New fixes and component versions in Symantec Endpoint Protection 14.0.1 MP1 (14 RU1 MP1)
Article ID: 150764
Updated On:
Products
Issue/Introduction
Resolution
This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.0.1 MP1 (14 RU1 MP1). This information supplements the information found in the Release Notes.
New fixes
SEP 14 MP1 for Mac scans run intermittently
Fix ID: 4072789, 4090438
Symptoms: After an upgrade to Symantec Endpoint Protection 14 MP1, daily scheduled scans do not run sometimes, and the idle-time scan setting is disabled.
Solution: Changed the way scheduled scans execute. Instead of the use of a job manager, the scheduled scans are stored and executed by a task scheduler.
Definitions stay out of date unless customer reboots
Fix ID: 4112297
Symptoms: The Defwatch scan never finishes, and the definitions stay out of date unless you reboot. Event logs shows that content successfully download from Symantec Endpoint Protection Manager but failed to install.
Solution: Added checks to handle a scenario where two sets of definitions are loaded into ccSvcHst.exe during a scan.
Bugcheck 0x3b references SRTSP64.SYS
Fix ID: 4117125
Symptoms: The server crashes suddenly. The crash dump indicates that SRTSP64.SYS was involved, with Bugcheck 0x3b.
Solution: Fixed a race condition between two function calls by introducing an R/W lock, to protect a resource from being used before it is fully initialized.
IPS host exclusion not being honored on Macs
Fix ID: 4119049
Symptoms: Despite adding an IP address to the list of excluded hosts for IPS, the excluded IP address continues to send “Vulnerability (TCP SYN FLOOD) blocked” messages on Macs.
Solution: If the excluded IP addresses list is too long, then some IP addresses are not sent to the SEP kernel extension. Fixed by resolving mismatch between actual and current IP addresses list.
SEP 14 MP2 for Mac installer fails with error: “Failed to launch helpertool”
Fix ID: 4120769
Symptoms: Installing SEP for Mac 14 MP2 results in the following error: “Failed to launch helpertool.” Installation with the root account results in an application crash.
Solution: Fixed a problem in referencing an unlinked /tmp directory during installation.
UI display issues after installing the Simplified Chinese SEP 14 MP2 client on the Mac
Fix ID: 4124412
Symptoms: After installing the Simplified Chinese client for SEP 14 MP2 on a Mac, the UI for settings and the quarantine is not completely translated, and shows a mix of English and Chinese characters.
Solution: Fixed a problem in loading the translations onto the UI.
Disabled/locked IPS setting prompts a warning message and a Fix button on client
Fix ID: 4125490
Symptoms: You disable or lock Network Threat Protection/Intrusion Prevention with the IPS policy, or if the IPS policy is withdrawn from the client group. The UI on the Mac unexpectedly displays both a warning that NTP is disabled, as well as an option to fix it, even though it is locked.
Solution: Fixed by disabling warning message and fix button if policy is disabled and locked by the Symantec Endpoint Protection Manager admin.
SEP Mac IPS ARP Cache Poisoning and SYN Flood events are not forwarded to SEPM
Fix ID: 4128325
Symptoms: Test scans that you run generate portscan, flood, and ARP poisoning detections on Symantec Endpoint Protection 14.x client for Mac. Test scans include as Nmap scans and ettercap mitm ARP poisoning scans. However, the only events that are forwarded to Symantec Endpoint Protection Manager are portscan events.
Solution: Fixed by giving higher precedence to the signature preference provided in policy.
After a client upgrade to SEP 14 RU1, HI check fails
Fix ID: 4135508
Symptoms: After an upgrade to Symantec Endpoint Protection 14 RU1, the Host Integrity check fails for conditions that check the minimum definition date, or a date older than X days. If you downgrade the client to 14 MP2, these conditions work as expected.
Solution: Fixed a problem in reading registry values in Unicode.
SEP 14 RU1 does not prompt for the client uninstall password
Fix ID: 4135757
Symptoms: After you set in policy a password to uninstall the Symantec Endpoint Protection client and then install, the prompt for the uninstall password does not appear.
Solution: Corrected so that now the password prompt appears as expected.
SEP for Linux 12.1.x / 14.x interferes with system performance
Fix ID: 4080495
Symptoms: If user ID to username resolution requires contacting a remote server (such as LDAP), Symantec Endpoint Protection 12.1.x and 14.x for Linux File system access can incur delays. It can also generate delays if username caching is running (such as with NSCD) and the caching service makes a filesystem request.
Solution: Symantec Endpoint Protection for Linux AutoProtect should now cause less of a load on authentication services during normal use.
SymEFASI error prevents Windows 10 (1511) upgrade to Windows 10 (1607)
Fix ID: 4082449
Symptoms: A SymEFASI error prevents an upgrade from Windows 10 (1511) to Windows 10 (1607)
Solution: Changed the driver and cat file name to match the SymEFASI driver package already installed.
Changing an exclusion does not change the scan type for the Security Scan feature
Fix ID: 4095503
Symptoms: The Security Risk scan type does not change back to All when the exclusion is switched to global. When you change the scan type from Security Risk to All, AutoProtect still detects and deletes the EICAR file in the folder.
Solution: Fixed the value of the scan category if the scan type is set to another type other than Security Risk to allow this change.
SDSDefs fill up the disk
Fix ID: 4098523
Symptoms: The SDS definitions do not purge automatically and occupy a lot of disk space.
Solution: Expanded the purge functionality to remove locked files on subsequent calls, instead of just after reboot.
After an upgrade to SEP 14 MP2, erroneous notification appears for old IPS definitions
Fix ID: 4108996
Symptoms: After an upgrade to SEP 14 MP2, the notification appears continually for old IPS Definitions, even if both Symantec Endpoint Protection Manager and the client have the latest IPS definitions.
Solution: When checking out-of-date IPS content, a duplicate moniker that was created during the upgrade is now properly filtered out.
SEP client GUI for 14.0 RU1 on macOS 10.13 does not open on the Korean language OS
Fix ID: 4136400
Symptoms: After you upgrade macOS from 10.12 to 10.13, you then upgrade the Symantec Endpoint Protection client for Mac with a 14.0.1 (14 RU1) package from Symantec Endpoint Protection Manager. After a reboot, you cannot open the client GUI. This issue is specific to the Korean language OS.
Solution: Fixed a Korean font name to prevent the issue.
File copying takes longer than expected if the folder name includes the tilde character (~)
Fix ID: 4104434
Symptoms: Copying a file on a Windows computer takes a long time if the folder name includes the tilde character (~).
Solution: Improved the performance of Application Control by implementing a caching routine to avoid resolving the long path of every folder having ~ in its name.
SEP clients do not honor the LiveUpdate Settings Policy
Fix ID: 4116753
Symptoms: LiveUpdate (LUE) on the Windows client appears to have all the correct settings. However, it occasionally switches to the default host list, or to the host list for a different location or policy. The client does not begin to use the correct, custom host list again until a location change or a policy update.
Solution: A push from the registry to the LUE hive in ccSettings only triggers now if the policy has changed since the last push.
SEP 14 MP2 clients download full.zip for CIDS content
Fix ID: 4133405
Symptoms: Symantec Endpoint Protection clients download the full.zip content from Symantec Endpoint Protection Manager for CIDS content updates, even when there is a content delta file available.
Solution: Added content delta support for CIDS content in Symantec Endpoint Protection Manager.
Clients download the system lockdown fingerprint lists again when the policy is changed, even if the list itself was not modified
Fix ID: 4133864
Symptoms: The Symantec Endpoint Protection client downloaded fingerprint list from server repeatedly for each Profile.xml update, even if there was no change to the fingerprint list itself.
Solution: Implemented a checksum-based solution to prevent the re-download of a fingerprint list if it has not changed.
The Windows 10 Fall Creators Update (1709) firewall is not disabled after installation of SEP 14.0 RU1 with SEP firewall enabled
Fix ID: 4135429
Symptoms: After you install Symantec Endpoint Protection 14.0.1 (14 RU1) with the firewall enabled, the Windows firewall in Windows 10 Fall Creator update 1709 is not disabled.
Solution: Used the correct access rights to query the service status.
System hangs after an upgrade to SEP 14 MP2
Fix ID: 4111141
Symptoms: After you upgrade the computer to Symantec Endpoint Protection 14 MP2, the system hangs.
Solution: Fixed a deadlock issue between the scanner process and the manager process that reloads the definitions.
VC++ compiler is slow under version SEP 14
Fix ID: 4089034
Symptoms: The VC++ compiler is slow on a computer that runs Symantec Endpoint Protection 14.
Solution: Fixed the return status code for reputation lookups if the file hashes are not present in SymEFA.
SDS and STIC not listed in help>troublshooting>Versions>Engines
Fix ID: 4137633
Symptoms: On the Windows client, under Help > Troubleshooting > Versions > Engines, the engine versions for STIC and SDS are not listed.
Solution: Enabled the retrieval of version information for these engines from the latest definitions set.
AutoProtect fails to compile on OpenSUSE 13.1 kernel 3.11.10-25/29
Fix ID: 4137642
Symptoms: AutoProtect fails to auto-compile on OpenSUSE 13.1, with the following error: “implicit declaration of function mark_rodata_rw.”
Solution: AutoProtect now successfully compiles for OpenSUSE 13.1 utilizing the 3.11 kernel line
Slow processing of .dat files in AgentInfo
Fix ID: 4099486
Symptoms: AgentInfo .dat files are slow to process.
Solution: Resolved an inefficient database call in AgentInfo processing.
Incorrect Japanese translation in SEP System log
Fix ID: 4139408
Symptoms: When Browser Intrusion Prevention is disabled in Symantec Endpoint Protection Manager, the Japanese translation for the resulting message in the client system log is wrong for the log entry, "Internet Explorer Browser Intrusion Prevention disabled by policy."
Solution: Corrected the translation.
SEPM 14.0 RU1 reports IPS definitions are "Not available" for clients
Fix ID: 4135910
Symptoms: If the firewall feature is not installed, Symantec Endpoint Protection Manager displays IPS definitions on the client systems are "Not Available."
Solution: Fixed the IPS definition display in Protection Technology view.
Additional notification email sent when sending notification to SEPM administrator
Fix ID: 4136645
Symptoms: When Symantec Endpoint Protection Manager sends a notification email, another email is also sent to another address, [email protected]. Mail to this address then causes an “email unreachable” error.
Solution: Excluded sending notifications to the built-in service accounts.
Kernel warning generated when creating, deleting, or moving a file using NFS4
Fix ID: 4124061
Symptoms: If AutoProtect is enabled on a Linux system, it generates a kernel warning on the first attempt to either create, delete, or move a file by an NFS client on the NFS share, when accessing the NFS server via NFS4.
Solution: Adjusted AutoProtect to prevent the kernel warning.
Multiple zombie processes spawn with SEP 14 RU1 client for Linux installed
Fix ID: 4140652
Symptoms: With the Symantec Endpoint Protection 14.0.1 (14 RU1) client for Linux installed, multiple zombie processes are spawned.
Solution: Fixed by deleting the process handles, even if the processes are not terminated yet.
A Limited Administrator can configure domain-level user info collection
Fix ID: 4079379, 4141376
Symptoms: A Limited administrator with limited group access rights can set the property to collect user information at the Symantec Endpoint Protection Manager domain level.
Solution: Updated to allow only System and domain-level administrators to collect domain-level user information.
After an upgrade from 14 MP2 to 14 RU1, replication fails
Fix ID: 4140772
Symptoms: After an upgrade from 14 MP2 to 14.0.1 (14 RU1), replication fails with the following exception: java.lang.NumberFormatException: For input string: "${VISIBILITYMOCKSEQUENCENUM.EN_US}”
Solution: Set valid integer number to allow for successful replication.
SEP client for Mac application and SymDaemon keep crashing
Fix ID: 4134466
Symptoms: The unmanaged Symantec Endpoint Protection client application and SymDaemon keeps crashing on the Mac.
Solution: Changed a compiler flag that was causing these components to crash.
Smart DNS fails for login.microsoftonline.com
Fix ID: 4142134
Symptoms: With Smart DNS enabled, the nslookup command fails for login.microsoftonline.com. Other lookups complete successfully.
Solution: Updated the code to accommodate a new type of DNS resource record, which login.microsoftonline.com uses.
Operating system freeze involving SRTSP64.sys occurs during a VSS backup
Fix ID: 4107619
Symptoms: During a Volume Shadow Storage (VSS) backup operation, the operating system encounters a deadlock involving SRTSP64.sys, and the computer freezes.
Solution: Updated the code to avoid this particular deadlock situation.
Component versions
The build number for this release is 14.0.3876.1100. Red text indicates components that have updated for this release.
|
Component |
DLL File |
DLL Version |
SYS File |
SYS Version |
|---|---|---|---|---|
|
AutoProtect |
srtsp64.dll |
15.0.30.20 |
srtsp64.sys |
15.0.30.19 |
|
BASH Defs |
BHEngine.dll Seq#= 20170926.001 |
11.3.2.9 |
BHDrvx64.sys |
11.3.2.9 |
|
BASH Framework |
BHClient.dll |
10.4.0.43 |
N/A |
- |
|
CC |
ccLib.dll |
13.3.0.24 |
ccSetx64.sys |
13.3.0.24 |
|
CIDS Defs |
IDSxpx86.dll Seq#= 20170824.200 |
16.1.4.35 |
IDSviA64.sys |
16.1.4.31 |
|
CIDS Framework |
IDSAux.dll |
15.2.5.23 |
N/A |
- |
| CP3 | version.txt | 2.3.0.295 | N/A | - |
| CX | cx_lib.dll | 3.0.1.28 | N/A | - |
|
ConMan |
version.txt |
2.1.4.4 |
N/A |
- |
|
D2D |
version.txt |
1.2.1.5 |
N/A |
- |
|
D2D_Latest |
version.txt |
1.5.0.44 |
N/A |
- |
|
DecABI |
dec_abi.dll |
2.3.5.10 |
N/A |
- |
|
DefUtils |
DefUtDCD.dll |
4.16.8.24 |
N/A |
- |
|
DuLuCallback |
DuLuCbk.dll |
1.8.1.17 |
N/A |
- |
| DuLuxCallback | duluxcallback.dll | 2.9.1.7 | N/A | - |
|
ERASER |
cceraser.dll |
117.2.0.45 |
eraser64.sys |
117.2.0.45 |
|
IRON |
Iron.dll |
7.0.5.14 |
Ironx64.sys |
7.0.5.13 |
| LUX | Lux.dll | 2.9.1.11 | ||
|
LiveUpdate |
LUEng.dll |
2.6.0.15 |
N/A |
- |
|
MicroDefs |
patch25d.dll |
5.1.3.11 |
N/A |
- |
|
SDS Engine |
sds_engine_x86.dll Seq#= 20171129.002 |
1.5.0.321 |
N/A |
- |
|
SIS |
SIS.dll |
91.12.4400.5000 |
N/A |
- |
|
STIC Defs |
stic.dll Seq#= 20171013.009 |
1.3.2.161 |
N/A |
- |
|
SymDS |
DSCli.dll |
6.2.0.17 |
N/A |
- |
|
SymEFA |
EFACli64.dll |
6.3.1.20 |
SymEFASI64.sys |
6.3.0.10 |
|
SymELAM |
ELAMCli.dll |
2.0.1.95 |
SymELAM.sys |
2.0.1.85 |
|
SymEvent |
Sevntx64.exe |
14.0.5.10 |
SymEvent.sys |
14.0.5.9 |
|
SymNetDrv |
SNDSvc.dll |
15.2.2.18 |
symnets.sys |
15.2.2.18 |
|
SymScan |
ccScanW.dll |
14.2.0.52 |
N/A |
- |
|
SymVT |
version.txt |
9.2.1.35 |
N/A |
- |
| Symulator | version.txt | 1.5.0.64 | N/A | - |
| TCSAPI | version.txt | 1.6.0.14 | N/A | - |
| Titanium | titanium.dll | 2.2.4.12 | N/A | - |
|
WLU(SEPM) |
LuComServerRes.dll |
3.3.202.6 |
N/A |
- |
Feedback
