New fixes and component versions in Symantec Endpoint Protection 14.0.1 MP1 (14 RU1 MP1)

book

Article ID: 150764

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.0.1 MP1 (14 RU1 MP1). This information supplements the information found in the Release Notes.


New fixes

SEP 14 MP1 for Mac scans run intermittently

Fix ID: 4072789, 4090438

Symptoms: After an upgrade to Symantec Endpoint Protection 14 MP1, daily scheduled scans do not run sometimes, and the idle-time scan setting is disabled.

Solution: Changed the way scheduled scans execute. Instead of the use of a job manager, the scheduled scans are stored and executed by a task scheduler.

 

Definitions stay out of date unless customer reboots

Fix ID: 4112297

Symptoms: The Defwatch scan never finishes, and the definitions stay out of date unless you reboot. Event logs shows that content successfully download from Symantec Endpoint Protection Manager but failed to install.

Solution: Added checks to handle a scenario where two sets of definitions are loaded into ccSvcHst.exe during a scan.

  

Bugcheck 0x3b references SRTSP64.SYS

Fix ID: 4117125

Symptoms: The server crashes suddenly. The crash dump indicates that SRTSP64.SYS was involved, with Bugcheck 0x3b.

Solution: Fixed a race condition between two function calls by introducing an R/W lock, to protect a resource from being used before it is fully initialized.

 

IPS host exclusion not being honored on Macs

Fix ID: 4119049

Symptoms: Despite adding an IP address to the list of excluded hosts for IPS, the excluded IP address continues to send “Vulnerability (TCP SYN FLOOD) blocked” messages on Macs.

Solution: If the excluded IP addresses list is too long, then some IP addresses are not sent to the SEP kernel extension. Fixed by resolving mismatch between actual and current IP addresses list.

 

SEP 14 MP2 for Mac installer fails with error: “Failed to launch helpertool”

Fix ID: 4120769

Symptoms: Installing SEP for Mac 14 MP2 results in the following error: “Failed to launch helpertool.” Installation with the root account results in an application crash.

Solution: Fixed a problem in referencing an unlinked /tmp directory during installation.

 

UI display issues after installing the Simplified Chinese SEP 14 MP2 client on the Mac

Fix ID: 4124412

Symptoms: After installing the Simplified Chinese client for SEP 14 MP2 on a Mac, the UI for settings and the quarantine is not completely translated, and shows a mix of English and Chinese characters.

Solution: Fixed a problem in loading the translations onto the UI.

 

Disabled/locked IPS setting prompts a warning message and a Fix button on client

Fix ID: 4125490

Symptoms: You disable or lock Network Threat Protection/Intrusion Prevention with the IPS policy, or if the IPS policy is withdrawn from the client group. The UI on the Mac unexpectedly displays both a warning that NTP is disabled, as well as an option to fix it, even though it is locked.

Solution: Fixed by disabling warning message and fix button if policy is disabled and locked by the Symantec Endpoint Protection Manager admin.

 

SEP Mac IPS ARP Cache Poisoning and SYN Flood events are not forwarded to SEPM

Fix ID: 4128325

Symptoms: Test scans that you run generate portscan, flood, and ARP poisoning detections on Symantec Endpoint Protection 14.x client for Mac. Test scans include as Nmap scans and ettercap mitm ARP poisoning scans. However, the only events that are forwarded to Symantec Endpoint Protection Manager are portscan events.

Solution: Fixed by giving higher precedence to the signature preference provided in policy. 

 

After a client upgrade to SEP 14 RU1, HI check fails

Fix ID: 4135508

Symptoms: After an upgrade to Symantec Endpoint Protection 14 RU1, the Host Integrity check fails for conditions that check the minimum definition date, or a date older than X days. If you downgrade the client to 14 MP2, these conditions work as expected.

Solution: Fixed a problem in reading registry values in Unicode.

 

SEP 14 RU1 does not prompt for the client uninstall password

Fix ID: 4135757

Symptoms: After you set in policy a password to uninstall the Symantec Endpoint Protection client and then install, the prompt for the uninstall password does not appear.

Solution: Corrected so that now the password prompt appears as expected.

 

SEP for Linux 12.1.x / 14.x interferes with system performance

Fix ID: 4080495

Symptoms: If user ID to username resolution requires contacting a remote server (such as LDAP), Symantec Endpoint Protection 12.1.x and 14.x for Linux File system access can incur delays. It can also generate delays if username caching is running (such as with NSCD) and the caching service makes a filesystem request.

Solution: Symantec Endpoint Protection for Linux AutoProtect should now cause less of a load on authentication services during normal use.

 

SymEFASI error prevents Windows 10 (1511) upgrade to Windows 10 (1607)

Fix ID: 4082449

Symptoms: A SymEFASI error prevents an upgrade from Windows 10 (1511) to Windows 10 (1607)

Solution: Changed the driver and cat file name to match the SymEFASI driver package already installed.

 

Changing an exclusion does not change the scan type for the Security Scan feature

Fix ID: 4095503

Symptoms: The Security Risk scan type does not change back to All when the exclusion is switched to global. When you change the scan type from Security Risk to All, AutoProtect still detects and deletes the EICAR file in the folder.

Solution: Fixed the value of the scan category if the scan type is set to another type other than Security Risk to allow this change.

 

SDSDefs fill up the disk

Fix ID: 4098523

Symptoms: The SDS definitions do not purge automatically and occupy a lot of disk space.

Solution: Expanded the purge functionality to remove locked files on subsequent calls, instead of just after reboot.

 

After an upgrade to SEP 14 MP2, erroneous notification appears for old IPS definitions

Fix ID: 4108996

Symptoms: After an upgrade to SEP 14 MP2, the notification appears continually for old IPS Definitions, even if both Symantec Endpoint Protection Manager and the client have the latest IPS definitions.

Solution: When checking out-of-date IPS content, a duplicate moniker that was created during the upgrade is now properly filtered out.

 

SEP client GUI for 14.0 RU1 on macOS 10.13 does not open on the Korean language OS

Fix ID: 4136400

Symptoms: After you upgrade macOS from 10.12 to 10.13, you then upgrade the Symantec Endpoint Protection client for Mac with a 14.0.1 (14 RU1) package from Symantec Endpoint Protection Manager. After a reboot, you cannot open the client GUI. This issue is specific to the Korean language OS.

Solution: Fixed a Korean font name to prevent the issue.

 

File copying takes longer than expected if the folder name includes the tilde character (~)

Fix ID: 4104434

Symptoms: Copying a file on a Windows computer takes a long time if the folder name includes the tilde character (~).

Solution: Improved the performance of Application Control by implementing a caching routine to avoid resolving the long path of every folder having ~ in its name.

 

SEP clients do not honor the LiveUpdate Settings Policy

Fix ID: 4116753

Symptoms: LiveUpdate (LUE) on the Windows client appears to have all the correct settings. However, it occasionally switches to the default host list, or to the host list for a different location or policy. The client does not begin to use the correct, custom host list again until a location change or a policy update.

Solution: A push from the registry to the LUE hive in ccSettings only triggers now if the policy has changed since the last push.

 

SEP 14 MP2 clients download full.zip for CIDS content

Fix ID: 4133405

Symptoms: Symantec Endpoint Protection clients download the full.zip content from Symantec Endpoint Protection Manager for CIDS content updates, even when there is a content delta file available.

Solution: Added content delta support for CIDS content in Symantec Endpoint Protection Manager.

 

Clients download the system lockdown fingerprint lists again when the policy is changed, even if the list itself was not modified

Fix ID: 4133864

Symptoms: The Symantec Endpoint Protection client downloaded fingerprint list from server repeatedly for each Profile.xml update, even if there was no change to the fingerprint list itself.

Solution: Implemented a checksum-based solution to prevent the re-download of a fingerprint list if it has not changed.

 

The Windows 10 Fall Creators Update (1709) firewall is not disabled after installation of SEP 14.0 RU1 with SEP firewall enabled

Fix ID: 4135429

Symptoms: After you install Symantec Endpoint Protection 14.0.1 (14 RU1) with the firewall enabled, the Windows firewall in Windows 10 Fall Creator update 1709 is not disabled.

Solution: Used the correct access rights to query the service status.

 

System hangs after an upgrade to SEP 14 MP2

Fix ID: 4111141

Symptoms: After you upgrade the computer to Symantec Endpoint Protection 14 MP2, the system hangs.

Solution: Fixed a deadlock issue between the scanner process and the manager process that reloads the definitions.

 

VC++ compiler is slow under version SEP 14

Fix ID: 4089034

Symptoms: The VC++ compiler is slow on a computer that runs Symantec Endpoint Protection 14.

Solution: Fixed the return status code for reputation lookups if the file hashes are not present in SymEFA.

 

SDS and STIC not listed in help>troublshooting>Versions>Engines

Fix ID: 4137633

Symptoms: On the Windows client, under Help > Troubleshooting > Versions > Engines, the engine versions for STIC and SDS are not listed.

Solution: Enabled the retrieval of version information for these engines from the latest definitions set.

 

AutoProtect fails to compile on OpenSUSE 13.1 kernel 3.11.10-25/29

Fix ID: 4137642

Symptoms: AutoProtect fails to auto-compile on OpenSUSE 13.1, with the following error: “implicit declaration of function mark_rodata_rw.”

Solution: AutoProtect now successfully compiles for OpenSUSE 13.1 utilizing the 3.11 kernel line

 

Slow processing of .dat files in AgentInfo

Fix ID: 4099486

Symptoms: AgentInfo .dat files are slow to process.

Solution: Resolved an inefficient database call in AgentInfo processing.

 

Incorrect Japanese translation in SEP System log

Fix ID: 4139408

Symptoms: When Browser Intrusion Prevention is disabled in Symantec Endpoint Protection Manager, the Japanese translation for the resulting message in the client system log is wrong for the log entry,  "Internet Explorer Browser Intrusion Prevention disabled by policy."

Solution: Corrected the translation.

  

SEPM 14.0 RU1 reports IPS definitions are "Not available" for clients

Fix ID: 4135910

Symptoms: If the firewall feature is not installed, Symantec Endpoint Protection Manager displays IPS definitions on the client systems are "Not Available."

Solution: Fixed the IPS definition display in Protection Technology view.

 

Additional notification email sent when sending notification to SEPM administrator

Fix ID: 4136645

Symptoms: When Symantec Endpoint Protection Manager sends a notification email, another email is also sent to another address, [email protected] Mail to this address then causes an “email unreachable” error.

Solution: Excluded sending notifications to the built-in service accounts.

 

Kernel warning generated when creating, deleting, or moving a file using NFS4

Fix ID: 4124061

Symptoms: If AutoProtect is enabled on a Linux system, it generates a kernel warning on the first attempt to either create, delete, or move a file by an NFS client on the NFS share, when accessing the NFS server via NFS4.

Solution:  Adjusted AutoProtect to prevent the kernel warning.

 

Multiple zombie processes spawn with SEP 14 RU1 client for Linux installed

Fix ID: 4140652

Symptoms: With the Symantec Endpoint Protection 14.0.1 (14 RU1) client for Linux installed, multiple zombie processes are spawned.

Solution: Fixed by deleting the process handles, even if the processes are not terminated yet.

 

A Limited Administrator can configure domain-level user info collection

Fix ID: 4079379, 4141376

Symptoms: A Limited administrator with limited group access rights can set the property to collect user information at the Symantec Endpoint Protection Manager domain level.

Solution: Updated to allow only System and domain-level administrators to collect domain-level user information.

 

After an upgrade from 14 MP2 to 14 RU1, replication fails

Fix ID: 4140772

Symptoms: After an upgrade from 14 MP2 to 14.0.1 (14 RU1), replication fails with the following exception: java.lang.NumberFormatException: For input string: "${VISIBILITYMOCKSEQUENCENUM.EN_US}”

Solution: Set valid integer number to allow for successful replication.

 

SEP client for Mac application and SymDaemon keep crashing

Fix ID: 4134466

Symptoms: The unmanaged Symantec Endpoint Protection client application and SymDaemon keeps crashing on the Mac.

Solution: Changed a compiler flag that was causing these components to crash.

 

Smart DNS fails for login.microsoftonline.com

Fix ID: 4142134

Symptoms: With Smart DNS enabled, the nslookup command fails for login.microsoftonline.com. Other lookups complete successfully.

Solution: Updated the code to accommodate a new type of DNS resource record, which login.microsoftonline.com uses.

 

Operating system freeze involving SRTSP64.sys occurs during a VSS backup

Fix ID: 4107619

Symptoms: During a Volume Shadow Storage (VSS) backup operation, the operating system encounters a deadlock involving SRTSP64.sys, and the computer freezes.

Solution: Updated the code to avoid this particular deadlock situation.
 

Component versions

The build number for this release is 14.0.3876.1100. Red text indicates components that have updated for this release.

Component

DLL File

DLL Version

SYS File

SYS Version

AutoProtect

srtsp64.dll

15.0.30.20

srtsp64.sys

15.0.30.19

BASH Defs

BHEngine.dll

Seq#= 20170926.001

11.3.2.9

BHDrvx64.sys

11.3.2.9

BASH Framework

BHClient.dll

10.4.0.43

N/A

-

CC

ccLib.dll

13.3.0.24

ccSetx64.sys

13.3.0.24

CIDS Defs

IDSxpx86.dll

Seq#= 20170824.200

16.1.4.35

IDSviA64.sys

16.1.4.31

CIDS Framework

IDSAux.dll

15.2.5.23

N/A

-

CP3 version.txt 2.3.0.295 N/A -
CX cx_lib.dll 3.0.1.28 N/A -

ConMan

version.txt

2.1.4.4

N/A

-

D2D

version.txt

1.2.1.5

N/A

-

D2D_Latest

version.txt

1.5.0.44

N/A

-

DecABI

dec_abi.dll

2.3.5.10

N/A

-

DefUtils

DefUtDCD.dll

4.16.8.24

N/A

-

DuLuCallback

DuLuCbk.dll

1.8.1.17

N/A

-

DuLuxCallback duluxcallback.dll 2.9.1.7 N/A -

ERASER

cceraser.dll

117.2.0.45

eraser64.sys

117.2.0.45

IRON

Iron.dll

7.0.5.14

Ironx64.sys

7.0.5.13

LUX Lux.dll 2.9.1.11    

LiveUpdate

LUEng.dll

2.6.0.15

N/A

-

MicroDefs

patch25d.dll

5.1.3.11

N/A

-

SDS Engine

sds_engine_x86.dll

Seq#= 20171129.002

1.5.0.321

N/A

-

SIS

SIS.dll

91.12.4400.5000

N/A

-

STIC Defs

stic.dll

Seq#= 20171013.009

1.3.2.161

N/A

-

SymDS

DSCli.dll

6.2.0.17

N/A

-

SymEFA

EFACli64.dll

6.3.1.20

SymEFASI64.sys

6.3.0.10

SymELAM

ELAMCli.dll

2.0.1.95

SymELAM.sys

2.0.1.85

SymEvent

Sevntx64.exe

14.0.5.10

SymEvent.sys

14.0.5.9

SymNetDrv

SNDSvc.dll

15.2.2.18

symnets.sys

15.2.2.18

SymScan

ccScanW.dll

14.2.0.52

N/A

-

SymVT

version.txt

9.2.1.35

N/A

-

Symulator version.txt 1.5.0.64 N/A -
TCSAPI version.txt 1.6.0.14 N/A -
Titanium titanium.dll 2.2.4.12 N/A -

WLU(SEPM)

LuComServerRes.dll

3.3.202.6

N/A

-