From prodefence.org
If only Symantec had any sort of forewarning about Microsoft moving to use SHA-2 signed updates, everything might have gone smoother.
It seems that six months is not enough for Symantec to get its ducks in a row, as its anti-virus software is unable to handle SHA-2 signatures, and led to Microsoft withholding updates from certain devices.
In an update note for Windows 7 and Server 2008 R2, Microsoft said that when a device runs any Symantec or Norton antivirus program, and attempts to install an update signed only with SHA-2, the antivirus program blocks or deletes the update during installation, which could make the operating system stop working.