New fixes and component versions in Symantec Endpoint Protection 14.2 RU2
search cancel

New fixes and component versions in Symantec Endpoint Protection 14.2 RU2


Article ID: 151218


Updated On:


Endpoint Protection




This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.2 RU2 ( This information supplements the information found in the Release Notes.

Download the full release through MySymantec. For details, see Download the latest version of Endpoint Protection.

You can also download client-only patches through Symantec Endpoint Protection 14.2 RU2 client-only patches.

New fixes

SES clients automatically upgrade to client versions available on the Latest channel

Fix ID: ESCRT-2338

Symptoms: Symantec Endpoint Security (SEP 15) clients automatically upgrade to the latest available version, despite the Auto-Upgrade setting being disabled.

Solution: Changed null policy behavior so that Auto-Upgrade is disabled by default.

14.2 RU1 MP1 clients are unable to failover from Proxy connection to Direct connection

Fix ID: ESCRT-2323

Symptoms: 14.2 RU1 MP1 clients only attempt to connect to the parameters defined for System Proxy for SEPM communication.

Solution: Direct connection is now attempted prior to using the System Proxy connection.

14.2 RU1 MP1 Mac endpoints are unable to update definitions when a proxy is defined

Fix ID: ESCRT-2319

Symptoms: 14.2 RU1 MP1 Mac endpoints fail to connect to LiveUpdate when a System Proxy is configured.

Solution: Client configuration updated to properly honor the System Proxy configuration.

Client logs do not display the IP address used during the last SEPM connection attempt

Fix ID: ESCRT-2300

Symptoms: Clients page of the SEPM does not display the correct IP address in the Last Connected field.

Solution: Updated SEPM reporting to show the correct Last Connected IP address.

Windows 2019 Terminal Server hangs and no longer services RDP sessions

Fix ID: ESCRT-2277

Symptoms: Terminal Server running Windows Server 2019 hangs intermittently and is no longer able to serve RDP sessions.

Solution: Addressed a deadlock between MountVol and Auto-Protect.

SEPM Database backups fail after upgrading to 14.2 RU1 MP1

Fix ID: ESCRT-2251

Symptoms: SEPM built-in Database Backup utility displays the error “Network connectivity to the database server is not available.” for 14.2 RU1 MP1 with Microsoft SQL databases.

Solution: Updated JDBC implementation support to prevent an unexpected exception.

Windows Security Center displays a red “X” when the Firewall is disabled by policy

Fix ID: ESCRT-2220

Symptoms: When the SEP Firewall is intentionally disabled by policy the Windows Security Center displays a warning.

Solution: Corrected the status sent to Windows Security Center when the Firewall is installed, but in a disabled state via policy.

Automatic Exclusions are not present for Exchange 2013 and Exchange 2016

Fix ID: ESCRT-2143

Symptoms: Exchange 2013 and Exchange 2016 do not have the same exclusions as previous versions of Exchange.

Solution: Added complete Auto-Exclusion support for Exchange 2013 and Exchange 2016.

CentOS 7.5 crashes when installing the 14.2 RU1 Linux client

Fix ID: ESCRT-2118

Symptoms: Installing 14.2 RU1 on CentOS 7.5 with kernel version results in a system crash.

Solution: Updated auto-compile script to build and load the proper Auto-Protect kernel modules.

Deception logs do not display an IP address for Local IP

Fix ID: ESCRT-2114

Symptoms: Local IP field incorrectly shows for the IP address in Deception logs.

Solution: Updated Application Control logging to ignore non-valid IP addresses.

Replication Partner audit events are missing detail in External Logging

Fix ID: ESCRT-2046

Symptoms: After deleting, adding, or editing a replication partner, External Logging does not contain any of the details.

Solution: Added the event type in the event description for replication partner events in External Logging.

ccSvcHst.exe crash observed while machine is experiencing low memory conditions

Fix ID: ESCRT-2016

Symptoms: Intermittent ccSvcHst.exe crash is observed on machines with extremely low memory conditions and high load.

Solution: Modified memory allocation requirements for logging structures.

ccSvcHst.exe crash observed while logging many traffic events

Fix ID: ESCRT-1987

Symptoms: Intermittent ccSvcHst.exe crash observed on machines where many traffic events are logged and process memory exhaustion occurs.

Solution: Modified memory allocation requirements for logging structures.

RESTAPI exception types “Application to Monitor” and “Tamper Protection” are not supported

Fix ID: ESCRT-1973

Symptoms: Attempts to create exception items for “Application to Monitor” and “Tamper Protection” via RESTAPI are unsuccessful.

Solution: Added support for the above exception types when using the RESTAPI.

An error “Symantec Endpoint Protection services are stopped.” is displayed after reinstalling

Fix ID: ESCRT-1971

Symptoms: After a reinstall or upgrade of Symantec Endpoint Protection, if a rollback occurs further installation attempts are met with the error “Symantec Endpoint Protection services are stopped.”.

Solution: If a rollback occurs, the ccSettings key is only removed if it’s not pre-existing.

Windows Server 2016 intermittent hang with SEP 14.2 RU1

Fix ID: ESCRT-1953

Symptoms: Intermittent hang observed on Windows Server 2016.

Solution: Addressed a deadly embrace between MountMgr and Auto-Protect.

CentOS 7.6 crashes when installing the 14.2 RU1 Linux client

Fix ID: ESCRT-1933

Symptoms: Installing 14.2 RU1 on CentOS 7.6 with kernel version results in a system crash.

Solution: Updated auto-compile script to build and load the proper Auto-Protect kernel modules.

ccSvcHst.exe crash observed with SEP Firewall installed

Fix ID: ESCRT-1932

Symptoms: Intermittent ccSvcHst.exe crash is observed on machines with SEP Firewall installed.

Solution: Updated Traffic Security Engine parameters to improve file handling scenarios.

Linux File and Folder exceptions no longer work after enrolling SEPM with the SES Cloud Console

Fix ID: ESCRT-1926

Symptoms: Unable to create Linux File and Folder exceptions after enrolling an existing SEPM with the Symantec Endpoint Security Cloud Console.

Solution: Corrected a logic error to correctly separate Windows and Linux exceptions after SEPM Cloud enrollment.

Double Byte Character Set workgroup clients are unable to connect to the SEPM

Fix ID: ESCRT-1921

Symptoms: Clients receive an HTTP 412 error if the workgroup they reside in contains DBCS.

Solution: Changed the encoding used for certain fields to handle DBCS.

Large .2 files found in Windows\Temp folder with SEP installed

Fix ID: ESCRT-1887

Symptoms: Large temporary traffic log files with a .2 extension are found in the Windows\Temp folder.

Solution: Improved error handling when copying log files to temporary files.

External logging discrepancies when comparing with Risk report in a multiple SEPM environment

Fix ID: ESCRT-1866

Symptoms: In a site with load-balanced SEPMs, some logs are not processed to External logging dump files or Syslog servers.

Solution: Updated the USN mechanism used when processing client logs in a load-balanced SEPM configuration.

Upgrading to 14.2 RU1 results in changes to the SQL transaction log fixed size when auto-growth is disabled

Fix ID: ESCRT-1859

Symptoms: With auto-growth disabled, after a period of time the transaction log may become full and an error will be displayed during a SEPM upgrade to 14.2 RU1.

Solution: Added a new parameter to configure transaction log truncation during SEPM upgrade. Conf.Properties parameter: scm.upgrade.truncate.txnlog.enabled=false

ccSvcHst.exe crash observed with SEP Firewall installed

Fix ID: ESCRT-1853

Symptoms: Intermittent ccSvcHst.exe crash is observed on machines with SEP Firewall installed.

Solution: Updated Traffic Security Engine parameters to improve file handling scenarios.

Unable to save the layout of the Protection Technology view within the SEPM

Fix ID: ESCRT-1836

Symptoms: The selected column order for Protection Technology view is not preserved after logging out and logging back in to the SEPM.

Solution: Fixed the initialization of the table for the Clients panel.

“Query Failed” error when attempting to view the Computer Status logs

Fix ID: ESCRT-1829

Symptoms: When attempting to view the Computer Status log within the SEPM, the error message “Query Failed” is displayed.

Solution: Updated the table query to include the SERVICE_PACK column.

Mac icon missing in Server Control settings panel of the SEPM

Fix ID: ESCRT-1820

Symptoms: There’s no Mac icon in the Server Control settings panel, which is used to indicate platform supportability.

Solution: Added Windows and Mac icons to the appropriate settings.

RESTAPI policy commands fail if the policy type contains over 4,000 policies

Fix ID: ESCRT-1798

Symptoms: /api/v1/policies/summary RESTAPI fails when the policy type contains >4,000 policies.

Solution: Updated the way the policies are retrieved from the SEPM database.

Exported deception logs are missing the Caller Process

Fix ID: ESCRT-1795

Symptoms: After exporting Deception logs from the SEPM, some log entries contain a blank field for Caller Process Name.

Solution: Updated the query used when exporting Deception logs.

Unexpected Server Error displayed in the SEPM system log

Fix ID: ESCRT-1793

Symptoms: Intermittent Unexpected Server Error displayed in the SEPM system log in environments that have many Group Update Providers.

Solution: Updated queries related to the GUP_LIST table.

Limited Administrator is unable to export install packages after enrolling with the SES Cloud Console

Fix ID: ESCRT-1786

Symptoms: Limited Administrator accounts with Group/Package privileges are unable to export client installation packages after cloud enrollment.

Solution: Corrected Limited Administrator privileges when in a Cloud enrolled configuration.

Windows Server 2016 VMware virtual machine encounters a periodic system hang

Fix ID: ESCRT-1782

Symptoms: System hang observed on Windows Server 2016 virtual machines under certain conditions.

Solution: Updated the SEP client service to no longer attempt to display a window if there is no display connected.

Clients using a primary DNS suffix are not syncing with Active Directory imported clients

Fix ID: ESCRT-1774

Symptoms: Active Directory imported clients are showing offline under the OU structure and appear in the default group as online.

Solution: Updated the API used to obtain the Domain Name, so that it includes the complete DNS name.

Management Server Configuration Wizard does not allow the use of special characters when using Windows authentication

Fix ID: ESCRT-1765

Symptoms: Error displayed when attempting to use a % character in the DB user password for Windows Authentication.

Solution: Database User password validation updated.

Duplicate HWID found when running Powershell or RESTAPI to move clients

Fix ID: ESCRT-1747

Symptoms: MoveClient RESTAPI failing for user-mode clients.

Solution: Updated query so that only active clients bound with the HWID will be moved.

Memory leak in ccSvcHst.exe resulting in process crash

Fix ID: ESCRT-1744

Symptoms: ccSvcHst.exe crash observed after a period of time.

Solution: Fixed a memory leak in ccSvcHst.exe related to Tamper Protection exclusions.

SEPM emails fail to send to a TLS 1.2 only email server

Fix ID: ESCRT-1723

Symptoms: SEPM is unable to send email notifications to a mail server configured to only support TLS 1.2.

Solution: Updated JavaMail to a version that supports TLS 1.2.

“Query Failed” error when attempting to view details within a Risk log on SEPM

Fix ID: ESCRT-1718

Symptoms: Localized SEPM versions display a “Query Failed” error when attempting to view the details of a Risk within the Risk log.

Solution: Updated SEPM to use dynamic locale.

Client uninstall password doesn’t work with certain special character combinations

Fix ID: ESCRT-1708

Symptoms: The client uninstall password defined in the SEPM isn’t accepted on the endpoint with certain special character combinations.

Solution: Corrected an issue that caused the uninstall password to not be recognized by the endpoint.

SMC -importconfig command doesn’t work if there is no user logged in

Fix ID: ESCRT-1691

Symptoms: When using the smc -importconfig command via a script that doesn’t require a logged in user, it isn’t accepted.

Solution: Added support for using smc -importconfig without a logged in user.

SEPM installation fails during Group Policy Object Policy Review

Fix ID: ESCRT-1689

Symptoms: Attempting to install the SEPM fails during the GPOPolicyReview action, which is due to GPResult taking an extended period of time to return results in some environments.

Solution: Increased the timeout for GPOPolicyReview to 15 minutes.

Location Awareness stops working after dropping sylink.xml on an endpoint

Fix ID: ESCRT-1685

Symptoms: Sylink.xml dropped/imported on an endpoint results in Location Awareness no longer working until services restart.

Solution: Location Awareness functionality is no longer interrupted when a Sylink.xml is dropped/imported.

During midnight database maintenance tasks some endpoints are incorrectly swept

Fix ID: ESCRT-1624

Symptoms: Some endpoints incorrectly swept during nightly database maintenance activities.

Solution: Corrected a logic error to better handle clients that have certain flags associated with them.

SEPM RESTAPI Primary Key violation error when sending commands to copied AD imported clients

Fix ID: ESCRT-1617

Symptoms: Failure to send RESTAPI commands to copied OU clients.

Solution: Updated queries to only apply to the active client.

Unable to view the HELP page from the SEPM Web Console in 14.2 RU1

Fix ID: ESCRT-1603

Symptoms: The in-product help page does not load when using the SEPM Remote Web Console.

Solution: Updated code to handle opening the HELP page when logged in using FQDN as host.

Clients configured to get updates from SEPM and LiveUpdate simultaneously do not make requests to the SEPM

Fix ID: ESCRT-1590

Symptoms: SEP endpoints configured to use both SEPM and LiveUpdate to retrieve content appear to always try LiveUpdate first.

Solution: Updated code to check the package type from SEPM before choosing to download between LiveUpdate or SEPM.

RESTAPI returns deleted results for computers that use AD synchronization

Fix ID: ESCRT-1579

Symptoms: RESTAPI to query OU clients returns all clients that share one HWID, including deleted ones.

Solution: Added support for copied OU clients when using RESTAPI queries.

Duplicated OS information in RESTAPI responses when using the GET computers command

Fix ID: ESCRT-1575

Symptoms: The RESTAPI command GET /api/v1/computers returns duplicated OS information.

Solution: Updated code to remove the duplicate return results.

14.2 RU1 LiveUpdate Engine changes to use HTTPS only results in client definition download issues.

Fix ID: ESCRT-1570

Symptoms: If the proxy defined in IE is updated, LiveUpdate Engine on the endpoint does not recognize the change until it is restarted.

Solution: Updated logic so that Proxy information is checked prior to attempting to run LiveUpdate.

Incorrect SQL user displayed when viewing remote site database server information

Fix ID: ESCRT-1556

Symptoms: When viewing the DB properties of a remote site from within the Symantec Endpoint Protection Manager, the username for the database of the local site is displayed instead of that for the remote site.

Solution: Database query modified to generate correct result

Various inconsistencies in dump file logging complicate automated parsing

Fix ID: ESCRT-1543

Symptoms: A number of inconsistencies in dump file logging were identified that make it difficult for parsing to be automated. For example, paths alternately made use of backslashes and forward slashes.

Solution: Various changes to improve consistency including adding header file path and description, proper escaping of application names, and correcting header names.

Setting for “Maximum number of rows in report table” cannot be saved in SEPM

Fix ID: ESCRT-1534

Symptoms: In Symantec Endpoint Protection Manager under logs and reports preferences, changes to the value for “Maximum number of rows in report table” cannot be saved. A user must manually enter this value when exporting a report.

Solution: Corrected preferences page so value can be saved successfully.

Error when moving a client using Rest API

Fix ID: ESCRT-1495

Symptoms: An error may be generated when copying clients that are Active Directory sync enabled.

Solution: Modified Rest API to properly handle clients managed through Active Directory sync.

Clients connect to SEPM if hostname contains DBCS characters

Fix ID: ESCRT-1428

Symptoms: The client fails connect to SEPM after receiving a HTTP 412 error if the hostname contains DBCS.

Solution: Modified SEP client to allow it to properly connect to a SEPM with a hostname containing DBCS characters.

SEP agent not able to enroll with the cloud

Fix ID: ESCRT-1415

Symptoms: Client that had previously enrolled may not be able to re-enroll

Solution: Corrected setting of access token expiration timestamp in the SEP client.

CentOS 7.6 crashes when install SEP 14.2 RU1

Fix ID: ESCRT-1379

Symptoms: Auto Protect kernel modules must be built with CONFIG_TEPOINE supported GCC compiler or the kernel modules cannot load successfully. 

Solution:  Trigger autocompile of Auto Protect kernel modules for CentOS kernels.

URL in details of SEPM risk logs cannot be resolved

Fix ID: ESCRT-1373

Symptoms: Clicking the risk name URL in the Risk Logs resulted in an error page

Solution: Fixed risk information URL in reports.

Client counts not accurate in SEPM reports for limited admins

Fix ID: ESCRT-1347

Symptoms: Client counts are inaccurate in some reports if logged in as a limited admin.

Solution: Fixed filter query

Cannot view Connection Details within the SEP client Network Activity monitor

Fix ID: ESCRT-1342

Symptoms:  When attempting to view connection details, the UI populates the screen with data before immediately returning to the application list.

Solution: Correct Connection Details screen so that it will remain in view after populating.

SEP client does not honor PreferredGroup parameter with sylink.xml

Fix ID: ESCRT-1336

Symptoms: When installing the client, the PreferredGroup parameter is not honored and the client does not appear in its intended group.

Solution: Changes in 14.2 modified the default reconnection preferences causing the client to return to its last-used group setting. Modified these to return to prior behavior.

Query failed error displayed in Symantec Security Response panel of SEPM home screen

Fix-ID: ESCRT-1270

Symptoms: Query failed error displayed in Symantec Security Response panel of SEPM home screen

Solution: Query fixed to display correctly.

SEP for Linux services are restarted prior to uninstall

Fix ID: ESCRT-1268

Symptoms: Services are restarted when attempting to uninstall the SEP for Linux client

Solution: Added a check for the status of services prior to uninstall to avoid issue.

FQDN for email server cannot contain numbers

Fix ID: ESCRT-997

Symptoms: When attempt to use an FQDN to specify an email server in SEPM, the FQDN fails validation if it contains numbers.

Solution: Correct validation logic to allow numbers as a part of FQDNs.

Cannot expand clients under Virus Definition Distribution in SEPM Daily Report

Fix ID: ESCRT-987

Symptoms: When running German-language SEPM, attempting to expand clients under Virus Definition Distribution fails.

Solution: Fixed queries used in the report.

SEPM Web console Linux client package export option exports wrong file types

Fix ID: ESCRT-912

Symptoms: Attempting to download DPKG package downloads RPM package.

Solution: Browser is caching small files. Added a nonce to downloaded package name to ensure the filename is unique.

SQL exception during ADSI task

Fix ID: ESCRT-909

Symptoms: A SQL exception occurs during ADSI task if computer description fields exceed 256 characters.

Solution: Modified AD sync routine to truncate computer description to 256 characters.

Attempting to copy/paste exception policy always copy Windows exception

Fix ID: ESCRT-864

Symptoms: Attempting to copy/past Mac or Linux exception policy fails as the Windows exception is always copied to the clipboard regardless of the platform selected.

Solution: Added platform info when copying items in Exception policy.

Sep clients do not cycle through the entire Management Server List after connection failures

Fix ID: ESCRT-759

Symptoms: When cycling through the MSL, the client will stop attempting connections if it attempts to connect to a SEPM for which it cannot verify the signature in index2.html

Solution: Modified behavior of client so it will continue to attempt connection to the next server in the MSL under these conditions.

In profile.xml locations show Reverse DNS = 0 when it should be set to 1

Fix ID: ESCRT-714

Symptoms: In profile.xml pusblished in data/outbox, some locations have the value Reverse DNS = 0 when it should be set to 1

Solution: Fixed the profile compilation of Reverse DNS in the Firewall policy.

SEP leaves a scheduled task "Symantec Cleanwipe" on machine after installing package that includes cleanwipe

Fix ID: ESCRT-707

Symptoms: After installing SEP with an install package which includes cleanwipe, cleanwipe is running as expected, the install package is installed correctly but a scheduled task named 'Symantec Cleanwipe' is left.

Solution:Cleaned up artifacts left by CleanWipe.

Unable to export computer status report

Fix ID: ESCRT-701

Symptoms: Unable to export computer status report

Solution: Refactored the query used in exporting Computer Status Logs.

Autoupgrade fails

Fix ID: ESCRT-692

Symptoms: Auto-upgrade to SEP 14.2.1015 version fails

Solution: Eliminate errant configuration information being written into client package.

Blank checkbox under site properties content type

Fix ID: ESCRT-671

Symptoms: An unlabeled checkbox is visible on the panel for LiveUpdate content type selection.

Solution: Corrected UI.

Contents of scheduled "Virus Definitions Distribution" report is not localized.

Fix ID: ESCRT-654

Symptoms: When using a non-English language SEPM, some content of the emailed scheduled Virus Definition Distribution report is in English.

Solution: Completed localization of the Virus Definition Distribution report.

Definition download log from GUP always reports "Throttle speed: 0.00 Kbps"

Fix ID: ESCRT-650

Symptoms: Definition download log from GUP always reports "Throttle speed: 0.00 Kbps"

Solution: Corrected report so that throttle speed is accurately reported.

Repeated loss of network connectivity when Firewall is enabled

Fix ID: ESCRT-584

Symptoms: Client loses network connectivity for approximately two minutes at regular intervals if firewall is enabled.

Solution: Limit application learning AppInfoList to a maximum of 500.

SEPM schedule report configured for “Past Month” always misses the first day of the month

Fix ID: ESCRT-578

Symptoms: In some circumstances, SEPM scheduled reports configured for “Past Month” do not include the first day of the month.

Solution: Correct report.

Location-based blocking policy for USB printers cannot effectively toggle blocking

Fix ID: ESCRT-541

Symptoms: USB printers remain blocked when returning for an external location where printing is blocked to an internal location where printing is permitted.

Solution: Correct evaluation of USB blocking rules.

Cloud console not syncing whitelist exceptions to SEP clients

Fix ID: ESCRT-499

Symptoms: After SEPM enrolled to Cloud, Console still publish the ADC scan type of directory exceptions defined as ALL scan type in on-prem Exception policy.

Solution: Changed the publish algorithm behavior after SEPM has enrolled to Cloud.

Computer Status report missing Install Type

Fix ID: ESCRT-400

Symptoms: Install Type is missing from exported Computer Status report

Solution: Fixed report to include install type.

SymElam policy changes not reflected on client

Fix ID: ESCRT-399

Symptoms: Configuring the SymElam policy on SEPM to “Log the detection…” is not reflected on the SEP client.

Solution: Correct handling of this setting in construction of policy.

SEPM reported blocked traffic despite no rules configured for SEP for Mac Firewall

Fix ID: ESCRT-375

Symptoms: If all rules are removed for the SEP for Mac Firewall, the SEPM with report traffic is being blocked even though it is not.

Solution: Correct SEPM UI messaging.

Manual scan fails

Fix ID: ESCRT-354

Symptoms: Manual scan fails with “Scan Failure: Not enough free disk space to perform a scan.”

Solution: Corrected a problem where manual scans failed with disk space error when the username contained Unicode characters that do not match the current system locale.

IP addresses not ordered correctly on Clients tab

Fix ID: ESCRT-349

Symptoms: Sorting of IPv4 address does not work correctly on the Clients tab.

Solution: Corrected sorting algorithm.

Find Computers not available in Remote Deployment Wizard

Fix ID: ESCRT-326

Symptoms: Navigating to Find Computers does not display the Find Computers dialog box.

Solution: Add null check while reading NetworkInterface from IP address.

Scan dialog of admin scheduled scan does not appear

Fix ID: ESCRT-322

Symptoms: When connecting to SEP client via RDP, the scan dialog for admin scheduled scans does not appear.

Solution: Fix UI so that scan dialog can be accessed during an RDP session.

Delays in processing Agent Behavior logs

Fix ID: ESCRT-318

Symptoms: Processing of Agent Behavior logs delayed due to blocked transactions on SQL Server

Solution: Fixed the table switching for log tables.

Information missing or incorrect when scheduling LiveUpdate from the command line

Fix ID: ESCRT-309

Symptoms: Missing information when the LiveUpdate is scheduled a certain way from the command line and then viewed from the command line.

Solution: Change logic to display status correctly.

SEPFL does not scan more than 100 files in a folder.

Fix ID: ESCRT-288

Symptoms: When user tries to scan a folder, which has more than 100 files, using path with wildcards like '*', instead of scanning all the files in the folder, it will scan only 100 files.

Solution: Changed logic to notify the user that maximum input limit is reached and remaining files won't be scanned.

Password not accepted for UI and uninstall

Fix ID: ESCRT-276

Symptoms: Password info is removed from ccSettings and registry causing the client to not accept any password for the UI and uninstall.

Solution: Corrected a timing issue where SEP password information was removed incorrectly.

Cannot update definitions after upgrading to SEP 14.2

Fix ID: ESCRT-247

Symptoms: ACLs for several folders do not include semsrv, semwebsrv, semapisrv. As a result, SEPM is unable to write content to disk.

Solution: Configure ACLs for related folders by PermissionDefinitions

SEP client installed on SEPM server has trouble connecting to the local SEPM

Fix ID: ESCRT-244

Symptoms: A connection error message in SEP client "Troubleshooting->Server Connection Status"

Solution: Fixed SEPM to allow connection from a SEP client installed on the local system

Notifications link opens incorrect report in SEPM 14 RU1 MP2

Fix ID: ESCRT-220

Symptoms: Incorrect type of notification mailed out.

Solution: Set notification type for "file reputation" in upgrade.

SEP for Linux 14.2 cannot update definitions from LUA.

Fix ID: ESCRT-136

Symptoms: SEP for Linux fail to download definitions for 14.2 because it is attempting to download the wrong file.

Solution: Fix SEP for Linux client so that it downloads the correct file from LUA.

SEP client fails to determine correct user during IPS detection

Fix ID: ESCRT-51

Symptoms: IPS detection always uses the user name from main session in Security log even when user logs on from a remote RDP session uses different user name.

Solution: Correct reporting to get the correct user name and domain name.

Component versions

The build number for this release is 14.2.5323.2000. 

Red text indicates components that have updated for this release.


DLL File

DLL Version

SYS File

SYS Version






Seq#= 20190927.005


BASH Framework









Seq#= 20190828.500


CIDS Framework

























































SDS Engine


Seq#= 20191105.003










Seq#= 20190703.137







































WLU (Symantec Endpoint Protection Manager)