Identifying SEP Eraser Engine Version for Meltdown Spectre Vulnerabilities

.

Meltdown and Spectre are critical enough vulnerabilities that need to be patched quickly, , many organizations using Symantec Endpoint Protection continue to struggle identifying whether they have the right Eraser Engine version updates installed to protect their systems.

 

If you applied that update to systems in your running SEP, it is possible your systems experienced a Blue Screen (BSOD) STOP error MEMORY_MANAGEMENT (0x1a) because the Microsoft patch conflicts with Symantec’s ERASER (Expanded Remediation And Side Effect Repair) engine.

 

Essentially, this means that your systems will be vulnerable to any Meltdown/Spectre attacks until:

1. The SEP Eraser Engine is updated to version 117.3.0.358 or greater

2. The Windows Security Updates have been applied

 

Customers who use SOLVE for SEP are able to and create dashboards to report on their SEP deployment displaying what systems were ready for the Meltdown/Spectre Security Update and which systems needed the Eraser Engine updated first.

.

Here is an example of a SOLVE dashboard we were able to build in less than 30 minutes using live data, so we can keep track of the progress instantly.

 

We divided the dashboard by region for the Americas, Europe, and Asia. On the left, we used donut charts to show the Eraser Engine version distribution. On the right side, we used number boards to display the systems that were running a version of the Eraser Engine older than the compatible version required (117.3.0.358).

 

SOLVE dashboards are interactive, so we are able to perform detailed drill-downs on each slice of the donut chart and on the number board in order to get a complete list of the systems. SOLVE for SEP has an integrated scheduler which allows our customers to submit the details to a ticketing system on a regular basis for the appropriate staff to resolve. One of our large enterprise customers explained,

“With SOLVE for SEP, we can now ‘see’ our data and it has saved us countless hours of manual research!”

.

Detailed drill-down in SOLVE for SEP
Here is a sample of the detailed drill-down

 

In order to determine the full magnitude of Spectre/Meltdown and prioritize remediation, it is important to have actionable intelligence and comprehensive real-time visibility across the environment to identify and inventory all known and unknown endpoints to improve your security posture.

 

Stay tuned for future updates, recommendations, and best practices related to Meltdown and Spectre, and for information about how SOLVE can help.