SepLiveUpdate.exe"} /s
else
wait {name of drive of system folder & "\Program Files\Symantec\Symantec Endpoint Protection\SepLiveUpdate.exe"} /s
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here for more information about the Security Advisories relating to Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation.
Script Type URL 
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160516_00

Action 3

Action Link Click here for more information on how to check the version of AV Engine from the client computer.
Script Type URL 
http://www.symantec.com/docs/TECH95856

Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
jgstew -
This is related: https://bigfix.me/fixlet/details/743
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as