After installing or upgrading devices to Symantec Endpoint Protection, the client will download, but not apply policies from the Endpoint Protection Manager. The client may show as online in the SEPM in the correct group, but locally on the client, in the Help -> Troubleshooting page, the client is not listed in the correct group.

In the client System Log (on the client, click View Logs, next to Client Management, click View Logs, then System Log):

Failed to import server policy

In the cve.log:

Failed to import profile [Error: 1]

A firewall policy that contains a rule which, in the Application column, includes an entry in the Last Modified field.

This issue is fixed in Symantec Endpoint Protection 14.3 RU2. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.

Workaround:

Removing the date from the Last Modified field for any application being used in a firewall rule can be used as a workaround.

1. Open the firewall policy that contains a Last Modified date
2. Double-click on the application field
3. Click the application, then Edit
4. Clear any data from the Last Modified fields, click OK
5. Click OK, then click OK again to save the changes

Clients will be able to download and apply the policy correctly now.

ESCRT-4702