New fixes and component versions in Symantec Endpoint Protection 14.0.1 MP2 (14 RU1 MP2)

book

Article ID: 150833

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.0.1 MP2 (14 RU1 MP2). This information supplements the information found in the Release Notes.


New fixes

Httpd.exe crashes for version 14.0.1

Fix ID: 4162475

Symptoms: Httpd randomly crashes when the reverse proxy is enabled for Symantec Endpoint Protection 14.0.1.

Solution: Fixed the issue that caused httpd to crash when a cached file is refreshed.

 

SEP 14.0.1 MP1 client no longer prompts for the password to stop the service

Fix ID: 4162900

Symptoms: For the Symantec Endpoint Protection 14.0 MP2 client with password protection enabled, you are prompted for the password when you try to stop the Symantec Management Client service. After an upgrade to Symantec Endpoint Protection 14.0.1 (14 RU1) MP1, however, you are no longer prompted for a password when you enter smc –stop.

Solution: Changed the order to check the existence of a password to ensure that it gets retained after the upgrade.

 

The Apache service crashes on SEPM server

Fix ID: 4158800

Symptoms: After you assign an agent package to a group, the Apache service, httpd.exe, starts to crash with an access violation fault from the SECARS module.

Solution: Corrected an error in the code that caused a crash during an agent package request.

 

Replication partners do not handle cloud settings correctly

Fix ID: 4162484

Symptoms: Clients that communicate to a replication partner of an Advanced Threat Protection (ATP)-enrolled site do not receive the group's ATP enrollment policy.

Solution: Fixed issues that occur during the migration and replication of the various features in a group's External Communication policy.

 

Running LiveUpdate or upgrading causes replication to fail

Fix ID: 4156687

Symptoms: Replication fails when LiveUpdate runs or an upgrade occurs within 24 hours.

Solution: Updated the Symantec Endpoint Protection Manager configuration, which executes during an installation or an upgrade and sets the proper sequence numbers for replication.

 

Location Switching does not work when Windows 10 comes out of sleep mode

Fix ID: 4162899

Symptoms: The Symantec Endpoint Protection client’s location does not switch as expected when Windows 10 comes out of sleep mode.

Solution: Added sufficient time to do a DNS query on the network after sleep mode ends in order to properly assess location.

 

BugCheck 0x139 occurs due to LIST_ENTRY corruption by srtsp64.sys

Fix ID: 4163935

Symptoms: An invalid scan object causes a BugCheck 0x139 (KERNEL_SECURITY_CHECK_FAILURE) due to LIST_ENTRY corruption by srtsp64.sys.

Solution: AutoProtect now clears the scan object so that the next scan does not reference it in memory.

 

SEPM database deadlock when using GET COMPUTERS from ATP

Fix ID: 4163936

Symptoms: Interleaving calls of GET Computers and Enroll by ATP will cause a deadlock on the SEM_CLIENT table.

Solution: Updated the SEM_GET_COMPUTERS stored procedure to avoid this deadlock.

 

Replication is taking more and more time to complete

Fix ID: 4125568

Symptoms: The cleanup of duplicate clients during replication takes a long time when Active Directory synchronization is also in use.

Solution: Add the ability to include only OUs and Computers during Active Directory synchronization.

 

SEP for Linux fails to auto-compile on Ubuntu 16.04

Fix ID: 4157456

Symptoms: The Symantec Endpoint Protection client for Linux fails to build symev and symap kernel modules at installation or during auto-compile on kernel 4.11.x with the following error: “too few arguments to function ‘vfs_getattr’“

Solution: Added support for Kernel 4.11, so that the kernel modules get built at installation or with auto-compile.

 

SEPM processes .dat files slowly

Fix ID: 4157771

Symptoms: Symantec Endpoint Protection Manager processes .dat files too slowly.

Solution: Improved the rate of .dat file processing by optimizing several areas including queries and parameter location.

 

DCS agents offline after SEP client upgrade

Fix ID: 4156474

Symptoms: Data Center System (DCS) services for version 6.7.0 do not start after Symantec Endpoint Protection client upgrade.

Solution: Corrected an issue where Symantec Endpoint Protection migration disabled a standalone installation of DCS.

 

AutoProtect conflicts with CommVault

Fix ID: 4160263

Symptoms: SRTSP64 conflicts with the backup program CommVault Simpana SP15.

Solution: Skip the backup files that open during a scan.

 

The Client Deployment Wizard hangs while deploying a Communication Update Package

Fix ID: 4157774

Symptoms: The Symantec Endpoint Protection Manager Client Deployment Wizard (CDW) hangs at 0% when you deploy the Communication Update Packages to clients.

Solution: Fix the data handling when pushing a communication package remotely.

 

SEP 14.0 MP2 floods the Event Viewer Application log with Event ID 15

Fix ID: 4157775

Symptoms: Symantec Endpoint Protection 14.0 MP2 floods the Event Viewer Application log with Event ID 15: “Updated Symantec Endpoint Protection Status Successfully to SECURITY_PRODUCT_STATE_ON”

Solution: Altered the logic to update the state (and to log it) only when there is a change in the product.

 

In SEP 14.0.1, searching for clients by IP range does not produce the correct result

Fix ID: 4157784

Symptoms: After an upgrade to Symantec Endpoint Protection Manager to 14.0.1, if you search for clients by IP address range, the incorrect results display.

Solution: Fixed the function that is used for IP address criteria.

 

Data missing in DESCRIPTION column in AGENT_BEHAVIOR_LOG_1

Fix ID: 4158208

Symptoms: The database stores truncated description data when it processes the client logs.

Solution: Increased the column size of AGENT_BEHAVIOR_LOG tables DESCRIPTION column to 4000.

 

Prompt for password during uninstallation when password not enabled for use

Fix ID: 4158803

Symptoms: During the uninstallation of the Symantec Endpoint Protection client, you are prompted for a password, even if the password option is not set for uninstalling the software.

Solution: Update to checks the value of the UninstallNeedPassword attribute from the policy, which is used to determine whether a password is require during an uninstallation.

 

Client count is inaccurate in the Virus Definitions Distribution report

Fix ID: 4159523

Symptoms: When you generate the Computer Status > Virus Definitions Distribution report in Symantec Endpoint Protection Manager, the client count is inaccurate.

Solution: Corrected the query used to determine the client state.

 

SEP clients do not honor the LiveUpdate Settings policy

Fix ID: 4163673

Symptoms: LiveUpdate on the Symantec Endpoint Protection client occasionally attempts to access the default host list or the host list for a different location or policy. It does not use the correct custom host list again until a location changes or a policy updates.

Solution: Resolved the timing issue that causes this situation to happen.

 

REST API call for Get Groups produces an Invalid object V_POLICY_INFO error when you provide a full path name

Fix ID: 4164220

Symptoms: If you use the GET Groups REST API command using the fullPathName and the Symantec Endpoint Protection Manager uses a user-defined database schema, you get a V_POLICY_INFO error.

Solution: Recreated the GET_APPLIED_POLICY_ID function on a user-defined database schema.

 

Limited Administrators are unable to export a Network and Exploit Mitigation Attacks report

Fix ID: 4157779

Symptoms: Limited administrators cannot export Network and Exploit Mitigation logs. The data time format from the exported log was not consistent with the data time format that is defined in the settings.

Solution: Fixed the PHP URL encoding issue and the date time format issue.

 

Risk logs are not uploaded to a secondary SEPM after the primary one goes down

Fix ID: 4157772

Symptoms: Logs fail to upload to a secondary Symantec Endpoint Protection Manager when the primary one is down.

Solution: Changed the behavior for the upload of critical logs to upload logs to the current server (last connected) instead of the first server in the master server list.

 

Scheduled LiveUpdate never runs on unmanaged clients when there is no default gateway network configuration

Fix ID: 4157776

Symptoms: If you have configured an internal LiveUpdate server for use with Symantec Endpoint Protection clients and the client computer has no default gateway, then a scheduled LiveUpdate does not download content from the local LiveUpdate Server.

Solution: Fixed a check that required an outside network connection when an internal LiveUpdate server is involved.

 

No precompiled kernel modules on SUSE Enterprise Linux 11.0 SP4, Kernel 3.0.101-6

Fix ID: 4157778

Symptoms: Symantec Endpoint Protection for Linux requires development tools during installation to SUSE Enterprise Linux 11 SP4 in order to compile kernel modules, and does not enable AutoProtect functionality if they are not present.

Solution: Symantec Endpoint Protection for Linux now contains pre-compiled kernel modules to support SUSE Enterprise Linux 11 SP4 (Kernel 3.0.101-63) for both 32- and 64-bit architectures.

 

The SEP client for Linux logs debug errors even when not in debug mode

Fix ID: 4157780

Symptoms: A Symantec Endpoint Protection client for Linux logs a symev_evrstimes error even if symev is not in debug mode, due to an expression for a condition being incorrectly evaluated.

Solution: Added the appropriate parentheses to allow for the correct evaluation of the condition.

 

Number of entries to display cannot be customized from SEPM 14.0.1

Fix ID: 4157877

Symptoms: In Symantec Endpoint Protection Manager, customizing the number of entries for the command status has limits that cannot be changed.

Solution: Fixed a malformed table element. This fixed both (misalignment and limit not getting saved) issues.

 

Clients appear in the default group regardless of the install package configuration

Fix ID: 4160262

Symptoms: Clients appear in the default group after installation, regardless of the configuration in the installation package, if the client is under another domain.

Solution: Fixed the validation of the global group name during agent registration.

 

When the SEP client executes a scheduled scan, ccSvcHst.exe uses 100% CPU

Fix ID: 4160264

Symptoms: When the Symantec Endpoint Protection client executes a scheduled weekly full scan, you see the CPU usage of ccSvcHst.exe spike in the Task Manager to 100%.

Solution: Fixed a registry return value when deleting a key that causes excessive processing.

 

SEP client for Linux does not provide pre-compiled support for RHEL 7.4 and 6.4 kernels

Fix ID: 4158323 

Symptoms: SEP does not provide pre-compiled AutoProtect kernel modules for RedHat Enterprise Linux (RHEL) 7.4 (3.10.0-693.11.6.el7.x86_64) and 6.4 (2.6.32-696.18.7.el6.x86_64).

Solution: Pre-compiled AutoProtect kernel modules added for these kernel versions.

 

Component versions

The build number for this release is 14.0.3929.1200. Red text indicates components that have updated for this release.

Component

DLL File

DLL Version

SYS File

SYS Version

AutoProtect

srtsp64.dll

15.0.30.28

srtsp64.sys

15.0.30.27

BASH Defs

BHEngine.dll

Seq#= 20170926.001

11.3.2.9

BHDrvx64.sys

11.3.2.9

BASH Framework

BHClient.dll

10.4.1.7

N/A

-

CC

ccLib.dll

13.3.1.4

ccSetx64.sys

13.3.0.24

CIDS Defs

IDSxpx86.dll

Seq#= 20170824.200

16.1.4.35

IDSviA64.sys

16.1.4.31

CIDS Framework

IDSAux.dll

15.2.5.23

N/A

-

CP3 version.txt 2.3.0.295 N/A -
CX cx_lib.dll 3.0.1.28 N/A -

ConMan

version.txt

2.1.5.24

N/A

-

D2D

version.txt

1.2.1.5

N/A

-

D2D_Latest

version.txt

1.5.0.44

N/A

-

DecABI

dec_abi.dll

2.3.5.10

N/A

-

DefUtils

DefUtDCD.dll

4.16.8.24

N/A

-

DuLuCallback

DuLuCbk.dll

1.8.1.17

N/A

-

DuLuxCallback duluxcallback.dll 2.9.1.7 N/A -

ERASER

cceraser.dll

117.3.0.35

eraser64.sys

117.2.0.45

IRON

Iron.dll

7.0.5.14

Ironx64.sys

7.0.5.13

LUX Lux.dll 2.9.1.11    

LiveUpdate

LUEng.dll

2.6.0.15

N/A

-

MicroDefs

patch25d.dll

5.1.3.11

N/A

-

SDS Engine

sds_engine_x86.dll

Seq#= 20180302.007

1.5.0.321

N/A

-

SIS

SIS.dll

91.12.4400.5000

N/A

-

STIC Defs

stic.dll

Seq#= 20171013.009

1.4.1.402

N/A

-

SymDS

DSCli.dll

6.2.0.17

N/A

-

SymEFA

EFACli64.dll

6.3.1.27

SymEFASI64.sys

6.3.1.26

SymELAM

ELAMCli.dll

2.0.1.95

SymELAM.sys

2.0.1.85

SymEvent

Sevntx64.exe

14.0.5.10

SymEvent.sys

14.0.5.9

SymNetDrv

SNDSvc.dll

15.2.2.18

symnets.sys

15.2.2.18

SymScan

ccScanW.dll

14.2.1.16

N/A

-

SymVT

version.txt

9.2.3.6

N/A

-

Symulator version.txt 1.5.0.64 N/A -
TCSAPI version.txt 1.6.0.14 N/A -
Titanium titanium.dll 2.4.1.12 N/A -

WLU(SEPM)

LuComServerRes.dll

3.3.202.6

N/A

-