search cancel

New fixes and component versions in Symantec Endpoint Protection 12.1.6 MP6


Article ID: 150453


Updated On:


Endpoint Protection




This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 12.1 Release Update 6 Maintenance Pack 6 (12.1.6 MP6). This information supplements the information found in the Release Notes.

New Fixes

After an upgrade to 12.1.6 MP5, SNAC clients are quarantined by LAN Enforcer

FIX ID: 3971247

Symptom: After you upgrade to 12.1.6 MP5, the LAN Enforcer quarantines Symantec Network Access Control clients. You see that WGX64.sys fails to load. If you uninstall and reinstall the earlier version, 12.1.6 MP4, the clients work as expected, are note quarantines, and with no driver error.

Solution: Corrected an issue caused when the WGX driver started.

ccSvcHst crashes continuously with bug check 0x80000003

FIX ID: 3802635

Symptom: For Symantec Endpoint Protection 12.1.5, the process ccSvcHst.exe crashes continuously. The module ccL120U fails with the error code 0x80000003.

Solution: Modified the code to handle the method failure which was causing crash.

With SEP installed, a file’s last access time changes when the OnePass backup runs

FIX ID: 3952571

Symptom: With Symantec Endpoint Protection installed, the Simpana OnePass agent backs up the files but updates the last accessed attribute when it should not. Without the Symantec Endpoint Protection client installed, the backup runs as expected, and this attribute does not update.

Solution: Modified Auto-Protect to preserve the last accessed attribute.

Installation of SEP for Linux 12.1.6 MP4 causes RHEL5 U11 to crash and restart

FIX ID: 3965834

Symptom: The InstAutoprotect (symev) module for RedHat Enterprise Linux (RHEL) 5 U11 (64-bit) causes a kernel panic when it loads, when the kernel version 2.6.18-398.e15xen is in use.

Solution: Addressed issue so that this kernel of RedHat Enterprise Linux can successfully install and load Auto-Protect.

When logged on to SEPM through the Web Console, exported log content cannot display

FIX ID: 3974527

Symptom: When you log on to Symantec Endpoint Protection Manager using the Web Console, when you click Export for a log export, you are not able to get the log export results to load. The message that displays is, “This content cannot be displayed in a frame.”

Solution: Changed the conditional check so that the content opens in a new window instead of a frame.

Replication fails with Invalid Hex String: 12

FIX ID: 3985923

Symptom: Replication fails with the error code Invalid Hex String: 12.

Solution: Fixed the default values that are used when inserting the record in binary_file table in the Symantec Endpoint Protection Manager database.

Clients do not download other content monikers when they do not accept files

FIX ID: 3976775

Symptom: If you configure the clients not to receive full definition sets (, then the clients no longer update any content when the first item in the download queue is a full definition set.

Solution: Changed the server’s response so that clients can skip the full definition set, and download the other content.

The virus definition date becomes "Unavailable" on SEPM console after the reboot of the SEP client machine

FIX ID: 3747451

Symptom: After your Symantec Endpoint Protection client computers restart, you notice that they report that their virus definition date is “Unavailable.”

Solution: The registry entry for PatternFileSequence is no longer set to zero during the startup of ccSvcHst.

SEP AutoUpgrade requests flood the network when using an external URL for the client package download

FIX ID: 3910636

Symptom: When you use AutoUpgrade with an external URL for the client package download, some clients may enter a state where they download the URL package repeatedly, until they reboot. The package downloads flood the network.

Solution: Prevented the download error handling from verifying the external URL downloads as if they were Symantec Endpoint Protection Manager package downloads.

Offline clients are counted towards Scan Failures on Home Page

FIX ID: 3923218

Symptom: Offline clients appear under the count for Scan Failures, when the only status it should report is being offline.

Solution: Offline clients are not included in the count Scan Failure, and the Security Status reflects the accurate Scan Failure state on the Home page.

The message "!SiteLuPanel. !" displayed in the SEPM site properties

FIX ID: 3954712

Symptom: The message “!SiteLuPanel. !” appears in the Symantec Endpoint Protection Manager, in the site properties for the local lite, under Content Size to Download. You expect to see options for standard-size definitions or reduced-size definitions.

Solution: Changed the default LiveUpdate content size to prevent this message from being displayed in the UI.

Upgrade to 12.1.6 MP5 fails and leaves the client in a broken state

FIX ID: 3985682

Symptom: During an upgrade to the 12.1.6 MP5 Windows client, ccSvcHst.exe crashes. This crash leaves the client in a broken state. For example, you cannot open the client interface, and connectivity is lost to the Symantec Endpoint Protection Manager, though definitions seem to continue to update.

Solution: Modified the code to prevent SepMasterService from crashing.

Component Versions in Symantec Endpoint Protection 12.1.6 MP6 (12.1.7061.6600)

Red text indicates components that have updated for this release.



AV Engine




BASH Framework



CIDS Framework



















WLU (Symantec Endpoint Protection Manager)