New fixes and component versions in Symantec Endpoint Protection 14.2 MP1

book

Article ID: 150929

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.2 MP1. This information supplements the information found in the Release Notes.


New fixes

Firewall does not recognize traffic by application name

Fix ID: 4114008

Symptoms: The Endpoint Protection firewall sometimes does not allow traffic based on the application name.

Solution: Updated the drivers to let this traffic correctly pass through the firewall.

 

API command returns inaccurate computer data for clients in user mode

Fix ID: 4185073

Symptoms: The GetComputers API command unexpectedly lets you put different users on the same physical computer into different groups, which then apply different policies in Symantec Endpoint Protection Manager.

Solution: Fixed the stored procedure used for this API command so that it checks the user name and domain name in the query.

 

ccSVCHst.exe causes high CPU usage only on managed SEP clients

Fix ID: 4192850

Symptoms: ccSvcHst.exe causes high CPU usage on managed Symantec Endpoint Protection clients. If unmanaged, ccSvcHst.exe CPU usage is normal.

Solution: Fixed an issue with duplicate entries in LiveUpdate Content policy during Replication.

 

Clients are showing as offline in SEPM after upgrading to SEP 14.2

Fix ID: 4200738

Symptoms: Clients that have upgraded to Symantec Endpoint Protection 14.2 do not appear correctly in Symantec Endpoint Protection Manager.

Solution: Fixed the issue to correctly show the status of clients.

 

Cannot delete Citrix roaming profiles after upgrading to SEP 14 MP2

Fix ID: 4099309

Symptoms: After you upgrade the Symantec Endpoint Protection client to version 14 MP2, you cannot delete Citrix roaming profiles.

Solution: Fixed the code to prevent the locking of Windows Error Reporting folders so that roaming profiles can be deleted.

 

ATP does not send MD5 hashes to SEPM replication partners

Fix ID: 4181187

Symptoms: Advanced Threat Protection does not send blacklisted MD5 hashes to all Symantec Endpoint Protection Manager replication partners if Replication is enabled between all SEPMs is checked.

Solution: Added a new REST API to correctly send MD5 hashes to all replication partners.

 

symev process causes a kernel panic when installing SEP for Linux

Fix ID: 4189922

Symptoms: The symev process causes a kernel panic when installing a Symantec Endpoint Protection client for Linux.

Solution: Updated the Auto-Protect startup script to not load pre-built AP kernel modules if the kernel module was previously manually compiled.

 

SEP for Linux fails to auto-compile on Amazon Linux AMI 2018.03 virtual machines

Fix ID: 4193589

Symptoms: Auto-Protect module fails to auto-compile if running a Symantec Endpoint Protection client for Linux on Amazon Linux AMI kernel versions 4.9.81 and 14.4.

Solution: Added support for the kernel versions 4.9 and 14.4.

 

SEP 14.2 client cannot communicate with SEPM if client hostname contains DBCS

Fix ID: 4193683

Symptoms: If a Symantec Endpoint Protection 14.2 client machine's hostname contains DBCS, SEPM 14.2 rejects clients with HTTP error 412.

Solution: Fixed to allow DBCS as a hostname.

 

ccSvcHst.exe causes high memory usage

Fix ID: 4130691

Symptoms: ccSvcHst.exe causes high memory usage in Symantec Endpoint Protection.

Solution: Added Memory Fragmentation Monitor to actively monitor and resolve memory fragmentation within ccSvcHst.exe. For details, see the solution noted at the following page: Endpoint Protection client fails to update content until SEP service is restarted

 

Move Clients script does not work with 14.2 clients

Fix ID: 4148864

Symptoms: The Move Clients script does not move 14.2 clients based on the IP address or subnet.

Solution: Updated the script to work as expected.

 

SQL Server causes high CPU usage after migrating to SEP 14

Fix ID: 4157709, 4189823

Symptoms: SQL Server causes high CPU usage due to a buildup of a .bak file with Application Learning.

Solution: Fixed performance issues with Application Learning. Added a configurable record-keeping period and a periodic cleanup routine for Application Learning.

 

Upgrading a client to SEP 14 RU1 causes VMware server to hang

Fix ID: 4170028

Symptoms: After upgrading a Symantec Endpoint Protection client to 14 RU1 on a VMware server, the server hangs.

Solution: Fixed this issue so the VMware server does not hang.

 

Specific folders are world-writable in SEP 14 for Mac

Fix ID: 4171654

Symptoms: Some folders in the Symantec Endpoint Protection 14 client for Mac are world-writable.

Solution: Correctly set the folder permissions from 777 to 755.

 

Custom-made applications are denied access to the Crashdumps folder

Fix ID: 4174101

Symptoms: Custom-made applications cannot access the Crashdumps folder.

Solution: Fixed the permissions to allow access to the folder.

 

Application Control does not detect a USB storage device correctly if the device is in UAS mode

Fix ID: 4184583

Symptoms: A USB storage device in USB Attached SCSI (UAS) mode is not correctly recognized when Removable Device is checked in the Application Control policy.

Solution: Fixed code to correctly identify bus types.

 

SEPM REST API does not allow you to add file extensions to Exceptions policy

Fix ID: 4184584

Symptoms: Symantec Endpoint Protection Manager’s REST API does not let you add file extensions to the Exceptions policy.

Solution: Updated the REST API to let you add file extensions.

 

SEPFL fails to build on Ubuntu 16.04 with kernel 4.13.0-41-generic

Fix ID: 4184986

Symptoms: If you install Symantec Endpoint Protection client for Linux on an Ubuntu system that runs kernel 4.13.0-41-generic, the Auto-Protect kernel module fails to auto-compile or to manually compile.

Solution: Fixed the source code to correctly compile the Auto-Protect kernel modules.

 

ATP fails to refresh tokens with SEPM

Fix ID: 4185096

Symptoms: The access tokens are deleted whenever an admin object updates.

Solution: Fixed a bug that caused the access tokens to be incorrectly deleted.

 

SEPM database generates deadlocked entries

Fix ID: 4185949

Symptoms: Symantec Endpoint Protection Manager updates entries randomly with two modes: batch and bulk. Batch mode causes entries to become deadlocked.

Solution: Added a lock mechanism in batch mode to prevent the deadlocks.

 

Different technology scans show different risk names for the same application, but SONAR logs only display the first risk name

Fix ID: 4185951

Symptoms: When an application is scanned with different technology scans, SONAR logs only display the name of the first risk name scanned.

Solution: Risk names will now be displayed based on the scan technology.

 

SEP client does not switch to a location with the “All of the IP addresses” condition

Fix ID: 4189059

Symptoms: The Symantec Endpoint Protection client does not switch to a location when the “All of the IP addresses” condition is used.

Solution: Fixed the network change behavior to follow the correct conditions.

 

Clients trigger false network change events after upgrading to SEP 14.2

Fix ID: 4202807

Symptoms: Clients that have upgraded to version 14.2 are triggering false network change events in Symantec Endpoint Protection Manager due to an issue with Auto Location Awareness.

Solution: Fixed the network change behavior to follow the correct conditions.

 

Upgrading clients to SEP 14.2 breaks communication with SEPM when using internal certificates

Fix ID: 4190710

Symptoms: Clients that have upgraded to Symantec Endpoint Protection 14.2 fail to communicate with a Symantec Endpoint Protection Manager if they use internal certificates.

Solution: Fixed the certificate validation issues that caused these failure cases.

 

Client does not prompt for a password as expected with smc -stop command

Fix ID: 4190820

Symptoms: When the password protection feature is enabled in Symantec Endpoint Protection 14 RU1 MP2 and LaunchSMCGUI is set to 0, there is no prompt to enter a password when using the smc -stop command. If you set LaunchSMCGUI to 0, the notification area icon does not appear.

Solution: Corrected an issue to display the password prompt in this situation.

 

SMSMSE 7.9 does not update virus definitions automatically after installing or upgrading to SEP 14.2

Fix ID: 4190874

Symptoms: Symantec Mail Security for Microsoft Exchange does not automatically update virus definitions if installed on a system with Symantec Endpoint Protection 14.2. Tamper Protection blocks the update of registry keys InstalledApps and SharedDefs.

Solution: Fixed Tamper Protection to not block both registry keys.

 

Clicking the Logoff button on a Citrix SSL VPN client causes a BSOD

Fix ID: 4191513

Symptoms: Clicking the Logoff button on a Citrix SSL VPN client with the NetScaler v12.0-57.24 Gateway Plug-in causes a BSOD.

Solution: Updated the Teefer driver so that this issue no longer occurs.

 

Upgrading SEPM to SEPM 14.2 causes the Daily and Weekly risk reports to not display properly

Fix ID: 4194070

Symptoms: After upgrading the Symantec Endpoint Protection Manager to 14.2, the Daily and Weekly risk reports do not display any computer details when you select the arrow for more details in the Virus Definition Distribution section.

Solution: Added a missing reference in SEPM for the risk reports.

 

SEP 14.2 for Mac does not display the correct source and destination port information when blocking port scan behavior

Fix ID: 4194093

Symptoms: Symantec Endpoint Protection 14.2 client for Mac shows source and destination ports as 0 in the firewall logs after blocking for port scan behavior instead of showing the correct information.

Solution: Corrected port information after the block rule is set.

 

Windows 2008 R2 Server Enterprise hangs periodically after installing SEP 14 RU1 MP1

Fix ID: 4195080

Symptoms: Installing Symantec Endpoint Protection 14 RU1 MP1 on Windows 2008 R2 Server Enterprise causes the server to hang periodically.

Solution: Updated the code so that this issue no longer occurs.

 

Policies do not update on SEP 14.2 for Mac after removing the Integrations policy

Fix ID: 4199443

Symptoms: When you change one of your policies on a Symantec Endpoint Protection 14.2 client for Mac, the policy does not update if the Integrations policy was removed.

Solution: Fixed the proper return values so that policies correctly update.

 

After installing SEP 14.2 for Mac, SymDaemon crashes regularly

Fix ID: 4201440

Symptoms: SymDaemon causes the Symantec Endpoint Protection 14.2 for Mac client to crash.

Solution: Improved the checks used during installation.

 

SEPM does not show latest virus definitions for clients

Fix ID: 4203154

Symptoms: Clients do not send OpState information to the Symantec Endpoint Protection Manager, which causes the latest virus definitions to not show.

Solution: Fixed this issue so clients correctly send information on regular heartbeat intervals.

 

SEP crashes due to a file description

Fix ID: 4203341

Symptoms: Certain file descriptions cause Symantec Endpoint Protection to crash.

Solution: Fixed parsing issues for certain file descriptions.

 

SEP incorrectly detects and prompts network application changes

Fix ID: 4203569

Symptoms: When you disable Enable Network Application Monitoring, prompts still appear when Symantec Endpoint Protection detects any changes.

Solution: Fixed this issue so that prompts do not appear when network application monitoring is disabled.

 

Windows Server 2016 hangs periodically after installing SEP 14 RU1 MP1

Fix ID: 4184581

Symptoms: Installing Symantec Endpoint Protection 14 RU1 MP1 on Windows Server 2016 causes the server to hang periodically.

Solution: Updated the driver so that this issue no longer occurs.

 

Cannot delete applications on remote shares if Application Hardening is installed 

Fix ID: 4169444

Symptoms: You cannot delete applications from remote shares with the Symantec Endpoint Protection 14 RU1 MP1 client installed if Application Hardening is also installed.

Solution: Fixed the Application Hardening feature in Data Center Security to allow applications to be deleted.

 

SEP 14.2 for Mac does not distinguish between AM and PM time in a scheduled scan when the system language is set to Japanese

Fix ID: 4194472

Symptoms: Running a daily or weekly scheduled scan when the system language is set to Japanese on a Symantec Endpoint Protection 14.2 client for Mac causes the scan to ignore the AM and PM settings.

Solution: Fixed this issue so that the daily and weekly scheduled scan now differentiates between the AM and PM settings.

 

Quarantine menu descriptions in SEP for Mac do not display properly when the system language is set to Simplified Chinese

Fix ID: 4194978

Symptoms: Quarantine menu descriptions display incorrect characters when the system language is set to Simplified Chinese in a Symantec Endpoint Protection client for Mac.

Solution: Fixed the Quarantine menu descriptions to display the correct characters.

 

SEP 14.2 for Mac does not send scan logs to SEPM 

Fix ID: 4199447

Symptoms: Converting an unmanaged Symantec Endpoint Protection 14.2 for Mac to a managed client with SylinkDrop causes scan logs to not send correctly to Symantec Endpoint Protection Manager.

Solution: Fixed this issue to set the correct values when converting to a managed client.

 

Component versions

The build number for this release is 14.2.1031.0100 (or earlier equivalents 14.2.1023.0100 and 14.2.1015.0100 (PBA 40)).

Red text indicates components that have updated for this release.

Component

DLL File

DLL Version

SYS File

SYS Version

AutoProtect

srtsp64.dll

15.0.40.15

srtsp64.sys

15.0.40.14

BASH Defs

BHEngine.dll

Seq#= 20180212.001

11.4.0.29

BHDrvx64.sys

11.4.0.29

BASH Framework

BHClient.dll

10.4.1.12

N/A

-

CC

ccLib.dll

13.4.0.20

ccSetx64.sys

13.3.0.24

CIDS Defs

IDSxpx86.dll

Seq#= 20180802.540

16.2.1.22

IDSviA64.sys

16.2.1.22

CIDS Framework

IDSAux.dll

15.2.5.29

N/A

-

CP3 version.txt 2.5.0.174 N/A -
CX cx_lib.dll 3.0.3.25 N/A -

ConMan

version.txt

2.1.6.2

N/A

-

D2D

version.txt

1.2.1.5

N/A

-

D2D_Latest

version.txt

1.5.0.50

N/A

-

DecABI

dec_abi.dll

2.3.5.10

N/A

-

DefUtils

DefUtDCD.dll

4.16.8.24

N/A

-

DuLuCallback

DuLuCbk.dll

1.8.1.17

N/A

-

DuLuxCallback duluxcallback.dll 2.11.1.11 N/A -

ERASER

cceraser.dll

117.3.1.6

eraser64.sys

117.3.1.6

IRON

Iron.dll

7.0.6.7

Ironx64.sys

7.0.6.3

LUX Lux.dll 2.10.1.13    

LiveUpdate

LUEng.dll

2.6.1.11

N/A

-

MicroDefs

patch25d.dll

5.1.3.11

N/A

-

SDS Engine

sds_engine_x86.dll

Seq#= 20180829.022

1.7.0.382

N/A

-

SIS

SIS.dll

91.12.4400.5000

N/A

-

STIC Defs

stic.dll

Seq#= 20180829.007

1.5.1.287

N/A

-

SymDS

DSCli.dll

6.2.0.17

N/A

-

SymEFA

EFACli64.dll

6.3.3.12

SymEFASI64.sys

6.3.3.11

SymELAM

ELAMCli.dll

2.0.1.95

SymELAM.sys

2.0.1.85

SymEvent

Sevntx64.exe

14.0.6.30

SymEvent.sys

14.0.6.27

SymNetDrv

SNDSvc.dll

15.2.2.31

symnets.sys

15.2.2.31

SymScan

ccScanW.dll

14.2.2.19

N/A

-

SymVT

version.txt

9.2.3.6

N/A

-

Symulator version.txt 1.6.0.128 N/A -
TCSAPI version.txt 1.6.0.25 N/A -
Titanium titanium.dll 2.4.1.12 N/A -

WLU(SEPM)

LuComServerRes.dll

3.3.202.6

N/A

-