Microsoft updates KB4512506 / KB4512486 are not available for Windows 7 SP1 / Windows 2008 R2 SP1 running Symantec Endpoint Protection or Norton Antivirus.
Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.
Guidance for Symantec customers can be found in the Symantec support article.
From the Known Issues section:
Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.
KACE Systems Management Appliance (SMA) versions 9.1 and older use Ivanti for the patch feed.
The Ivanti Content Team added detection logic to verify if Symantec Endpoint Protection or Norton Antivirus is installed on the client. As per Microsoft's recommendation, we will not be offering the patch to these systems.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center