ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

New fixes and component versions in Symantec Endpoint Protection 12.1.6 MP3

book

Article ID: 150207

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 12.1 Release Update 6 Maintenance Pack 3 (12.1.6 MP3). This information supplements the information found in the Release Notes.

In addition to the following fixes, this release addresses Symantec Endpoint Protection Elevation of Privilege Issues (SYM15-011).

New Fixes

DefWatch quick scans do not run

Fix ID: 3765193

Symptom: If you upgrade the Symantec Endpoint Protection client on computers where short file names are disabled, quick scans do not run.

Solution: Modified the installer to detect and handle this scenario.

 

Checkboxes in Risk logs react slowly when a large number of entries are selected or returned

Fix ID: 3741393

Symptom: When there are a large number of entries in the Risk log, clicking a check box is slow.

Solution: Removed unnecessary nested loops, which improved the performance from O(n^m) to O(n).

 

An excessive number of logs appear in the /var/log/: "kernel: symev: cannot get valid inode for /proc/net/rpc/nfsd"

Fix ID: 3806410

Symptom: Hundreds of logs appear in /var/log/ in a short period of time.

Solution: Changed the log level of the message to a lower debug level.

 

After installing or upgrading to 12.1 RU6 or 12.1 RU6 MP1a, blue screen errors occur on Windows Server 2003 R2 x86 with SymEFA implicated

Fix ID: 3822263

Symptom: After installing or upgrading to 12.1 RU6 or 12.1 RU6 MP1a, blue screen errors occur on Windows Server 2003 R2 x86.

Solution: Avoided calling Windows 2003 APIs which were causing the errors.

 

Deployment status in the client properties shows "No Status Reported"

Fix ID: 3826535

Symptom: Symantec Endpoint Protection Manager reports "No status available" for the deployment status of some clients.

Solution: Included the client's deployment status in the daily full operational state update.

 

Unable to connect to wireless networks after upgrading the clients from 12.1 RU5 to 12.1 RU6

Fix ID: 3834919

Symptom: The Symantec Rasman module is registered even if Symantec Network Access Control (SNAC) is disabled. If you uninstall the Symantec Endpoint Protection client in this state, it leaves the Symantec Rasman values registered, causing routing and remote access services to fail to start.

Solution: Client installation now sets the Rasman service values correctly.

 

On Windows Embedded platforms, upgrading from 12.1 RU5 to 12.1 RU6 or 12.1 RU6 MP1a fails

Fix ID: 3835033

Symptom: Migration from 12.1 RU5 to 12.1 RU6 or 12.1 RU6 MP1a fails on Windows Embedded platforms when the RegFilter service is disabled or not running.

Solution: Modified the installer to continue when the RegFilter service is disabled or not running.

 

Auto-Protect malfunction in Ubuntu 14.04 kernel 3.16

Fix ID: 3838962

Symptom: The build Auto-Protect kernel on Ubuntu 14.04 fails.

Solution: Ubuntu 14 support added.

 

Content delta merge fails, resulting in a full content download to clients, and a high bandwidth utilization from the SEP management server to the client

Fix ID: 3849976

Symptom: The network utilization between the management server and client occurs is higher than expected due to the clients downloading a full set of virus definitions.

Solution: Implemented better handling of an error condition that was placing delta files in the wrong folder.

 

SymDelta_* folders in C:\Documents and Settings\NetworkService\Local Settings\Temp or C:\Users\semsrv\AppData\Local\Temp are not removed after failed delta merge operations, and systems run out of disk space

Fix ID: 3851761

Symptom: When a delta merge fails continuously, a large number of files are saved in the temp folder.

Solution: Added a new 'scm.delta.merge.delete.after.days' property option in the conf.properties file, which controls the number of days log files are retained.

 

Unnecessary "Security Breach" alerts from manager

Fix ID: 3751776

Symptom: An admin receives a "Security Breach" alert email from Symantec Endpoint Protection Manager with no apparent cause.

Solution: Corrected the erroneous cases that were being reported and corrected the IP address that was being displayed in the email.

 

Home, Monitor and Reports tab becomes blank if SEPM has 5 NICs enabled

Fix ID: 3754931

Symptom: If Symantec Endpoint Protection Manager uses more than 5 NICs (5 IPv4 or 5 IPv6 addresses), when you log on to Symantec Endpoint Protection Manager using the server name, the Home page appears blank.

Solution: Added support to Symantec Endpoint Protection Manager to allow log on into Symantec Endpoint Protection Manager, even when there are more than 5 NICs (IPv4 or IPv6) configured on the computer.

 

Selecting a group when exporting a client install package takes significantly longer in 12.1 RU6

Fix ID: 3832903

Symptom: In export Client Install Package, the response in selecting a group is slow.

Solution: Modified the underlying query to avoid a data type conversion which was negatively impacting performance.

 

QSP files left behind in C:\Windows\Temp and detected by AV scans

Fix ID: 3671359

Symptom: QSP files are left behind in the C:\Windows\Temp folder.

Solution: Removed a read-only attribute so that the cleanup task could delete the QSP files.

 

Administrators receive a "Security Breach" alert and the message that the "Request could not be authorized"

Fix ID: 3713277

Symptom: When two administrators delete the same scan configuration, the second administrator receives the following error message: "Request could not be authorized. [0xfb000000]". Additionally, the administrator receives a "Security Breach" alert.

Solution: Handled this case silently as it is neither an error nor a security breach.

 

The IP address and fully qualified domain name of the source of the content is missing in the Windows Event Log for some content messages

Fix ID: 3827911

Symptom: The Symantec Endpoint Protection client fails to log the IP address and/or the fully qualified domain name of the source from where it downloads content.

Solution: Added the full content path in the Windows Event Log for contents downloaded from a Group Update Provider and the Symantec Endpoint Protection Manager for all good and bad cases.

 

Component versions

Component Version
AV Engine 20141.2.0.56
AutoProtect 14.6.3.37
BASH Defs 9.3.0.69
BASH Framework 8.0.0.137
CC 12.12.0.15
CIDS Defs 14.2.1.9
CIDS Framework 12.4.0.11
ConMan 1.1.2.7
D2D 1.2.0.3
D2D_13 1.3.0.3
DecABI 2.3.3.2
DefUtils 4.8.1.4
DuLuCallback 1.5.1.5
ECOM 141.2.0.59
ERASER 115.1.1.10
IRON 4.0.4.13
LiveUpdate 2.3.1.7
MicroDefs 3.8.1.1
SIS 91.12.290.5000
SymDS 3.0.0.69
SymEFA 5.2.0.4
SymELAM 1.0.3.17
SymEvent 12.9.6.19
SymNetDrv 14.0.4.5
SymVT 5.4.0.49
WLU (Symantec Endpoint Protection Manager) 3.3.100.15