When Symantec Endpoint Protection 12.1 RU5 is installed on an operating system running within a VMware Virtual environment, several problems are encountered

Article Id: 158937
Status: Published
Updated On: 23-09-2014 08:30
Legacy Id: TECH214756
Products:
Endpoint Protection
Issue/Introduction:

When Symantec Endpoint Protection 12.1 RU5 (SEP) is installed on an operating system running within a VMware Virtual environment, several problems are encountered with SEP's protection technologies.
 
These problems can include, but are not necessarily limited to, the following:
  • IE hang when downloading reputation sample DA_maxbad.exe. (Etrack 3366906)
  • Download insight does not work. DA_maxbad.exe downloads to local system is not caught. (Etrack 3363300)
  • SEP doesn't have risk logs for malicious file downloaded in Win8 32-bit system (Etrack 3386702)
  • AP can't detect sample:DIR2.COM but corrupt it on Win8 (Etrack 3375525)
  • [Client Persistence]Manual Scan on virus hang in 24h persistent test (Etrack 3405041)
  • AP is not active detect risk while unzip/copy some samples on Win8 (Etrack 3383420)

Cause:

These problems are caused by an interoperability issue between a Symantec filter driver and VMware's driver vsepflt.sys which is installed as part of VMware Tools.

Resolution:

This issue has been resolved with changes from VMware. No changes to Symantec code were needed. Please update the VMware environment to resolve this issue.

1. Upgrade vSphere to a version with the fix

The fix should be in the following VMware vSphere versions. The GA dates listed below are tentative at the time of this writing are are subject to change without notice.

  • 5.0 u3 (17th Oct 2013 GA)
  • 5.1 u2 (16th Jan 2014 GA)
  • 5.1 p03 (3rd Oct 2013 GA)

2. Upgrade the version of VMware Tools installed in the OS

  1. Power on the guest virtual machine.
  2. Login to the guest virtual machine as an administrator
  3. Right-click your guest VM and select Guest > Install/Upgrade VMware Tools
  4. Complete the installation wizard which appears
  5. Reboot the guest virtual machine

3. Confirm successful upgrade of vsepflt.sys

  1. Login to the guest virtual machine
  2. Open Windows Explorer
  3. Navigate to: C:\WINDOWS\System32\drivers
  4. Right-click vsepflt.sys
  5. Click Properties
  6. Click the Details tab
  7. If the upgrade is successful, the driver version should be 5.1.0.2 build-1224041 or higher.

See the following VMware documentation for patching or updating vSphere from the command line: