SEP client does not honor password protection settings after upgrade to 14 RU1 or RU1 MP1.

book

Article ID: 171059

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Password protection settings have been configured in the Symantec Endpoint Protection Manager (SEPM) prior to upgrade to 14 RU1 version. Post upgrade of the client to 14 RU1, it is observed that the password protection settings are not honored on the client.

Cause

PBKDF2 is a password strengthening algorithm and it was implemented in SEP 14.0 RU1. In SEP 14.0 RU1 MP1, SEP client checks the existence of "AdminPassword" and "AdminPasswordPBKDF2" element to verify whether the password is set for any options. First, it checks for "AdminPassword" and later for "AdminPasswordPBKDF2" element. 

After migrating SEPM 14.0 MP2 to SEPM 14.0 RU1 MP1, by default profile.xml does not contain the "AdminPasswordPBKDF2" element. If AdminPasswordPBKDF2" is missing then client assumes that password is not set for any option. As a result, SEP client does not prompt for a password.

Environment

Symantec Endpoint Protection (SEP) 14 RU1 or 14 RU1 MP1

Resolution

This issue is fixed in Symantec Endpoint Protection manager 14 RU1 MP2.  For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.

Workaround:

Remove and reapply the password in the password settings in the SEPM console and update the policy on the clients.