A
Alan
Symantec Admits Fault in Windows XP SP3 Registry Corruption
Wednesday, May 28, 2008
Symantec Admits Fault in Windows XP SP3 Registry Corruption
You'll recall an earlier story on registry corruption for certain users
upgrading to Windows XP SP3. The cases of registry corruption seemed to have
a common thread: Symantec security products. Originally Symantec blamed
Microsoft, but in a post on a Symantec support forum, a senior manager with
Symantec indicated the fault may indeed lie with Symantec's products.
Reese Anschultz said users of Norton Internet Security, Norton AntiVirus and
Norton 360 should switch off the "SymProtect" feature before trying to
install XP SP3.
=========================================================
"After a lot of testing, we've reproduced a number of different cases
where applying the XP SP3 upgrade adds additional registry keys within
already existing Symantec registry keys. The Symantec keys affected vary
from machine to machine and the effects of these added keys vary as
well. We are still trying to understand why the upgrade is adding these
keys. We have determined that the SymProtect feature is involved, though
this issue is not exclusive to Symantec customers. We've seen reports from
various users who are not running Symantec products.
"To help prevent this issue from occurring, you should disable
SymProtect prior to installing the Windows XP SP3 upgrade. This setting,
in Norton Internet Security 2008 and Norton AntiVirus 2008, can be found
within the Options page as "Turn on protection for Norton products." In this
case you should uncheck the box prior to the upgrade. After the upgrade is
complete, please remember to re-enable this feature.
"It should be noted, however, that this workaround only addresses issues
with Symantec products. You may still run into similar problems with other
products affected by this XP SP3 upgrade issue. For Norton SystemWorks 2008
you have to go to the Advanced Options UI that is under Settings. Next,
click on "Norton SystemWorks Options" and select the General tab. Lastly,
uncheck the box that says, "Turn on protection for my Symantec product".
"For Norton SystemWorks 2008 Premier you can use either the previous
instructions or the Norton AntiVirus instructions.
"For Norton 360, disable the "SymProtect Tamper Protection" quick
control within the settings page.
"For those who have already applied the upgrade and are running into
problems, we're working on a stand-alone tool that would delete the
extraneous registry keys. We'll post that on this forum as soon as it's
available.
=================================================================
No post of a tool yet. Additionally, a later post on the same thread seemed
to indicate a similar issue with the installation of Vista SP1, although
that same Symantec manager noted they hadn't noted such reports previously.
Last week, Symantec blamed a Microsoft file named fixccs.exe, part of the XP
SP3 upgrade package, for the extra registry entries. Now, however, it seems
that it was a combination of fixccs.exe and SymProtect which caused the
issue. SymProtect is technology designed to protect Symantec security
software from being hacked by malware.
"Fixccs.exe adds registry keys during the SP3 update process and then
attempts to delete them," said a Symantec spokeswoman. "SymProtect prevents
changes to the registry keys. Thus, it prevents the deletion of the keys
added by fixccs.exe."
Makes sense, right? Of course, as noted in the forum post, Symantec
continues to contend that the registry problems are not exclusive to
Symantec products.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://technologyexpert.blogspot.com/2008/05/symantec-admits-culpability-in-windows.html
Wednesday, May 28, 2008
Symantec Admits Fault in Windows XP SP3 Registry Corruption
You'll recall an earlier story on registry corruption for certain users
upgrading to Windows XP SP3. The cases of registry corruption seemed to have
a common thread: Symantec security products. Originally Symantec blamed
Microsoft, but in a post on a Symantec support forum, a senior manager with
Symantec indicated the fault may indeed lie with Symantec's products.
Reese Anschultz said users of Norton Internet Security, Norton AntiVirus and
Norton 360 should switch off the "SymProtect" feature before trying to
install XP SP3.
=========================================================
"After a lot of testing, we've reproduced a number of different cases
where applying the XP SP3 upgrade adds additional registry keys within
already existing Symantec registry keys. The Symantec keys affected vary
from machine to machine and the effects of these added keys vary as
well. We are still trying to understand why the upgrade is adding these
keys. We have determined that the SymProtect feature is involved, though
this issue is not exclusive to Symantec customers. We've seen reports from
various users who are not running Symantec products.
"To help prevent this issue from occurring, you should disable
SymProtect prior to installing the Windows XP SP3 upgrade. This setting,
in Norton Internet Security 2008 and Norton AntiVirus 2008, can be found
within the Options page as "Turn on protection for Norton products." In this
case you should uncheck the box prior to the upgrade. After the upgrade is
complete, please remember to re-enable this feature.
"It should be noted, however, that this workaround only addresses issues
with Symantec products. You may still run into similar problems with other
products affected by this XP SP3 upgrade issue. For Norton SystemWorks 2008
you have to go to the Advanced Options UI that is under Settings. Next,
click on "Norton SystemWorks Options" and select the General tab. Lastly,
uncheck the box that says, "Turn on protection for my Symantec product".
"For Norton SystemWorks 2008 Premier you can use either the previous
instructions or the Norton AntiVirus instructions.
"For Norton 360, disable the "SymProtect Tamper Protection" quick
control within the settings page.
"For those who have already applied the upgrade and are running into
problems, we're working on a stand-alone tool that would delete the
extraneous registry keys. We'll post that on this forum as soon as it's
available.
=================================================================
No post of a tool yet. Additionally, a later post on the same thread seemed
to indicate a similar issue with the installation of Vista SP1, although
that same Symantec manager noted they hadn't noted such reports previously.
Last week, Symantec blamed a Microsoft file named fixccs.exe, part of the XP
SP3 upgrade package, for the extra registry entries. Now, however, it seems
that it was a combination of fixccs.exe and SymProtect which caused the
issue. SymProtect is technology designed to protect Symantec security
software from being hacked by malware.
"Fixccs.exe adds registry keys during the SP3 update process and then
attempts to delete them," said a Symantec spokeswoman. "SymProtect prevents
changes to the registry keys. Thus, it prevents the deletion of the keys
added by fixccs.exe."
Makes sense, right? Of course, as noted in the forum post, Symantec
continues to contend that the registry problems are not exclusive to
Symantec products.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://technologyexpert.blogspot.com/2008/05/symantec-admits-culpability-in-windows.html