You notice after upgrading Symantec Endpoint Protection (SEP) clients to 14.2 MP1 that they show offline in the Symantec Endpoint Protection Manager (SEPM), but they continue to receive updates.
Two root causes:
1. Upgrade logic would overwrite the SYLINK key in Wow6432Node hive if one was present in the native hive. This caused ClientType value to be deleted. This was mitigated in 14.0 by Sylink functionality which would put back the value if it was seen missing during startup.
2. SEP 14.2 moved from Sylink to CVE communication model and did it not have functionality to restore the ClientType value. Since it was missing, it sends '0' as the ClientType to SEPM. [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\ClientType]
This issue is fixed in Symantec Endpoint Protection 14.2 RU1. For information on how to obtain the latest build of Symantec Endpoint Protection, read
TECH 103088: Download the latest version of Symantec Endpoint Protection