New fixes and component versions in Symantec Endpoint Protection 14.2
search cancel

New fixes and component versions in Symantec Endpoint Protection 14.2


Article ID: 150880


Updated On:


Endpoint Protection




This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.2. This information supplements the information found in the Release Notes.

New fixes

Unable to import a domain file

Fix ID: 4136019

Symptoms: Domain import fails with the error: Zip file is empty.

Solution:  Allow domain import even if there are missing files inside the original export data file.


Clients intermittently lose network connectivity after reboot

Fix ID: 4170825

Symptoms: Network connectivity fails and the Teefer process quits with exit code 31.

Solution: Updated the root certificate cross-signing for the Teefer file based on Microsoft’s recently changed signing requirements.


Manual scan hangs on files bigger than 4 GB

Fix ID: 4071290

Symptoms: Scans hang when manually scanning large files over 4GB.

Solution:  Corrected the wrong type conversion for file lengths in SymEFA.


Scheduled AD sync fails, but manual sync is successful

Fix ID: 4134414

Symptoms: Scheduled Active Directory synchronization fails every time it runs. As a result, other OUs from other AD servers cannot synchronize. However, manual synchronization succeeds.

Solution:  Add a NullPointer check in the Active Directory synchronization process to avoid incorrect processing in certain cases.


SEPM installation fails using Windows Authentication with custom users created in SQL Server

Fix ID: 4148088, 4083467, 4167749

Symptoms: Installation or migration of Symantec Endpoint Protection Manager fails when you choose Windows Authentication for the SQL Server database and then add custom users.

Solution:  Corrected the character set that is used during the processing of usernames.


ccSvcHst process crashes when VLANs are enabled

Fix ID: 4168710

Symptoms: The ccSvcHst process crashes when VLANs are enabled. If there are no VLANs, the crash does not occur.

Solution:  Corrected hostname processing along with conflicting IPv4/IPv6 rules.


During a LiveUpdate session, SEP for Mac unexpectedly produces a network proxy authentication request

Fix ID: 4019330, 4137958,  4168444

Symptoms: When LiveUpdate runs on the Symantec Endpoint Protection client for Mac, a network proxy authentication dialog pops up, even when an anonymous proxy is already configured.

Solution:  Fixed proxy info processing to better handle anonymous proxies.


SEP for Mac definition download fails with LUA over HTTPS

Fix ID: 4076407

Symptoms: When using LiveUpdate Administrator over HTTPS, the download fails for definitions for the Symantec Endpoint Protection client for Mac.

Solution:  Implemented a new method to add an SSL certificate to the LUX data store, and to download the certificate from the server if the HTTPS protocol is selected for LiveUpdate.


SEPM external logging not working

Fix ID: 4092449

Symptoms: After you upgrade to a new Symantec Endpoint Protection Manager, the external logging folder remains empty and the configured Syslog server receives no updates.

Solution:  Added a server error message to indicate when the Syslog server cannot be reached and external logging is blocked.


SEP service ccSvcHst terminates unexpectedly with faulting module MSVCR110.dll

Fix ID: 4103887

Symptoms: The Symantec Endpoint Protection client fails to stay in a running state on a single Windows 2012 R2 server; ccSvcHst crashes or terminates unexpectedly. The faulting module is MSVCR110.dll.

Solution:  Corrected an issue with an unhandled exception that caused ccSvcHst to crash.


SEP for Linux not getting the latest virus definitions

Fix ID: 4104612

Symptoms: After an upgrade to Symantec Endpoint Protection 14 MP2, the client for Linux does not get the latest virus definitions.

Solution:  Initialized defUtils with the configuration file /etc/Symantec.Conf, so that LiveUpdate works properly when it runs along with other Symantec products.


Policy incorrectly applies to multiple groups after an update to the Exceptions policy

Fix ID: 4110703

Symptoms: When you add a file to the Exceptions policy from the Risk Logs, the new policy overwrites the policy for and applies to other groups.

Solution:  Fixed the query in retrieving the list of files and groups from the database.


Audit and Compliance report is unexpectedly blank

Fix ID: 4113073

Symptoms: No data displays after you run an Audit Policies Used report on a Symantec Endpoint Protection Manager with numerous policies.

Solution:  Fixed the parsing routine in the Audit Policies Used report.


SEP client for Linux shows as offline in SEPM after a change to the Management Server List

Fix ID: 4113521

Symptoms: Symantec Endpoint Protection client for Linux displays as offline in Symantec Endpoint Protection Manager after you make a change to the Management Server List.

Solution:  Added an exception handler to handle certain cases when modifying the Management Server List.


Linux terminal session becomes unresponsive for several seconds during certain tasks when SEP and NSCD run on the same system.

Fix ID: 4116464

Symptoms: File system access delays if the user ID to username resolution requires contacting a remote server such as LDAP.  Delays also occurs if username caching, such as NSCD, runs and the caching service makes a filesystem request.

Solution:  Updated Auto-Protect to cause less load on authentication services during normal use.


SEP 14 client install setting does not show progress bar as selected

Fix ID: 4116983

Symptoms: The progress bar does not display during the client installation as configured when you also select the option to remove existing Symantec Endpoint Protection client software that cannot be uninstalled.

Solution:  Fixed the installation type options in the Client Install Settings.


SEP for Linux prevents access to NFS shares

Fix ID: 4118598

Symptoms: Kernel warnings generate when you access an NFSv4 share with Symantec Endpoint Protection client for Linux installed, and possibly during other activities.

Solution:  Updated Symantec Endpoint Protection client for Linux to work with NFSv4 servers when using RHEL 7.3 or later.


SEPM not correctly updating Auto-Protect and scan actions for Linux

Fix ID: 4123707

Symptoms: Symantec Endpoint Protection Manager assigns the wrong Auto-Protect action setting for the Linux client. The child setting does not apply the parent setting, even when the override check box was not selected.

Solution:  Let the child item apply the action setting from the parent group if the override check box is not selected.


Email attachments sent by SEPM are not showing up in iOS Mail

Fix ID: 4124597

Symptoms: Email attachments from Symantec Endpoint Protection Manager do not show up in Mail, the iOS native mail application.

Solution:  Fixed the multipart subtype of the email header.


Cisco VPN v4 adapter cannot be manually added to SEPM 14 MP2 without a name change

Fix ID: 4126289

Symptoms: The network adapter “Cisco VPN v4 (Windows XP, 2000, Server 2003)” is missing in the UI settings after an upgrade from 12.1.6 MP5 to 14 MP2. However, you cannot manually add the adapter unless you change the adapter name, as if the network adapter entry is there by default.

Solution:  Added this network adapter back to the UI settings.


After importing the third-party certificate, SEPM does not show certificate details during logon

Fix ID: 4127987

Symptoms: After importing a third-party CA certificate to SEPM, the certificate details do not display during logon. Instead, details show as “Unknown.”

Solution:  Added auxiliary method to decode certificate.


Bluescreen occurs during SAP import when SEP 14 MP2 is installed

Fix ID: 4130097

Symptoms: Windows 2012 R2 Bugcheck 27 and 50 occurs during an import from SAP when Symantec Endpoint Protection 14 MP2 is installed.

Solution:  Re-established flags during oplock processing in Auto-Protect.


Tamper protection does not protect all SEP registry keys

Fix ID: 4132040

Symptoms: Tamper protection is enabled, but some Symantec Endpoint Protection registry keys in version 14 MP2 can still be changed or deleted.

Solution:  Updated Symantec Endpoint Protection code to protect all necessary registry keys.


Cannot disable SNAC for multiple client groups at once

Fix ID: 4135112

Symptoms: Cannot disable Symantec Network Access Control for multiple groups or clients. Instead, they must be disabled individually, which is not feasible for large numbers of clients or groups.

Solution:  Created a tool  to disable Symantec Network Access Control in bulk. You can acquire this tool by opening a case with Support.


SEP fails to restore quarantined file from Thunderbird email

Fix ID: 4135365

Symptoms: Symantec Endpoint Protection detects a threat in Thunderbird email and quarantines the inbox file. Symantec Endpoint Protection fails to restore the quarantined file because it is detected as a threat again.

Solution:  Added a check to prevent the repeated quarantine of a file that is unchanged between detections.


Firewall rule that allows outgoing traffic triggers on incoming traffic

Fix ID: 4137609

Symptoms:  A firewall rule that allows outgoing traffic triggers on incoming traffic.

Solution:  Fixed the UDP incoming/outgoing direction condition that was lost in the Symantec Endpoint Protection client.


Some registry keys and folders are not removed after uninstalling SEP using CleanWipe

Fix ID: 4140755

Symptoms:  Some registry keys, files, and folders were not deleted after uninstallation with CleanWipe.

Solution:  Added missing registry and file deletes to CleanWipe.


Upgrade of SEPM 14 to 14.0.1 encounters JKS error post-upgrade

Fix ID: 4141417

Symptoms:  An upgrade from Symantec Endpoint Protection Manager 14 to 14.0.1 fails if 14 was installed with the Symantec Endpoint Protection Manager port configured as 8444 (the default is 8443).  The Upgrade-0.log has errors logged related to the Java Keystore (JKS).

Solution:  The Symantec Endpoint Protection Manager upgrade no longer fails if Management or Remote ports are configured as 8444.


After upgrading SEPM to 14.0.1, Group Settings options take a long time to load

Fix ID: 4147125

Symptoms:  The settings panels for General,  External Communication, and Communication take a while to open after a Symantec Endpoint Protection Manager upgrade to 14.0.1.

Solution:  Skip loading the LockDownPanel in the background when showing these settings panels.


Report does not list deleted computers in the Computers Deleted section of a report

Fix ID: 4151374

Symptoms:  Deleted computers do not appear in the report next to Computers Deleted.

Solution:  A deleted computer query now points to the table SEM_COMPUTER.


The SEPM web console hides the Client Properties window

Fix ID: 4153294

Symptoms:  After you upgrade from version 14.0.1 or 14.0.1 MP1, the Client Properties window on the Symantec Endpoint Protection Manager web console may be hidden. To properly display, you must refresh the page.

Solution:  Updated the third-party component AjaxSwing for the web console.


SymDaemon crashes frequently on SEP for Mac

Fix ID: 4156614

Symptoms:  The Symantec Endpoint Protection client for Mac component SymDaemon crashes frequently on the Mac.

Solution:  Added some missing dynamic link libraries.


Notifications for virus detections no longer appear after logon

Fix ID: 4157755

Symptom: You configure the Symantec Endpoint Protection client to display notifications about detections when a user logs on. However, you see detections in the risk log that never appeared in the notification at logon.

Solution: Added a short delay to allow the client computer to be ready for input before it displays these notifications.


SEP 12.1 definitions are down to a single revision

Fix ID: 4157890

Symptoms:  After an upgrade to 14.0.1 MP1, some revisions for the Symantec Endpoint Protection 12.1 content are no longer available, which causes clients to download files.

Solution:  The obsolete content cleaner now skips content that also appears in non-obsolete registrations.



Fix ID: 4157952

Symptoms:  With Symantec Endpoint Protection installed, crashes with BugCheck code MULTIPLE_IRP_COMPLETE_REQUESTS are seen.

Solution:  Eliminated a race condition on Auto-Protect IRP processing to prevent the crash.


SEP for Mac does not honor the LiveUpdate schedule in the policy

Fix ID: 4158998

Symptoms:  On the Symantec Endpoint Protection client for Mac, automatic LiveUpdate does not run on the hourly schedule that is specified in the policy.

Solution:  Updated code so that the policy schedule runs as expected.


SEPFL fails to build on Ubuntu 16.04

Fix ID: 4162379

Symptoms: If you install Symantec Endpoint Protection client for Linux on an Ubuntu system that runs kernel 4.13.0-26-generic, the Auto-Protect kernel module fails to auto-compile or to manually compile.

Solution: Added support for Ubuntu kernel 4.13 & 4.11 on standard Linux clients, NFS clients, and NFS servers.


Certain definitions do not update on Macs that run 14.0.1 MP1

Fix ID: 4165236

Symptoms:  Certain IPS and virus definitions do not update when LiveUpdate runs on Symantec Endpoint Protection client for Mac.

Solution:  Updated the LiveUpdate component.


Inconsistent policy serial numbers appear across SEPMs on the same site

Fix ID: 4166667

Symptoms:  The policy serial numbers are inconsistent between different Symantec Endpoint Protection Managers that are connected on the same site.

Solution:  Retrieve the latest timestamp from database when compiling a policy.


Exceptions policy does not change when you assign a new policy to group

Fix ID: 4168300

Symptoms:  When you assign a new Exceptions policy to a group, the policy does not change on the group.

Solution: Updated so that Symantec Endpoint Protection Manager removes the same type of policy from the assigned policy pool first, before assigning the new policy to this group.


MSI commands to add or remove components does not honor LaunchSMCGui settings

Fix ID: 4168347

Symptoms:  When you use MSI commands to add or remove components, previous settings of LaunchSMCGui=0 revert to 1.

Solution:  Maintain the LaunchSMCGui state during installation changes for add/remove components.


High CPU usage by ccSvcHst persists until system restart; multiple .kc files created in Data\BASH

Fix ID: 4175017

Symptoms:  The ccSvcHst process uses high amounts of CPU and writes several .kc files in the folder Data\BASH. This behavior persists until the system is restarted, but then recurs within weeks.

Solution:  EDR component is doing retries, producing the .kc file. Implemented backoff to eventually eliminate this and the impact on CPU


Email notifications for security alerts are sent

Fix ID: 4118047

Symptoms:  Security alert emails are from the Symantec Endpoint Protection Manager noting suspicious activities.

Solution:  Added a new setting in file to prevent this.


View Logs does not work correctly on the SEP 14 MP2 web console

Fix ID: 4131603

Symptoms:  The View Logs pane in Symantec Endpoint Protection Manager does not work when using the web console on Internet Explorer 11 on Windows 7 SP1.

Solution:  Fixed a related JavaScript error.


Unable to select Mac client install settings when exporting a Mac client package

Fix ID: 4141130

Symptoms:  Client install settings are not honored when exporting Mac client packages.

Solution:  Added comment in Mac installation settings dialog to indicate that this behavior is currently working as designed. Installation settings apply only to AutoUpgrade.


SEP for Mac client does not run LiveUpdate on schedule due to SymDaemon crash

Fix ID: 4145788

Symptoms: LiveUpdate stops updating on schedule due to intermittent SymDemon crashes. Definitions do not update.

Solution:  Fixed an issue with the Job Manager scheduler.


Windows 10 Pro for Workstations systems display as “Windows 10” in SEPM reporting

Fix ID: 4156827

Symptoms:  In Symantec Endpoint Protection Manager reporting, "Windows 10 Pro for Workstations" systems display as "Windows 10."

Solution:  Added code to take care of this new operating system version.


Firewall state in Security Center switches from “off” to “on” by opening the SEP client UI

Fix ID: 4066199

Symptoms:  The firewall state in the Windows Security Center switches from “off” to “on” when the Symantec Endpoint Protection firewall is disabled or withdrawn by Symantec Endpoint Protection Manager policy. This switch is triggered by opening the Symantec Endpoint Protection client UI.

Solution:  Fixed the incorrect logic in the client UI.


Dialog panes do not display correctly when using 150% display scaling

Fix ID: 4135075

Symptoms:  Dialog boxes for Auto-Protect and custom scan options only partially display the expected controls when you use 150% scaling.

Solution:  Changed the affected dialog boxes to automatically scale themselves to match their contained controls.


Event Viewer shows application errors generated for .exe files with SEP installed

Fix ID: 4079621

Symptoms:  With Symantec Endpoint Protection installed, application errors appear in the Event Viewer for various .exe files, like consent.exe and mmc.exe.

Solution:  Fixed incorrect paths for executing the binaries that generate application errors.


The option to prevent clients from downloading full definition packages does not allow Host Integrity content downloads

Fix ID: 4100454

Symptoms:  Host Integrity content does not download when the option to download full definition packages ( is disabled on Symantec Endpoint Protection Manager.

Solution:  Added a check to exclude the blocking of the for Host Integrity content, even though the download of files is otherwise disabled through Symantec Endpoint Protection Manager.


The weekly scheduled scan for SEP for Mac does not run

Fix ID: 4161629

Symptoms:  The weekly scheduled scan for Symantec Endpoint Protection client for Mac does not run as expected. In addition, the daily scheduled scans do not run sometimes, and the idle-time scan setting is disabled.

Solution:  Changed scheduled scan management from a job manager to a task scheduler.


The default action for the SEP client for Linux is different than Windows for the same file

Fix ID: 4052862

Symptoms:  In a default virus action configuration (Clean/Quarantine), Symantec Endpoint Protection client for Linux quarantines the file that the client for Windows would clean by deletion.

Solution:  Added clean by deletion for Symantec Endpoint Protection client for Linux for the default action configuration (Clean/Quarantine) to match the Windows client behavior.


Reporting advanced filter configuration does not allow comma-separated IPv4 addresses

Fix ID: 4063259

Symptoms:  When you try to enter multiple IPv4 addresses separated by commas in the advanced filter section of a report, you get an error that states that the IP address is invalid.

Solution:  Changed the function to allow for the use of a comma in the search.


SEPM Monitors > Logs column headers are no longer static and do not remain visible when scrolling

Fix ID: 4072391

Symptoms: When you scroll through the log on Monitors > Logs, the table header does not remain static and moves to an invisible position.

Solution:  Reconfigure the table so that the header is static while the content part scrolls


Error log entry appears in System log despite disabling Insight Lookup

Fix ID: 4085436

Symptoms:  In the System log, you see a timeout error for a reputation check, even though you have disabled Insight Lookup: "Reputation check timed out during unproven file evaluation."

Solution:  Eliminated the misleading reputation check error in the System log if Insight Lookup is disabled.


A Limited Administrator is granted full access to clients from groups they do not have access to

Fix ID: 4088968

Symptoms: A report that a Limited Administrator can run (for "Protection Content Versions") gathers information from (and allows access to) clients from groups to which access is not granted.

Solution:  Separated the relevant query into two queries, one of which can apply Limited Administrator privilege.


Application List in the Exceptions Policy cannot display more than 5000 items

Fix ID: 4095030

Symptoms: The application list window only shows 5000 entries, and you want a way to see the entries that do not display.

Solution:  Added an application name search box to create a filter.


ccSvcHst does not stop with smc -stop

Fix ID: 4095756

Symptoms: The command smc -stop does not stop ccSvcHst as expected.

Solution:  Fixed a deadlock that caused this condition.


With SEP client installed, Linux server hangs when triggering applications that freeze filesystems

Fix ID: 4112446

Symptoms: A Linux server with the Symantec Endpoint Protection client for Linux installed stops responding when you trigger fsfreeze or ioctl(FIFREEZE).

Solution:  Addressed a system hang condition between Auto-Protect and applications that freeze filesystems.


SEPM deletes .zip files to import

Fix ID: 4113265

Symptoms: When you select a .zip file to import into Symantec Endpoint Protection Manager 14 MP2, it is instead deleted. It should be left alone.

Solution:  Updated to not automatically delete valid or invalid .zip files.


SEPM upgrade hangs at 48%

Fix ID: 4114673

Symptoms: During an upgrade of Symantec Endpoint Protection Manager from 12.1.6 MP6 to 14 MP2, it hangs at 48% due to a deadlock when cleaning obsolete security contents.

Solution:  Use the contentCleanupTool to delete security contents from the database before attempting the upgrade again.


Unchecking option to include subfolders does not work properly for SEP Linux for excluding "/" folder in Exceptions policy

Fix ID: 4120100

Symptoms: When you exclude the root folder (“/”) and uncheck Include subfolders, Symantec Endpoint Protection client for Linux incorrectly excludes all content under /.

Solution:  Updated to exclude only the files directly under /, and not exclude the subfolders under /.


GUPs are included in globallist.xml for replicated sites after disabling them

Fix ID: 4125306

Symptoms: The file globallist.xml on replication partner sites continue to reference IP/Port combinations for client computers that are no longer active GUPs.

Solution:  Updated so that globallist.xml now correctly removes stale GUP entries on replication partner sites as well as on the site that manages the relevant client.


Client Install Settings dialogue disappears on the Web Console when switching to Mac settings

Fix ID: 4136821


Symptoms: When you log on to Symantec Endpoint Protection Manager with the Web Console, the Client Install Settings dialogue disappears when you switch to Mac platform settings.

Solution:  Updated the Creamtec build to solve this issue.


SEPM authentication happens three times with Active Directory

Fix ID: 4137088

Symptoms: When logging in to Symantec Endpoint Protection Manager with an administrator that authenticates against Active Directory, the authentication happens three times, instead of just once.

Solution:  Changed design to avoid duplicate logins.


Unable to add AutoUpgrade package after a domain import

Fix ID: 4137939

Symptoms: When you attempt to add AutoUpgrade packages to groups, the following error appears: “The replicated software package cannot be found in the cache.”

Solution:  Correct the logon parameter so that the AutoUpgrade installation can succeed.


SEP client for Linux fails to install Auto-Protect modules for RHEL 7.4

Fix ID: 4139305

Symptoms: Symantec Endpoint Protection client for Linux installer fails when installing Auto-Protect kernel modules on RHEL 7.4.

Solution: Added precompiled kernel modules for RHEL 7.4, so that Symantec Endpoint Protection client for Linux can install without the need for auto-compile.


Log count mismatch occurs in exported .csv file

Fix ID: 4139406

Symptoms: A log count mismatch occurs in an exported .csv file if the domain column is not yet populated with the domain from the client.

Solution: Made the queries consistent between view logs and export.


Dark Network client displays as Standard client in SEPM console

Fix ID: 4139709

Symptoms: In Symantec Endpoint Protection Manager > Clients > Clients, Dark Network clients display as a standard client in the Protection technology client view.

Solution: Corrected the query for fetching of install types.


SEPM 14.0.1 Web Console has unexpected cursor movements

Fix ID: 4141462

Symptoms: The cursor jumps randomly while navigating the client group structure in Symantec Endpoint Protection Manager viewed through the Web Console.

Solution: Updated the AjaxSwing component.


Event ID 34054 shows up on a client without the SONAR feature installed: "SONAR has been enabled"

Fix ID: 4142238

Symptoms: A message in the Symantec Endpoint Protection client logs states that SONAR has been enabled, even though the SONAR component is not installed.

Solution: Updated so that the client no longer logs that SONAR is enabled when SONAR is uninstalled.


Daily and Weekly reports have inconsistent start times

Fix ID: 4143485

Symptoms: The scheduled Daily and Weekly reports do not generate until a few minutes after the configured start time.

Solution: Updated configuration to use the configured report start time as the next start time forthe first run.


SEP service options are configurable after changing SEP features

Fix ID: 4145430

Symptoms: After changing the installation features by modifying the installation through Control Panel, the options on the Symantec Endpoint Protection service can be modified when they previously could not be.

Solution: ACL removal no longer occurs on Modify or Repair setup actions.


REST API documentation change for Administrator privileges

Fix ID: 4147523, 4129227

Symptoms: The REST API documentation does not mention that System Administrator privileges are required.

Solution: Updated the REST API documentation to advise that System Administrator privileges are required to use REST APIs.


CleanWipe tool included with SEP 14.0.1 deletes a third-party application file

Fix ID: 4148344

Symptoms: CleanWipe removes a third-party service for CAF, CAFServiceMain.exe, because it appears to belong to Symantec Endpoint Protection.

Solution: Added executable name verification. The CAF service binary must be named CAFServiceMain.exe to be removed.


SEPM shows incorrect scan status

Fix ID: 4148895

Symptoms: If you do two or more scan updates for the same scan, Symantec Endpoint Protection Manager incorrectly displays scan status after processing the scan events.

Solution: Updated so that it processes the scan events in a sequential order.


Entries for display of the command status cannot be customized

Fix ID: 4150256

Symptoms: You are unable to customize the entries for the command status table.

Solution: Added correct html tag to close table element. This action fixes issues with misalignment and with the limit not getting saved.


Cannot input SEPM drive letter in HI policy

Fix ID: 4150318

Symptoms: You are unable to enter a file path into the Host Integrity policy if the file path contains the DVD drive letter on Symantec Endpoint Protection Manager.

Solution: Added a dialog to allow you to proceed if the input drive is a DVD drive.


Duplicate Exceptions policies listed in Monitors > Logs > Add Risk to Exception policy

Fix ID: 4152056

Symptoms: When you view logs under Monitors > Logs, duplicated Exceptions policy names appear when you select Add Risk to Exception policy.

Solution: Added a process to clean up non-applied, non-shared policies.


Use of the wildcard * (asterisk) in hostname entry for GUP configuration results in error "invalid host name"

Fix ID: 4152813

Symptoms: When you define a single GUP with a * character, you get the following message: “You entered an invalid host name or IP Address. A host name must be 255 alphabetical characters or less.”

Solution: Corrected the validation of * wildcard entry to ensure you can use this for GUP configuration.


Buttons are missing on Web Console

Fix ID: 4158599

Symptoms: In the Web Console, the buttons OK, Cancel, and Help are missing.

Solution: Made changes to render the buttons for AjaxSwing.


Group and Location use count do not sort correctly for IPS policies

Fix ID: 4168539

Symptoms: The IPS policies do not sort properly if sorted by Group or Location Use Count.

Solution: Fixed the sorting of Group and Location Use Count column in IPS policy.


Upgrade Clients with Package wizard has unclear UI

Fix ID: 3945325

Symptoms: The Upgrade Clients with Package wizard process dialogs and process is not user friendly.

Solution: Modified text to ensure that the UI is clear and understandable.


SEPM Policy REST API returns "Rate limit exceeded"

Fix ID: 4119101

Symptoms: When you use the REST API command /sepm/api/v1/policy, the misleading error message “Rate limit exceeded” generates to indicate an over-rate limit situation.

Solution: Corrected message to indicate that the cloud enrollment has exceeded its limits.


SEPM Firewall policy column size for Log doesn't increase as you select more items

Fix ID: 4058075

Symptoms: In Symantec Endpoint Protection Manager, the column size for Log in the firewall policy’s rules grid does not increase as you select more items. This behavior makes selections invisible.

Solution: Fixed the UI logic for the policy interface.


Unclear Firewall functions

Fix ID: 4058075

Symptoms: The function of the Symantec Endpoint Protection firewall may be confusing to some, particularly regarding the Windows firewall.

Solution: Explained in more detail in the firewall dialog about how the Symantec Endpoint Protection firewall and Windows firewall work.


ADC policy truncates log data

Fix ID: 4131794

Symptoms: An Application and Device Control log is missing data or truncates items that are expected to be there.

Solution: Change Application Control log codes to only treat "*" as a special character if that description string came from internal codes.


Differences in Action List and Action Distribution detection numbers in multi-SEPM environment

Fix ID: 4134916

Symptoms: With a load-balanced Symantec Endpoint Protection Manager, the numbers that display under the Action List and Action Distribution are different.

Solution: Fixed the server ID used in generating the report to ensure the corresponding numbers match.


SEPM does not process RSA SecurID sdconf.rec file

Fix ID: 4072413

Symptoms: An error message appears when you log on the Web Console to import the RSA configuration file sdconf.rec with the wizard.

Solution: Add logic to detect the Web Console, so that it gets the right file path when you use the Web Console versus the Java Console.


Typo appears while logged in as Limited Admin

Fix ID: 4085938

Symptoms: In the Client Install Settings pane, you see a spelling error, “Client Insatall Settings,” when you log on as a Limited Administrator.

Solution: Changed “Insatall” to “Install.”


Automatic update of the File Fingerprint List does not work over UNC path

Fix ID: 4089035

Symptoms: Symantec Endpoint Protection Manager cannot download the File Fingerprint update from the specified UNC path

Solution: Updated the UNC path interpretation for special characters.


Custom Applications appear to be disabled by license policy in clients not enrolled to cloud portal

Fix ID: 4098963

Symptoms: Symantec Endpoint Protection logs the following warning message in the System log: “Memory Exploit Mitigation Custom Applications disabled by license policy.” This message appears for clients of a Symantec Endpoint Protection Manager that is not currently enrolled to the cloud portal. It also appears for unmanaged clients.

Solution: Changed the message to, “This device is not licensed for Memory Exploit Mitigation Custom Applications.”


Quarantine items that are restored do not get purged.

Fix ID: 4102033

Symptoms: Restored Quarantine items are left behind and never get purged.

Solution: Added logic to purge restored Quarantine items with the same purge policy configuration as Backup items.


SEPM Limited Administrators can modify their rights

Fix ID: 4136228

Symptoms: Limited Administrators can remove their right to run commands, which should not be allowed. They can adjust this setting even if the option is locked or grayed-out in Symantec Endpoint Protection Manager.

Solution: Corrected UI control to only allow the correct functions for Limited Administrators.


SEP for Mac LiveUpdate prompts for proxy authentication if proxy or LiveUpdate address is unreachable

Fix ID: 4137958

Symptoms: LiveUpdate on the Symantec Endpoint Protection client for Mac prompts for proxy authentication if the proxy or the LiveUpdate address is unreachable. This behavior incorrectly suggests that LiveUpdate does not recognize the anonymity of an anonymous proxy.

Solution: Corrected the prompt so that it shows only if the server is reachable. No prompt appears otherwise.


MEM monitors / log reporting is not consistent

Fix ID: 4146857

Symptoms: The exported Memory Exploit Mitigation logs display an inconsistent total count and records.

Solution: Fixed the included EVENT IDs in the total count query and the export query for Memory Exploit Mitigation logs.


Status of SEPM replication partner indicates it cannot connect, despite replication working fine

Fix ID: 4168699

Symptoms: The status of the Symantec Endpoint Protection Manager replication partner indicates it cannot connect. However, replication works without issue.

Solution: Added filter to remove any invalid ReplicationState statuses before displaying, if replication ultimately succeeds.


SEPM sends more than 1024 Bytes to the Syslog server

Fix ID: 4037446

Symptoms: You notice that the Symantec Endpoint Protection Manager sends more than 1024 Bytes of data to the Syslog server.

Solution: Added an option to limit the maximum length of Syslog data to 1024 Bytes.


Japanese SEPM hangs while setting a block in a firewall rule 

Fix ID: 4172271

Symptoms: You log on to the Japanese-language Symantec Endpoint Protection Manager. When you try to select Block in a firewall rule, the console hangs on the firewall rule screen. The error logs indicate a null pointer exception.

Solution: Updated the code so that this issue no longer occurs.


External logs display the incorrect URL Tracking Status

Fix ID: 4162328

Symptoms: When you view external logging, you notice that the URL Tracking Status reads as Off when it should be On.

Solution: Corrected the URL Tracking Status when using external logging.


With the Outlook AutoProtect plug-in installed, the setting to disable LaunchSMCGui is not honored

Fix ID: 4156430

Symptoms: If the Outlook AutoProtect plug-in is installed, user instances of ccSvcHst appear, even though LaunchSMCGui is disabled.

Solution: Updated the Outlook AutoProtect plug-in to honor the LaunchSMCGui setting.


Exported log column displays a number instead of a description

Fix ID: 4161759

Symptoms: When you export the Network and Host Mitigation log, you notice that the Event Type column displays "249" instead of "Browser Protection."

Solution: Added the Browser Protection event description in the Network and Host Mitigation log export.


Unable to delete an unused host group

Fix ID: 4156291

Symptoms: You cannot delete a host group, despite it not being used in any policy.

Solution: Updated code to remove references to the host group once the policy no longer uses it.


Additional fix for 14.2.760.0000

Non-shared policies are removed after an upgrade to 14.2

Fix ID: 4186631

Symptoms: After you upgrade to version 14.2, you notice that your non-shared policies are missing.

Solution: Updated the logic that is used while processing policies.


Additional fixes for 14.2.770.0000

ccSvcHst.exe crashes when VLANs are enabled after an upgrade to 14.2

Fix ID: 4188770

Symptoms: After you upgrade to version 14.2, the service ccSvcHst.exe crashes if VLANs are enabled and your location awareness policy contains DNS lookup conditions.

Solution: Updated the logic that is used while processing policies.


Replication fails after an upgrade to 14.2

Fix ID: 4189043

Symptoms: After you upgrade to version 14.2, replication fails.

Solution: Updated the upgrade routine.


Location Awareness using a subnet condition does not work after an upgrade to 14.2

Fix ID: 4189031

Symptoms: After you upgrade to version 14.2, Location Awareness that uses a subnet condition no longer works.

Solution: Updated the conversion for proper subnet construction.


Component versions

The build number for this release is 14.2.770.0000.
Note: Valid versions 14.2.758.0000 and 14.2.760.0000 were available for a short while with the same component versions. They were replaced by 14.2.770.0000.

Red text indicates components that have updated for this release.


DLL File

DLL Version

SYS File

SYS Version






Seq#= 20170926.001


BASH Framework









Seq#= 20180605.500


CIDS Framework




CP3 version.txt N/A -
CX cx_lib.dll 3.6 N/A -

























DuLuxCallback duluxcallback.dll N/A -







LUX Lux.dll    









SDS Engine


Seq#= 20180609.002










Seq#= 20180519.006



























Symulator version.txt N/A -
TCSAPI version.txt N/A -
Titanium titanium.dll N/A -