This topic is for information purposes only and may not apply to all system configurations.


Affected Computer

Dell Inspiron laptop computer running Windows XP Home with Microsoft Office XP and Norton Antivirus 2003. No firewall enabled. Computer is normally used behind NAT router.


Background

Two weeks ago, Norton Antivirus and Microsoft Office applications began to exhibit substantial delays when opening. Also, bootup was very slow. These symptoms were typical of the Symantec/VeriSign issue that began the evening of January 7, 2004.

The Symantec-recommended temporary fix was applied in order to disable a security check within Internet Explorer. Under the Advanced tab, "Check for publisher's certificate revocation" was unchecked. This returned the system to normal operation. On several occasions, my client re-enabled the Internet Explorer security setting but still had trouble with slow boot and opening MS Office.


Unchecking the above outlined box temporarily restores normal operation


CRL status

Friday, January 23, 2004, I checked the Dell Inspiron's Temporary Internet File folder containing the Internet cache under C:\Documents and Settings\username\.... and did not find a current CRL there or in any other location. According to my client, the affected computer has accessed the Internet numerous times since January 7, 2004.

The images below are from my own Windows XP Professional installation with the required Certificate of Revocation List(s).


Example of search results showing CRL and copy in System32 subfolder structure.
A new file has recently appeared in a Network Services subfolder.



Example of CRL file


The Fix

While online, I enabled "Check for publisher's certificate revocation" (refer to first image above). Next, I opened Norton Antivirus and observed some delay in opening, though it was not excessive. I closed it then opened MS Word and had fairly fast results. Next, I tried Live Update and experienced some delay. But it finally opened and I found that NAV 2003 had LiveReg and Definitions updates available. I downloaded and installed both, then immediately restarted the computer.

On reboot, the computer started normally and all applications exhibited normal behavior. Live Update opened quickly and all was current. Auto Protect functioned normally.

Performing another search for *.crl showed three additional files plus a copy (2) in the System32 subfolder structure (see second image above). One was the Certificate Revocation List, and two were of the same genre but I don't know what function they perform. I suggested that my client not clear the TIF for a while until we were certain things were stable. He gladly agreed.


Observations

It appears that the applications actually have to be forced to open before the CRL is downloaded and accessed by individual applications. It also appears that the temporary fix should be undone so that Internet Explorer will look for the CRL and the computer can "heal" itself.


Digital Certificates

Additionally, some users may have to download the actual digital certificates. Windows XP systems should not have this problem as a Windows component called Update Root Certificates is installed by default and should perform this function. Windows 9x users should go to https://getca.verisign.com/.

For additional information, click here.


Recommendations

I advise re-checking the "Check publisher's certificate revocation" box after the computer is booted up and online. Next, open Norton Antivirus, wait a few seconds after its open and refreshed, then close it. Do the same for at least one Microsoft Office application.

Important: If you have a software firewall, make sure that crl.verisign.com is not on a blocked list. Allow all outbound requests to crl.verisign.com.

If running Norton SystemWorks, run the NSW (Symantec Integrator) shortcut on the desktop to open the first screen, then close it.

Lastly (and this is the big one!), run Live Update. It may be slow at first, but stay with it. If everything is up to date, fine. If not, download defs and LiveReg (if available), then close NAV and reboot.

After restarting, open NAV again and run Live Update once more and verify all is up to date. If there are more components, download and install them. Reboot and hopefully all will be returned to normal.


Notes

It should not be necessary to reboot after every NAV Live Update once this issue is resolved. I recommend doing so at this time because of concomitant problems with Live Update 2.0. Click here for more information.

And Bingo is my nameoooo !
Thank you Allyn ! that's why Norton gave me so much grief . My desktop was fine , but my laptop got all screwed And it almost happened again , as I run Chkdsk and disk cleanup , just about 2 hours ago . After that I restarted and it took a long time for Norton to show . Sweating bullets over here Finally it did and I run update , restarted again and it's OK now. I guess I should have read your post a while sooner . Would have skipped the housecleaning

Jane

Although I have had no NAV problems I have seen absolutely tons of Symantec problems posted in various forums over the recent months. Much more than usual. I think Symantec could really benefit from hosting their own forum.

Anyhooo, I followed your thread at BBR. It got hijacked when the VeriSign thing hit and exploded into the largest thread I've ever seen over there. 662 replies. Kudos for your hard work there and this How-to (bookmarked) as well. Keep up the good work Allyn.

Jane,

I'm glad it worked for you. Hopefully, the post will help some others still dealing with this issue.