New fixes and component versions in Endpoint Protection 14 MP1

book

Article ID: 150564

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution


Symantec Endpoint Protection 14 MP1 fixes

SEPM displays duplicate hardware IDs

FIX ID: 3916370

Symptom: The Symantec Endpoint Protection Manager (SEPM) displays duplicate hardware IDs. The client online/offline status changes frequently, and client entries are overwritten by multiple clients with different host names, IP addresses, MAC addresses, and other identifying information. The secreg debug log displays messages that mention the following responses:

  • 412 Register again
  • 468 CSN reset

Solution: Revised the server-side logic to better handle the hardware key detection. Also revised the client-side logic for hardware key creation, and reporting back to the management console.

 

After an update to IE 11, Home/Monitors/Reports experiences display issues and are very slow to load or never load (blank)

FIX ID: 3992718

Symptom: The Home, Monitor, and Reports Home tabs take a long time to load, do not load fully, or display blank or other PHP pages after you update Internet Explorer to version 11.

Solution: Added a 30-second timeout when using cURL to access an external website.

 

Risk logs from certain 12.1.6 clients do not upload to the SEPM or upload after weeks or months, despite being consistently online

FIX ID: 3993086

Symptom: When the "Upload maximum size" is set to a value larger than 350, a client with that many virus and spyware log events occurring in a single upload period is unable to upload these logs to SEPM.

Solution: Modified Symantec Endpoint Protection Manager to successfully receive the larger logs.

 

SEP causes an increase in SMB traffic

FIX ID: 3995337

Symptom: Symantec Endpoint Protection is observed to cause high SMB traffic in versions later than 12.1.5, which introduced a change to SymEFA.

Solution: Changed the method of querying for file IDs and looking up stream contexts.

 

Video files on XDCAM drives are not being excluded from AutoProtect ReadCache

FIX ID: 4010922

Symptom: Loading video files from Sony XDCAM drives within Avid Media Composer 6.5 takes significantly longer with Auto-Protect enabled. As of 12.1.6 MP5, Auto-Protect should already exclude MXF and BIM files from being cached.  

Solution: When Auto-Protect cannot properly determine the file type for these files, it now excludes them based on the file system driver name, \\FileSystem\\PDUDFS, in the volume properties in FLT_VOLUME.

 

Migrating SEPM 12.1 RU6 MP5 to SEPM 14 results in IPS Policy edit and create failures

FIX ID: 4013024

Symptom: After migrating Symantec Endpoint Protection Manager from 12.1.6 MP5 to 14, you are unable to create or modify IPS Policies.  You can create and modify the custom IPS portion of the IPS Policy, however.

Solution: Modified the existing function to handle a scenario with revisions with the same timestamp. Also modified the routine to clean up obsolete content revisions during migration.

 

SEPM 14 upgrade fails when creating the DATE_DIMENSION table

FIX ID: 4013273

Symptom: Symantec Endpoint Protection Manager fails to upgrade to version 14 because of a date format error for some native versions of SQL Server that have a DMY date format.

Solution: The Symantec Endpoint Protection Manager installation/upgrade process now uses the ISO 8601 format to correctly handle all date formats used by SQL Server.

 

Portuguese SEP clients do not update with AutoUpgrade when their Portuguese SEPM migrates from 12.1.x to 14

FIX ID: 4016906

Symptom: After migrating a Portuguese Symantec Endpoint Protection Manager from 12.1.x to 14, the Portuguese SEP clients do not upgrade from SEP 12.1 using AutoUpgrade. The version 14 setAid.ini file is configured with ClientLanguage=Brazilian; however, the SEP 12.1 clients are configured with ClientLanguage=Portuguese, which results in a language mismatch.

Solution: Now allows an AutoUpgrade if there is a language mismatch between Portuguese and Brazilian. Changed the ClientLanguage setting on the client from “Brazilian” to “Portuguese” for the client to avoid future mismatches.

 

Unable to auto-compile for RHEL 7.3 with SEP 12.1 or 14

FIX ID: 4016923

Symptom: When installing the SEP 12.1 or 14 client on Red Hat Enterprise Linux (RHEL) 7.3, the kernel modules for Auto-Protect fail to automatically compile.

Solution: Updated to allow AutoProtect kernel module to auto-compile for RHEL 7.3.

 

A slow first heartbeat causes a delay in location switching

FIX ID: 4018124

Symptom: After migrating to 12.1.6 MP5, laptops are slow to boot up due to Symantec Endpoint Protection not switching locations to one where Ethernet was not blocked. Removing location-switching criteria results in everything booting as expected. Initial connectivity between the client and the management console is also observed as being delayed for 2-3 minutes after restarting.

Solution: Forces the loading of dependent components for first heartbeat to complete successfully, so that SEP client can say that it is connected to SEPM server, and location-switching depending on this connection can occur.

 

BugCheck 27 after migrating to SEP 14

FIX ID: 4018334

Symptom: When you migrate a Windows client computer from 12.1.7061.6600 to version 14.0.1904, it begins to crash with a blue screen error, and the log on time increases.

Solution: Fixed Auto-Protect code to not request an oplock on network files.

 

Java console does not open after SEPM upgrade to 14

FIX ID: 4019880

Symptom: You cannot launch the Symantec Endpoint Protection Manager Java remote console if both the 32- and 64-bit versions of the Java Runtime Environment (JRE) are installed.

Solution: Added a note to the remote console launch page at http://SEPM:9090 page to advise to uninstall the 32-bit version of JRE.

 

Reboot settings do not appear to work after installation

FIX ID: 4038133

Symptom: You create an installation package with custom settings, a silent installation with a delayed restart. After installation, however, the restart prompt does not match the delayed restart. If the client you install does not include the firewall, the post-install reboot request sometimes does not follow policy.

Solution: When Symantec Endpoint Protection is installed without the Firewall feature, Symantec Endpoint Protection no longer requests a reboot without honoring the installer reboot policy.

 

With ADC enabled in SEP 14, monitor flashes erratically when trying to navigate

FIX ID: 4042341

Symptom: With Application and Device Control enabled in Symantec Endpoint Protection 14, the monitor flashes erratically when you try to navigate. The process esif_assist_64.exe crashes, which causes the monitor to flash.

Solution: Changed code to prevent the process esif_assist_64.exe from crashing.

 

SEP 14 causing random hangs on servers and desktops

FIX ID: 4047048

Symptom: Servers and desktop computers lock up or hang after they upgrade to Symantec Endpoint Protection 14. During this hang, you cannot connect remotely to the systems using programs such as Remote Desktop Connection. This issue also occurs with virtualized servers and desktop computers hosted on VMware and Hyper-V.  You do not get a log on screen, nor can you access anything on the computers while they are in this state, though the affected systems seem to respond to pings. This issue seems to happen at random. A restart allows the affected computers to work for a short while, but the issue returns.

Solution: Changed the Auto-Protect code so that it does not lock the file usage.dat under the SDS definition folder.

 

A large number of computers hang permanently during logon

FIX ID: 4047722

Symptom: A couple of weeks after you install Symantec Endpoint Protection 14 in your environment, a large number of computers are unable to complete startup to the logon prompt. These machines persistently hang at the "Please wait" window.

Solution: Removed the call to the dll GET_DATE_AND_TIME to prevent it from loading during a computer restart.

 

SEP Mac scans start but display no progress or stop time, or show as "canceled"

FIX ID: 4049799

Symptom: Scheduled scans on a Symantec Endpoint Protection for Mac client start, but display no stop time or other results in Symantec Endpoint Protection Manager, and are sometimes shown as canceled for unknown reasons. A weekly scheduled scan, for example, appears to log multiple "scan started" events in a short period on the same day, but have no corresponding "scan stopped". The status in the client user interface for such scans display as paused.

Solution: Corrected code to prevent a scan from starting if it is set to resume an existing scan.

 

Chrome Adobe Flash component fails to update with SMC started

FIX ID: 4050141

Symptom: Chrome fails to update the Adobe Flash component with the Symantec Management Client (SMC) enabled.

Solution: Corrected an issue where Symantec Endpoint Protection blocked the Chrome Flash component update.

 

SEP 14 on Mac client returns the message "scan with (null) failed" with a right-click scan, and definitions stop updating

FIX ID: 4050993

Symptom: When trying to scan a specific file or folder with a right-click scan (right-click > Scan with Symantec), you see the message, "scan with (null) failed". When you launch a scan using the client user interface, you see the message, "The scan failed because the subscription has expired," and definitions no longer update on the client.

Solution: Corrected erroneous Norton licensing check.

 

Simplified Chinese SEP 14 for Mac client displays messy text for any event details

FIX ID: 4052840

Symptom: After you install the Simplified Chinese SEP 14 client on the Simplified Chinese macOS 10.12 client computer, event details display with messy text.

Solution: Corrected the translations for these events.

 

Device Control does not block SafeNet USB SuperPro / UltraPro device

FIX ID: 4054123, 3971808

Symptom: Device Control rules do not block the SafeNet USB SuperPro/UltraPro device as expected.

Solution: Added an exception that allows Symantec Endpoint Protection to block SafeNet devices.

 

Erroneous translation within a Simplified Chinese SEPM when selecting LiveUpdate content

FIX ID: 4055284

Symptom: Within a Simplified Chinese Symantec Endpoint Protection Manager 14, the LiveUpdate content selection screen replaces the Chinese "" with the English "Chinese Simplified".

Solution: Corrected the translation for this text.

 

Component versions in Symantec Endpoint Protection 14 MP1 (14.0.2332.0100)

Red text indicates components that have updated for this release.

Component

DLL File

DLL Version

SYS File

SYS Version

AutoProtect

srtsp64.dll

15.0.15.61

srtsp64.sys

15.0.15.55

BASH Defs

BHEngine.dll

Seq#= 20170111.001

11.0.0.357

BHDrvx64.sys

11.0.0.357

BASH Framework

BHClient.dll

10.1.1.52

N/A

-

CC

ccLib.dll

13.2.0.246

ccSetx64.sys

13.1.1.11

CIDS Defs

IDSxpx86.dll

Seq#= 20161130.100

15.2.4.5

IDSviA64.sys

15.2.3.14

CIDS Framework

IDSAux.dll

15.2.2.22

N/A

-

ConMan

version.txt

2.1.3.14

N/A

-

D2D

version.txt

1.2.1.5

N/A

-

D2D_Latest

version.txt

1.5.0.38

N/A

-

DecABI

dec_abi.dll

2.3.5.10

N/A

-

DefUtils

DefUtDCD.dll

4.16.0.19

N/A

-

DuLuCallback

DuLuCbk.dll

1.8.0.12

N/A

-

ERASER

cceraser.dll

116.2.0.206

eraser64.sys

116.2.0.206

IRON

Iron.dll

7.0.2.34

Ironx64.sys

7.0.2.33

LiveUpdate

LUEng.dll

2.4.0.26

N/A

-

MicroDefs

patch25d.dll

5.1.0.22

N/A

-

SDS Engine

sds_engine_x86.dll

Seq#= 20170209.004

1.2.0.185

N/A

-

SIS

SIS.dll

91.12.4400.5000

N/A

-

STIC

stic.dll

1.2.0.176

N/A

-

SymDS

DSCli.dll

4.0.1.38

N/A

-

SymEFA

EFACli64.dll

6.2.0.14

SymEFASI64.sys

6.2.0.11

SymELAM

ELAMCli.dll

2.0.1.95

SymELAM.sys

2.0.1.85

SymEvent

Sevntx64.exe

14.0.4.24

SymEvent.sys

14.0.4.16

SymNetDrv

SNDSvc.dll

15.2.0.38

symnets.sys

15.2.0.34

SymScan

ccScanW.dll

14.1.2.4

N/A

-

SymVT

version.txt

7.1.0.6

N/A

-

WLU(SEPM)

LuComServerRes.dll

3.3.100.15

N/A

-