New fixes and component versions in Symantec Endpoint Protection 14.2 RU1 MP1
Article ID: 151121
Updated On:
Products
Issue/Introduction
Resolution
This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.2 RU1 MP1 (14.2.1.1). This information supplements the information found in the Release Notes.
Download the full release through MySymantec. For details, see Download the latest version of Endpoint Protection.
You can also download client-only patches through Symantec Endpoint Protection 14.2 RU1 MP1 client-only patches.
New fixes
SQL Server experiences performance issues after an upgrade to 14.2 MP1
Fix ID: ESCRT-900
Symptoms: After you upgrade from Symantec Endpoint Protection 12.1.7454.7000 (schema version 12.1.6.11) to 14.2.1023.0100 (schema version 14.2.0.2), you see excessive CPU utilization on the SQL Server when Application Learning is enabled.
Solution: Added type conversion to the SQL statement to prevent this performance issue.
Non-uniqueness of 4-digit policy numbers causes issues with Splunk
Fix ID: ESCRT-855
Symptoms: Because some of the policy numbers received from Symantec Endpoint Protection Manager by Splunk begin with the same four digits, Splunk shows the clients in the wrong groups.
Solution: Added the client group name to external system-client logging to allow Splunk to operate properly.
Clients do not switch locations when using DNS Lookup criteria with Location Awareness
Fix ID: ESCRT-1710, ESCRT-1773, ESCRT-1801
Symptoms: Location Switching may intermittently fail when it relies on DNS Lookup as a criteria within Location Awareness.
Solution: Improvements made to Location Awareness functionality so that it now properly results in a location switch when DNS Lookup is used as the criteria.
SEP 14.2 RU1 client HI check fails on reboot
Fix ID: ESCRT-1581
Symptoms: When using a Symantec Endpoint Protection Host Integrity policy, the Host Integrity check fails when a version 14.2 RU1 client is rebooted.
Solution: Updated the code to discard any old status requests if a new status request was already received. This update ensures that the right status is returned for a Host Integrity check.
System Lockdown Whitelisting stops working after an upgrade to 14.2 RU1
Fix ID: ESCRT-1446
Symptoms: After an upgrade to version 14.2 RU1, system lockdown no longer blocks items that are not in the file fingerprint lists. Blacklist mode works as expected. Only Whitelist mode is affected.
Solution: Corrected an invalid buffer location, which allows the right policy to be used.
SEP clients stop communicating with SEPM until smc.exe restarts
Fix ID: ESCRT-842, ESCRT-718
Symptoms: Symantec Endpoint Protection clients stop communicating and no longer send status to Symantec Endpoint Protection Manager. If the Symantec Endpoint Protection service restarts, then the clients communicate again.
Solution: Fixed an issue where the client was prevented from communicating due to an OpState message to Symantec Endpoint Protection Manager.
Duplicate header in external Syslog output causes problems with syslog filters
Fix ID: ESCRT-805
Symptoms: External logging output for the System Client-Server Activity Log contains duplicate column headers for Domain Name. This duplication causes problems with filtering the data.
Solution: Fixed the column header for the System Client-Server Activity Log.
Unable to search client by computer name from SEPM
Fix ID: ESCRT-686
Symptoms: A search by computer name in Symantec Endpoint Protection Manager fails. An index hint forces the query to use a specific index, which causes a performance issue.
Solution: Optimized and fixed the query used when searching for a client.
SEP clients stop communicating with SEPM after an upgrade and LiveUpdate runs, until smc.exe restarts
Fix ID: ESCRT-672
Symptoms: Symantec Endpoint Protection clients stop communicating with Symantec Endpoint Protection Manager after an upgrade and after LiveUpdate runs. If the service smc.exe restarts, then clients communicate again.
Solution: Fixed an issue where the client was prevented from communicating due to a LiveUpdate check.
SEP client policy serial number incorrect on SEPM
Fix ID: ESCRT-649
Symptoms: Symantec Endpoint Protection clients have a different policy serial number than Symantec Endpoint Protection Manager, which appears to have an old policy.
Solution: Addressed the User Interface issue to properly reflect the correct policy serial number.
Upgrade to SEPM 14.2 MP1 fails during schema update
Fix ID: ESCRT-542
Symptoms: The Symantec Endpoint Protection Manager upgrade fails during the schema update.
Solution: Fixed the upgrade routine when adding IPv6 range hosts to the firewall rule in the schema.
SEP client cannot upload user information to SEPM on a Japanese OS
Fix ID: ESCRT-338
Symptoms: On a Japanese OS, the user info for the Symantec Endpoint Protection clients never upload to Symantec Endpoint Protection Manager.
Solution: Fixed DBCS and special characters that caused parsing issues in XML.
Computer properties are blank with DBCS characters in the field
Fix ID: ESCRT-522
Symptoms: After an upgrade of Symantec Endpoint Protection Manager to 14.2, any computer description field with double-byte (DBCS) characters becomes blank.
Solution: Fixed DBCS and special character parsing issues in XML.
Discrepancies when exporting agt_risk.tmp and agt_security.tmp files in SEPM
Fix ID: ESCRT-8
Symptoms: When using External Logging to dump client logs to a .dmp file from the Symantec Endpoint Protection Manager and it includes agt_risk and agt_security files, several inconsistencies may appear.
Solution: Added missing values to ensure consistency in the exported logs.
SEP client cannot connect to internet
Fix ID: ESCRT-286
Symptoms: When manually enabling Website Traffic Redirection (WTR) through the Client User Interface, Symantec Endpoint Protection clients are unable connect to the internet. LAN settings in Internet Explorer, under Tools > Internet options become locked.
Solution: Implemented a change so that Website Traffic Redirection (WTR) can only enabled on a managed client via a Symantec Endpoint Protection Manager policy.
GUP-related DBCS string is corrupted in system log of SEP client
Fix ID: ESCRT-250
Symptoms: The client’s system log shows corrupted characters for Group Updated Provider entries that use double-byte (DBCS) characters.
Solution: Remove an extra encode function for Group Update Provider-related strings.
Failover to a SEPM in a Priority 2 list is not randomized
Fix ID: ESCRT-1371
Symptoms: If both Symantec Endpoint Protection Managers in the Priority 1 list are disabled or unavailable, clients do not randomly pick a Symantec Endpoint Protection Manager from the Priority 2 list. Instead, they always failover to the first Symantec Endpoint Protection Manager in the Priority 2 list.
Solution: Corrected this load-balancing issue so that failover from one priority block to the next priority block is random.
LiveUpdate fails on the SEP client for Linux after an upgrade to 14.2 RU1
Fix ID: ESCRT-1385
Symptoms: After an upgrade to version 14.2 RU1, Linux clients cannot correctly process updates because the group avdefs is not present.
Solution: Corrected the criteria for removing avdefs during the uninstall phase of an upgrade.
SEPM client list shows addresses for disabled or disconnected adapters
Fix ID: ESCRT-1374
Symptoms: In Symantec Endpoint Protection Manager, the column IP Address in the list of clients shows APIPA addresses for disabled or disconnected adapters, instead of showing the last connected IP address or another valid IP address.
Solution: Added a check to the Symantec Endpoint Protection client in order to verify that the adapter is in a working state before adding it to the list.
SEP client for Linux fails to communicate with SEPM when NIC bonding is enabled for 14.2 MP1
Fix ID: ESCRT-988
Symptoms: As of version 14.2 MP1, the Symantec Endpoint Protection client for Linux can no longer communicate with Symantec Endpoint Protection Manager when NIC bonding is enabled.
Solution: Updated code to correctly process virtual NICs.
SEP clients cannot send OpState info to SEPM when it contains DBCS characters
Fix ID: ESCRT-854
Symptoms: The Symantec Endpoint Protection client cannot send OpState data to the Symantec Endpoint Protection Manager, because DBCS characters in the computer description are unable to be parsed.
Solution: Properly encoded the string in the computer description so that it can be parsed, which allows the OpState data to be sent for processing to the Symantec Endpoint Protection Manager.
SEP 14.2 clients do not update from Single GUP on different subnet
Fix ID: ESCRT-545
Symptoms: Symantec Endpoint Protection clients that run version 14.2 do not update from Single Group Update Providers when it is on a different subnet. The Symantec Endpoint Protection client version on the Group Update Provider has no effect on the issue.
Solution: Added code to verify whether the Group Update Provider is enabled before it processes the Group Update Provider List.
Event ID 80 appears in logs after every virus definition update
Fix ID: ESCRT-419
Symptoms: After every virus definition update, you see an Event ID 80 error in the Event Viewer. The error contains the following text: “Symantec Endpoint Protection has failed to load the latest virus definitions.”
Solution: Increased Auto-Protect event provider timeouts to prevent error conditions.
Some dates in some database tables use the incorrect date format
Fix ID: ESCRT-168
Symptoms: The database tables ALERTS and SCANS incorrectly show some dates in the month-day-year (MDY) format, when your environment otherwise uses the day-month-year (DMY) format.
Solution: Updated code so that while reading or writing the date data for these tables, the proper formatting function data types are used.
Infected files with file names that contain UTF-8 characters cannot be scanned on the Symantec Endpoint Protection Linux client
Fix ID: ESCRT-98
Symptoms: When you mount a drive with UTF-8 encoding, if the file name has UTF-8 characters, the Symantec Endpoint Protection Linux client is not able to scan the files.
Solution: Added UTF-8 support to the Symantec Endpoint Protection Linux client.
BSOD with BugCheck D1 occurs with SEP 14.0 RU1 installed
Fix ID: ESCRT-45
Symptoms: Symantec Endpoint Protection 14.0 RU1 may result in a Windows crash with BugCheck D1 on SymNets.sys when the endpoint is under heavy CPU and network load.
Solution: Updated the code so that the SYMNETS.SYS properly handles loopback traffic.
BSOD with Error 0xc0000005 occurs with SEP 14.0 RU1 MP1 installed
Fix ID: ESCRT-10
Symptoms: A race condition in Symantec Endpoint Protection 14.0 RU1 MP1 may result in a Windows crash with Error 0xc0000005 on Sysplant.sys.
Solution: Added mutex support to provide synchronization and re-entrant access, to avoid the potential for a system crash under race conditions.
SEP client repeatedly fails to load SDS definitions initially
Fix ID: ESCRT-814
Symptoms: The Symantec Endpoint Protection client fails to load SDS definitions. Eventually, the client loads these definitions.
Solution: Added a check to ensure the correct definition types load correctly for certain code paths.
Crash in libcurl-wintls.dll and ccSvcHst.exe when FIPSMODE is enabled
Fix ID: ESCRT-1659
Symptoms: In envrionments where FIPSMODE is enabled on a Windows Server 2012 R2 client computer, the Symantec Endpoint Protection client crashes intermittently. Crash reports indicate an issue with libcurl-wintls.dll and ccSvcHst.exe.
Solution: Fixed a null pointer check to prevent the crash.
An upgrade of SEPM to 14.2 RU1 causes unexpected restart requests on non-upgraded clients
Fix ID: ESCRT-1626
Symptoms: When you upgrade Symantec Endpoint Protection Manager to version 14.2 RU1, the connected clients that still run version 14.2-MP1 unexpectedly restart.
Solution: Updated the code so that the feature sets of the 14.2 MP1 AutoUpgrade package are not updated when upgrading Symantec Endpoint Protection Manager to version 14.2 RU1.
SEP for Mac malfunctions after copying a firewall rule from Windows
Fix ID: ESCRT-652
Symptoms: You copied select rules from the Symantec Endpoint Protection Firewall rules for Windows and pasted them into the Mac Firewall rules. When the policy is applied to the client’s group, Symantec Endpoint Protection fails to apply the new policy. Symantec Endpoint Protection becomes disabled and no longer accepts new policies. To restore functionality, you must reinstall the client software.
Solution: Removed the ability to copy and paste firewall rules across different OS platforms.
SEP for Mac shows unsolicited ARP traffic detections on SEPM but not on the clients
Fix ID: ESCRT-799
Symptoms: In Symantec Endpoint Protection Manager, you see frequent ARP detection notifications for Symantec Endpoint Protection clients for Mac with a remote address of 0.0.0.0, and the MAC address is reported as NA. You do not see the detections on the Mac client computers.
Solution: Updated the code to honor the setting for ARP spoofing and for notifications. IPS events now send the correct MAC addresses.
SEP for Mac blocks ARP traffic and does not log it, even when ARP spoofing is disabled
Fix ID: ESCRT-1294
Symptoms: Symantec Endpoint Protection blocks ARP traffic even though the setting for ARP spoofing is unchecked.
Solution: Updated code so that ARP traffic is blocked only if IPS is enabled.
After installing a localized SEP 14.2 RU1 client, it incorrectly appears in the Default group
Fix ID: ESCRT-1517
Symptoms: You install a version 14.2 RU1 client that you exported from Symantec Endpoint Protection Manager. Both client and manager are in the same localized language, such as Traditional Chinese or Japanese. However, instead of appearing as expected in the preferred group that is defined in the installation package, the client appears in the Default group.
Solution: Updated code to correctly parse the preferred group name.
SEP For Mac WTR has Internet connectivity issues, including 502 Bad Gateway responses
Fix ID: ESCRT-1519
Symptoms: You enabled Website Traffic Redirection on your Symantec Endpoint Protection clients on Macs. Afterwards, you see bad_gateway errors displayed on the browser, when you start browsing websites.
Solution: Updated WTR traffic requests to get a direct connection to target URLs instead of bad_gateway errors, to ensure continued browsing access to websites with no interruption.
SEP For Mac prompts for authorization on Mac client computers with WTR enabled
Fix ID: ESCRT-1528
Symptoms: After you enable Website Traffic Redirection, you see frequent authentication prompts from the operating system.
Solution: Added a failover mechanism to prevent these additional prompts.
SEP For Mac location switching does not work with a VPN
Fix ID: ESCRT-1576
Symptoms: When you connect to a VPN from an external network, location switching for Symantec Endpoint Protection does not work as expected.
Solution: Updated the matching logic to switch to a VPN location when connecting to a VPN.
SEP For Mac shows 503 Gateway error or captive portal prompts when using WTR
Fix ID: ESCRT-1308
Symptoms: When you enable Website Traffic Redirection for Symantec Endpoint Protection clients for Mac, you see messages in the browser that the service is not available or bad_gateway errors.
Solution: Added additional validation when restoring network settings.
SEP For Mac shows proxy authentication messages repeatedly throughout the day with WTR enabled
Fix ID: ESCRT-1307
Symptoms: When you enable WSS Traffic Redirection for Symantec Endpoint Protection clients for Mac, proxy errors and authentication dialogs intermittently appear on the Mac client computer.
Solution: Updated the code to prevent these authentication issues.
SEP For Mac blocks some captive portals on the Mac with WTR enabled
Fix ID: ESCRT-1447
Symptoms: When you enable Website Traffic Redirection for Symantec Endpoint Protection clients for Mac, you can no longer connect to one of the captive portals.
Solution: Updated code to allow direct connections when captive portal authentication triggers, so that it is not required to resolve the target URL.
Additional fix for 14.2.4815.1101
Users are unable to access some applications after an upgrade to 14.2 RU1 MP1
Fix ID: ESCRT-2418
Symptoms: After upgrading to version 14.2 RU1 MP1, some users are unable to access applications like MMC.exe, RegEdit.exe, or apply Windows Updates.
Solution: Properly clean up ClDS artifacts the Windows CatRoot directory on install, upgrade, or uninstall.
Component versions
The build number for this release is 14.2.4811.1100.
Red text indicates components that have updated for this release.
|
Component |
DLL File |
DLL Version |
SYS File |
SYS Version |
|---|---|---|---|---|
|
AutoProtect |
srtsp64.dll |
15.7.6.14 |
srtsp64.sys |
15.7.6.12 |
|
BASH Defs |
BHEngine.dll Seq#= 20170926.001 |
11.5.1.29 |
BHDrvx64.sys |
11.5.1.29 |
|
BASH Framework |
BHClient.dll |
10.4.2.24 |
N/A |
- |
|
CC |
ccLib.dll |
13.4.0.26 |
ccSetx64.sys |
13.4.0.26 |
|
CIDS Defs |
IDSxpx86.dll Seq#= 20190524.061 |
17.1.0.222 |
IDSviA64.sys |
17.1.0.222 |
|
CIDS Framework |
IDSAux.dll |
15.2.5.29 |
N/A |
- |
|
CP3 |
version.txt |
2.7.0.139 |
N/A |
- |
|
CX |
cx_lib.dll |
3.0.3.25 |
N/A |
- |
|
ConMan |
version.txt |
2.1.8.5 |
N/A |
- |
|
D2D |
version.txt |
1.2.1.5 |
N/A |
- |
|
D2D_Latest |
version.txt |
1.5.0.51 |
N/A |
- |
|
DecABI |
dec_abi.dll |
2.3.5.10 |
N/A |
- |
|
DefUtils |
DefUtDCD.dll |
5.1.0.31 |
N/A |
- |
|
DuLuCallback |
DuLuCbk.dll |
1.8.1.17 |
N/A |
- |
|
DuLuxCallback |
duluxcallback.dll |
2.15.0.7 |
N/A |
- |
|
ERASER |
cceraser.dll |
118.2.1.9 |
eraser64.sys |
118.2.1.9 |
|
IRON |
Iron.dll |
7.0.7.12 |
Ironx64.sys |
7.0.7.11 |
|
LUX |
Lux.dll |
2.15.0.19 |
||
|
LiveUpdate |
LUEng.dll |
2.6.2.8 |
N/A |
- |
|
MicroDefs |
patch25d.dll |
6.1.1.4 |
N/A |
- |
|
SDS Engine |
sds_engine_x86.dll Seq#= 20190625.006 |
1.9.0.258 |
N/A |
- |
|
SIS |
SIS.dll |
91.12.4400.5000 |
N/A |
- |
|
STIC Defs |
stic.dll Seq#= 20190308.019 |
1.8.0.83 |
N/A |
- |
|
SymDS |
DSCli.dll |
6.2.0.25 |
N/A |
- |
|
SymEFA |
EFACli64.dll |
6.3.3.38 |
SymEFASI64.sys |
6.3.3.35 |
|
SymELAM |
ELAMCli.dll |
2.0.1.145 |
SymELAM.sys |
2.0.1.85 |
|
SymEvent |
Sevntx64.exe |
14.0.6.30 |
SymEvent.sys |
14.0.6.27 |
|
SymNetDrv |
SNDSvc.dll |
15.2.4.3 |
symnets.sys |
15.2.4.3 |
|
SymScan |
ccScanW.dll |
14.2.3.20 |
N/A |
- |
|
SymVT |
version.txt |
10.0.1.4 |
N/A |
- |
|
Symulator |
version.txt |
1.6.0.197 |
N/A |
- |
|
TCSAPI |
version.txt |
1.6.0.25 |
N/A |
- |
|
Titanium |
titanium.dll |
2.4.1.17 |
N/A |
- |
|
WLU (Symantec Endpoint Protection Manager) |
LuComServerRes.dll |
3.3.203.28 |
N/A |
- |
Feedback
