search cancel

The F5 BIG-IP can no longer detect the Symantec Endpoint Encryption client after upgrading from 11.1.0 to 11.1.1 MP1.

book

Article ID: 163911

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

The customer has an F5 BIG-IP device that they use to inventory their endpoints for the Symantec Endpoint Encryption client.
The BIG-IP does this by parsing the Windows Security Center for the presence of the SEE client.
This worked in SEE 11.1.0.
After upgrading SEE to 11.1.1 MP1 the Big-IP can no longer determine what computers have the SEE client installed.
Thus the customer's reports on what clients have the SEE agent installed are no longer correct.

Environment

SEE 11.1.1 MP1
F5 BIG-IP
Windows 7 clients

Cause

The BIG-IP looks in the Windows Security Center to determine if the SEE client is installed.
In SEE 11.1.0 this works as expected.
However, the SEE 11.1.1 MP1 client does not register in the Windows Security Center .Thus the BIG-IP cannot determine that the SEE client is installed.
 

Resolution

The F5 BIG-IP can find the SEE client in the registry.
However, the customer states "this is not recommended (not secure).  Therefore we really need an alternative".

This has been referred to Engineering.

This was resolved by manually adding the new SEE version to the F5 BIG-IP.
Now the BIG-IP correctly displays the new version of SEE when it is detected on the client.
The customer did not provide the exact steps for adding the new SEE version to the BIG-IP.