Security → Re: Norton Live Update Issue

said by GotGhosts:

---

said by Keizer:

---

Boris, are you still having the same problem as I ?

---

I can't really call it a problem because it's not actually causing me any problems but something still isn't right.

»LiveUpdate in NAV2002 still broken

---

What I mean is, if you empty your temp internet folder with the revocation list file in it, does Symantec integrator ask for internet access in your firewall?

Keizer

said by Keizer:

---

What I mean is, if you empty your temp internet folder with the revocation list file in it, does Symantec integrator ask for internet access in your firewall?

---

Yes, as many times a day as I clean out my Temporary Internet Files.

said by GotGhosts:

---

said by Keizer:

---

What I mean is, if you empty your temp internet folder with the revocation list file in it, does Symantec integrator ask for internet access in your firewall?

---

Yes, as many times a day as I clean out my Temporary Internet Files.

---

I wonder why Symantec can't fix this?

Keizer

Keizer - please go to: »www.verisign.com/support ··· Doc.html

First off I am under the impression that the Intermediate Cert replacement does not need to be accomplished - as I am not functioning as a "server". So right or wrong - I did nothing there!

Then just under "Click here for client root replacement" there is a note that states:

*Note: This process is intended to ensure that your browser is using the most current root certificate. After installation, verify that the class 3 public primary root has an expiration date of 2028.

Also at the bottom of the page it tells you what to get for IE 5.0+ Users. That is the link that takes you to the popup!

Also for Boris 7 - I have not deleted any expired certs - nor do I have any CRL's in my Temp Internet files.

Just for your info - if I do not respond for awhilke it is because it is up into the low 70's down here today and I have to go wash my truck and the Mrs' car! I am not ignoring anyone!

said by damnyank:

---

Keizer - please go to: »www.verisign.com/support ··· Doc.html

First off I am under the impression that the Intermediate Cert replacement does not need to be accomplished - as I am not functioning as a "server". So right or wrong - I did nothing there!

Then just under "Click here for client root replacement" there is a note that states:

*Note: This process is intended to ensure that your browser is using the most current root certificate. After installation, verify that the class 3 public primary root has an expiration date of 2028.

Also at the bottom of the page it tells you what to get for IE 5.0+ Users. That is the link that takes you to the popup!

Also for Boris 7 - I have not deleted any expired certs - nor do I have any CRL's in my Temp Internet files.

Just for your info - if I do not respond for awhilke it is because it is up into the low 70's down here today and I have to go wash my truck and the Mrs' car! I am not ignoring anyone!

---

Ok, I gave this a try on my wifes PC. No change at all in Norton.

Keizer

said by Keizer:

---

Ok, I gave this a try on my wifes PC. No change at all in Norton.

Keizer

---

Just curious - did you finally get to see the popup?
And you have the updated cert in the wifes'TRCA?

Just for grins - I deleted my temp internet files, ran Liveupdate and opened Clean Sweep and never had a hint of a request for Symantec Integrator to access the internet. I did a search of my HDD for a crl.verisign and the only one it showed was a file from here.

Oh I did notice that I have granted Symantec Integrator permission to access the internet, but not to act as a server! So it should not ask for permission - but even if it does connect - I am still not getting the crl in my internet temp files!!

Keizer - I must have missed it (or am having a senior moment) what NSW are you running? I am on NSW 2003 and NAV 2003!

My problem was the same -- CRL file in temporary internet folders for both NSW 2003/NAV 2003 and for NAV 2002! Problem was only for NAV 2002 if the temporary internet files were cleared -- but for NSW and NAV 2003 it would call home for everything, which was not the case prior to January 7th!

For the NSW and NAV 2003 -- have shifted to System Suite 5 for the utilities (although not the best it is far superior to Symantec) and for the antivirus to KAV Workstation. Except for Ghost which I left on those two machines, problem has disappeared. Moreover, the memory footprint has decreased by over 5 MB, and perceived performance has significantly improved.

Over the next two weeks, Symantec will be replaced (other than Ghost) on the other machines. It is hard to believe that it has been over a week, and Symantec has not come up with anything other than a half baked solution. Given I have shifted after 10 years of being a customer, it is unlikely I will ever go back!

said by lrmayer:

---

. . . Given I have shifted after 10 years of being a customer, it is unlikely I will ever go back!

---

Ten years, yeah, that sounds about right for me, also.

Same problem here. Running NAV 2003 and NIS 2003 as well as NSW 2003. I read most of the posts, had already visited and processed the certificate issue, yesterday. Have looked all over creation for a solution and have found none. AM EXTREMELY DISAPPOINTED WITH SYMANTEC as they are about the only company that has access rights to my pc. I suspect this all has something to do with the certificate and a property issue similar to Y2K except that the crash has actually occurred. If anyone finds a solution short of changing Utility, Antivirus software, would you please post?
As with several of you, my faith has been shaken. Can you say, "AOL". Dump the Symantec stock kids!

said by PtTe2:

---

As with several of you, my faith has been shaken. Can you say, "AOL". Dump the Symantec stock kids!

---

Quite the contrary, my dear friend. The investors must be very pleased.

»Re: A note to Symantec Reps

said by damnyank:

---

said by Keizer:

---

Ok, I gave this a try on my wifes PC. No change at all in Norton.

Keizer

---

Just curious - did you finally get to see the popup?
And you have the updated cert in the wifes'TRCA?

Just for grins - I deleted my temp internet files, ran Liveupdate and opened Clean Sweep and never had a hint of a request for Symantec Integrator to access the internet. I did a search of my HDD for a crl.verisign and the only one it showed was a file from here.

Oh I did notice that I have granted Symantec Integrator permission to access the internet, but not to act as a server! So it should not ask for permission - but even if it does connect - I am still not getting the crl in my internet temp files!!

Keizer - I must have missed it (or am having a senior moment) what NSW are you running? I am on NSW 2003 and NAV 2003!

---

I am running NSW 2003. Take that symantec integrator out of your firewall, and then delete your temp folder and open NSW.

Keizer

said by Keizer:

---

I am running NSW 2003. Take that symantec integrator out of your firewall, and then delete your temp folder and open NSW.

Keizer

---

Why would I want to do that??
I wouldn't expect it to function properly!

antdude,

After the certificate expiration I am noticing a slowdown like other people. I have the check for publisher revocation box unchecked and the program box for the security monitor and log viewer opens normally. When I check the publisher revocation box the security monitor and log viewer open up slowly. Also when box is checked web pages take awhile to load.

I have an updated certificate installed automatically by Verisign.

Here is a link that tells one how to set up ZA with NAV 2003. System Integrator is included and is permitted access to the internet. In reading the ZA forums while hunting this info down the statement was made that all NAV related entries in ZA should be granted permission to access the internet.

»service1.symantec.com/SU ··· _sch_nam

I've not checked far back into your problem, but have you searched your drive for the Certificate Revocation List?

If not, I recommend you perform a search for *.crl and be sure to check system and hidden files and folders. We're looking for a file named "Class3softwarepublishers.crl". It should be deep in System32 and also in your temporary internet files. Post the following information, please: Size, date created and date modified.

Class3SoftwarePublishers[1].crl

Size 118kb

Size on disk 120kb

created 1-09-04 5:22:14am

modified 1-09-04 5:22:30

NIS 2003

Is the file in your Temporary Internet Files folder?

Do you clear your TIF cache each time you close IE? If so, I advise you to discontinue doing so for a day or two while trying to find a solution.

If you disable the Norton Personal Firewall, do your Norton apps and any others such as Microsoft Office open and run normally?

C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SXI7W5IB

Also I clear out temp internet files using internet options throughout the day

I just edited the previous post. What I think is happening is that each affected app needs to access the CRL. Clearing the cache frequently is likely interfering with your system's normalization. The fact that you just reported the CRL file only in your System32 folder supports my theory. NOTE: There is another temporary internet files folder and it is accessed via a different path. Mine is
"C:\Documents and Settings\username\Local Settings\Temporary Internet Files\Class3SoftwarePublishers.crl".

Don't get me wrong; I clear my cache regularly, too. But until you can get each app that wants to peek at the Certificate Revocation List the opportunity to do so, I strongly urge you to discontinue clearing the TIF.

The fastest way to get the CRL is probably to temporarily disable your Norton firewall. If you don't feel comfortable with that, check NPF and be sure to allow connections to crl.verisign.com . Be sure that url is not blocked.

There may be another way to do it, too. Advise of your progress and I'll check back later.

OK I disabled the firewall for now.Did you see the 1 in the brackets for software publishers? Is that supposed to be there? Seems it is a copy of the file and am i correct in saying that.

Also are you employed by Symantec? Thanks for the help.

I've just edited the previous post.

Yes it is a copy. While your firewall is disabled, try running each application that would open slowly before. Let each stay open for perhaps thirty seconds then close and go to another.

Can you configure your firewall not to start at boot without going into msconfig? If you can, do so and reboot. Your computer should start normally. Then you may be able to reset your firewall to start up at boot. If all is well and you have the CRL in the Temporary Internet Files folder shown in bold in the previous post, your computer should be "healed"......Hopefully!

No, I'm not with Symantec.

said by damnyank:

---

said by Keizer:

---

I am running NSW 2003. Take that symantec integrator out of your firewall, and then delete your temp folder and open NSW.

Keizer

---

Why would I want to do that??
I wouldn't expect it to function properly!

---

Because prior to Jan. 7th.....Symantec integrator never had to step foot in my firewall for Norton systemworks to function! See the problem now???

Keizer

said by Allyn_P:

---

Don't get me wrong; I clear my cache regularly, too. But until you can get each app that wants to peek at the Certificate Revocation List the opportunity to do so, I strongly urge you to discontinue clearing the TIF.

---

On my wifes system, the only thing that likes to peek at the revocation list file in the temp internet folder, is Symantec integrator. After that, all parts of Systemworks functions fine.

For example, I clear my temp internet folder. I start up NSW. Symantec integrator asks for internet access in zone alarm. I allow it, the revocation list file is created in the temp internet folder, and all other systemwork apps function without asking for internet access!

Keizer

What I suspect is that they all have to do it at least once. Why, I don't know. But for now that seems to be the case. Thereafter, perhaps only one app such as Integrator may have to check the list.

I've NSW 2003 configured to leave the CRL in my TIF cache when I run Web Cleanup. System runs fine.

said by Allyn_P:

---

What I suspect is that they all have to do it at least once. Why, I don't know. But for now that seems to be the case. Thereafter, perhaps only one app such as Integrator may have to check the list.

I've NSW 2003 configured to leave the CRL in my TIF cache when I run Web Cleanup. System runs fine.

---

I would think that Symantec could(and maybe will)come up with a live update, that will put the revocation list file in a permanent folder. Then have the installed Symantec software look in this permanent folder, instead of the temp internet folder.

Yeah, excluding the revocation list file from Nortons web cleanup utility,I would say is the best work around so far.

Keizer

said by Allyn_P:

---

I've NSW 2003 configured to leave the CRL in my TIF cache when I run Web Cleanup. System runs fine.

---

Maybe I have been doing something wrong since I installed NSW 2003 over a year ago - but I have never run Web Cleanup! I have always used a combination of Internet Cache Cleanup (daily) and Fast and Safe Cleanup (about every fourth or fifth day). I just ran both the other day thinking all was cleaned up - until Allyn_P had geministars check for his *.crl in two locations. I checked mine (as I had not seen and reported I had no such certs).

Well, I found the Publisher certs in two locations ( slightly different) from where Allyn_P said they were located on his system - but basically in the same general location (one in System32 and the other in Documents & Settings). System 32 was dated Jan 8, 2004 and the the other was dated Jan 10, 2004. Since I ran both Internet Cache Cleanup and Fast and Safe Cleanup since those dates - it is obvious neither of them clean these up.

It appears Internet Cache and/or Fast & Safe Cleanup only clears temp internet files in the username\localsettings\temp internet files.

Thus - I am running along fat dumb and happy - displaying none of the problems I had on January 7th - because it appears the way I have been using NSW 2003 (not using Web Cleanup) has permitted my crl files to remain on my system!

Comments/advise on Web Cleanup vice Internet Cache/Fast and Safe Cleanup would be appreciated!

Allyn, I think I have every thing working now.1st I reintalled NIS 2003 and things did not change. Then did a search in Google groups for certificate revocation and there was Norton link concerning firewall problems.
The solution was to permit access to secure sites in Personal Firewall - Advanced - General Rules.

The access to secure sites in list was blocked by default and I changed it to permit.Then I checked the box under Security in Internet options - Check for Publisher's Certificate Revocation and then leaving next box unchecked.
Then in log viewer I could see the connections that were made to Verisign.

Took a look at TIF then saw new certificate:

»crl.verisign.com/Class3S ··· hers.crl

C:\Documents and Settings\Owner\Local Settings\Temporay Internet Files

Cannot access or log on to secure Web sites with NIS OR NPF

»service1.symantec.com/SU ··· _sch_nam

Thank You for your help

Hello again!

When all this went on at high revs, I used the two workarounds to be able to continue working on my computer. I had the Office Plug-in disabled in NAV and "Check for ..." in IE un-ticked.

Every now and then I went to IE and re-ticked that box but the slow-down was still a problem and I un-ticked again. After a day or two there was no more slow-down when I re-ticked the box.

I had not done anything at all in terms of getting new certificates.

I Ghosted back to late december 2003 and stayed off-line until I had checked the certificates and *.crl files. I already had those "late date" certificates.

I went on-line and Automatic Live Update did its thing and I also ran Live Update manually.

There was no slow-down what-so-ever.

I checked the certificates and there was no change what-so-ever.

I checked the *.crl files and there were additions to those.

I´m on WinXP Pro and there are TIF folders for each account. The *.crl files are in the TIF folders for LocalService, NetworkService and system32.
When I clear the TIF cache, no other TIF folder than my own is cleared and that one doesn´t contain any *.crl files.

Maybe "sitting it out" would have been the best solution but since the cause was unknown, people wanted to find out and possibly contributed to their own situation.

Christer,
who paniced too until he understood that he wasn´t smart enough ...... ......