New fixes and component versions in Symantec Endpoint Protection 14.3

book

Article ID: 189620

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.3 (14.3). This information supplements the information found in the Release Notes.

  • New Fixes
  • Component versions


Download the full release through the Broadcom Software Download Portal. For details, see Download the latest version of Endpoint Protection.

Resolution

New fixes

 

SEPM Auto-Upgrade feature triggers a second time

Fix ID: ESCRT-256

Symptoms: In complex configurations, there is a window of time after scheduling an Auto-Upgrade that it may trigger a second time

Solution: Corrected the duplication of a database object during replication.

SEP Linux LiveUpdate failure event is not logged

Fix ID: ESCRT-827

Symptoms: No log event is written to agt_system.log or scm_system.log when a LiveUpdate failure occurs.

Solution: Updated LiveUpdate to log events when a failure occurs for a scheduled LiveUpdate attempt.

Unable to export a client install package via the SEPM Web Console

Fix ID: ESCRT-1037

Symptoms: When attempting to export a client install package via the Web Console version of the SEPM when using the PC NetBIOS name, the Download button does not function as expected.

Solution: Updated the SEPM Web Console to identify if it has been launched in compatibility view mode.

After upgrading to 14.2 RU1 clients fail to connect with SEPM when using a Third Party Certificate

Fix ID: ESCRT-1680

Symptoms: SEP clients fail to connect to SEPM after upgrading to 14.2 RU1 due to client communication checks missing information for Intermediate Certificate Authorities.

Solution: Updated client communication checks to include the Intermediate Certificate Authority list.

SEPM Client Properties display N/A for Virtualization Platform

Fix ID: ESCRT-1830

Symptoms: The Virtualization Platform field always shows N/A for the Client Properties view in the SEPM.

Solution: Corrected the registration XML so that the Virtualization Platform field can be read correctly by the SEPM.

Copy and Paste of exclusions in the SEPM Exceptions policy does not work as expected

Fix ID: ESCRT-1927

Symptoms: When performing a Copy and Paste of Linux folder exceptions in the SEPM Exceptions policy of a Cloud-Enrolled SEPM, the type changes to Windows and is blank.

Solution: Corrected the Linux directory exceptions policy handler for Cloud-Enrolled SEPMs.

Agent Risk logs are not sent to Syslog server from Korean localized SEPM

Fix ID: ESCRT-1957

Symptoms: Korean language localized SEPM does not sent Agent Risk logs to a Syslog server with the error: An exception prevented External Logging from proceeding further and no new logs can be processed.

Solution: Locale values fixed when reading from Java Virtual Machine.

Group changes do not sync properly for a Cloud-Enrolled SEPM

Fix ID: ESCRT-2085

Symptoms: Group, Exception, and Memory Exploit Mitigation policy changes originating from the SEPM do not sync to the ICDm Endpoint Cloud Console.

Solution: Updated sensor queries for Group, Exception, and MEM policies.

SEPM attempts to process SHA-256 file fingerprint hashes using import

Fix ID: ESCRT-2205

Symptoms: Group, Exception, and Memory Exploit Mitigation policy changes originating from the SEPM do not sync to the ICDm Endpoint Cloud Console.

Solution: Updated sensor queries for Group, Exception, and MEM policies.

Group Update Provider host name, IP, and port are not logged when a client fails to download content

Fix ID: ESCRT-2207

Symptoms: The host name, IP, and port are not logged in the client system log when the client fails to download content from a Group Update Provider.

Solution: Added a new log entry for the selected Group Update Provider in syslog.log.

Enrollment with EDR fails when attempting to bypass proxy

Fix ID: ESCRT-2215

Symptoms: When using the IE LAN settings option to bypass proxy for local addresses, the SEP client does not honor it for EDR enrollment.

Solution: Bypass proxy for local addresses setting is now honored.

Firewall logs exported from the SEPM show a numeric value for Network Protocol

Fix ID: ESCRT-2328

Symptoms: Exported traffic logs show a numeric value for network protocol instead of a description.

Solution: Added the missing Network Protocol description when processing or exporting traffic logs.

Mac device setting in Application and Device Control policy accepts incorrect value

Fix ID: ESCRT-2378

Symptoms: SEP Mac client does not block USB devices as expected.

Solution: UI now accepts the correct values in Application and Device Control settings for the Mac client.

Monitors pie charts show the word Others twice

Fix ID: ESCRT-2380

Symptoms: Others appears twice on the Monitors page for the Network and Host Exploit Mitigation pie charts.

Solution: Fixed the Network and Host Exploit Mitigation pie charts under the Monitors Summary page.

Unable to filter by Windows Server 2016 in Monitors and Reporting

Fix ID: ESCRT-2389

Symptoms: In the SEPM Monitors>Logs or Reporting pages the filter option for Operating System = Windows Server 2016 does not work as expected.

Solution: Updated the filter query to show the correct result.

RemoveNotesPlugin incorrectly edits notes.ini on upgrade

Fix ID: ESCRT-2403

Symptoms: Updating the SEP client results in the removal of the EXTMGR_ADDINS= entry from notes.ini.

Solution: Updated the installer to include the necessary checks to prevent the incorrect removal of notes.ini entries.

English text is displayed for Comprehensive Risk Report on Chinese Simplified SEPMs

Fix ID: ESCRT-2436

Symptoms: When running the Comprehensive Risk report, the risk types are not localized in the pie and bar chart of the Risk Distribution by Risk Type section of the report.

Solution: Translated the risk types for the pie and bar charts in the Risk Distribution by Risk Type section.

Upgrading from 14.2 to 14.2 RU1 MP1 leaves behind folders and files

Fix ID: ESCRT-2546

Symptoms: Roru.exe is left behind after upgrading the SEP client intermittently.

Solution: Updated the uninstallation to ensure Roru.exe is removed in all scenarios.

AgentSweepingTask encounters and error intermittently on SEPM

Fix ID: ESCRT-2599

Symptoms: Error: Timestamp format must be yyyy-mm-dd hh:mm:ss is intermittently seen in SEPM system logs for AgentSweepingTask.

Solution: Updated the query to read the Alert table timestamp.

NTLM authentication requires the domain name and user name to be in lower-case

Fix ID: ESCRT-2602

Symptoms: After entering a domain name and/or user name with capitalization and error occurs.

Solution: Updated the requirements to accommodate case sensitive user names.

Errors with no functional impact periodically appear in SEP Linux debug logs

Fix ID: ESCRT-2737, ESCRT-2753

Symptoms: Invalid License Request Type, ExtLogPacker failed to read setting, and Could not contact savtray err -1 appear in the SEP Linux debug.log intermittently.

Solution: Moved the error messages to DEBUG level.

Auto-Protect compile error on Ubuntu 16.04 with kernel 4.11.0.-041100-generic

Fix ID: ESCRT-2784

Symptoms: Auto-Protect kernel modules fail to compile on Ubuntu 16.04 with kernel 4.11.0-041100-generic.

Solution: Updated code to allow the Auto-Protect kernel modules to compile.

SEPM scheduled report attachment becomes corrupt if the Report Name contains a non-ASCII character

Fix ID: ESCRT-2803

Symptoms: The attachment filename in a scheduled report is corrupt if the Report Name contains a non-ASCII character.

Solution: Updated JavaMail parameters to prevent an issue with encoding the filename.

Symantec Endpoint Security showing same Scan Start, End, and Device Time

Fix ID: ESCRT-2817

Symptoms: Timestamp information for client scan logs is incorrect within the Symantec Endpoint Security console. Timestamps for Device Time, Scan End, and Scan Start are all identical.

Solution: Populate logs with correct timestamp

SES clients not receiving content updates

Fix ID: ESCRT-2830

Symptoms: SES clients show the server online but do not receive content updates. Manually sending the command to run LiveUpdate succeeds. 

Solution: Fixed CPU threshold overrides

Mac system crash occurs when undocking 

Fix ID: ESCRT-2946

Symptoms: Mac system crash occurs consistently when undocking from a docking station

Solution: Fixed crash in kernel extension

Configuration Wizard will not accept ‘+’ character for password

Fix ID: ESCRT-2958

Symptoms: Configuration Wizard does not accept ‘+’ characters in the password field when Windows authentication is in use.

Solution: Password validator updated to allow ‘+’ characters as valid

Notifications emails may not be sent under certain circumstances

Fix ID: ESCRT-2960

Symptoms: After disabling “view reports” for limited admins

Solution: Fixed logout routine which processes email notifications to ensure it will always run successfully

Exported client package targeting MacOS 10.15 cannot be launched

Fix ID: ESCRT-2980

Symptoms: If multiple client packages are exported simultaneously, packages targeting MacOS 10.15 cannot be launched. A full.zip file is already generated in error.

Solution: Fixed defect so that correct packages are exported and full.zip is not generated

Configuration Wizard will not accept ‘&’ character for password

Fix ID: ESCRT-2989

Symptoms: Configuration Wizard does not accept ‘&’ characters in the password field when Windows authentication is in use.

Solution: Password validator updated to allow ‘&’ characters as valid

Device Control settings causes SymDaemon to crash on SEP for Mac

Fix ID: ESCRT-3002

Symptoms: Attempting to edit Device Control settings causes a crash of SymDaemon

Solution: Modified handling of device model and manufacturer data to allow for non-ASCII characters

RestAPI move-client times-out when encountering duplicate hardware IDs

Fix ID: ESCRT-3112

Symptoms: The move-client RestAPI times-out when encountering duplicate hardware IDs rather than returning the expected error code.

Solution: Removed the duplicated hardware key limitation from the move-client RestAPI

Cannot sign MacOS SEPRemote.pkg

Fix ID: ESCRT-3217

Symptoms: SEPRemote.pkg cannot be signed due to unsigned UninstallerTool in the package

Solution: Correctly signed the UninstallerTool

High CPU utilization due to SEP system extension on MacOS

Fix ID: ESCRT-3224

Symptoms: High CPU utilization is noted on MacOS 10.15

Solution: Addressed defect in AutoProtect technology that caused redundant and unnecessary scanning

ccSvcHst crashes on Windows 10 Enterprise when configured for both IPv4 and IPv6

Fix ID: ESCRT-3238

Symptoms: A crash in ccSvHst is noted when both IPv4 and IPv6 are configured on Windows 10. The crash may be more prevalent when the ICMP ping interval is set low.

Solution: Fixed crash

Services fail to stop when using smc -stop 

Fix ID: ESCRT-3251

Symptoms: smc -stop fails unless the password is specified on the command-line. Relying on the UI to enter a password does not work.

Solution: Fixed code that verifies the calling process

User cannot interact with SEP reboot prompt

Fix ID: ESCRT-3313

Symptoms: The reboot prompt does not respond to any user input during installation

Solution: Fixed defect prevent Reboot Manager plugin from loading

Device Control settings causes SymDaemon to crash on SEP for Mac

Fix ID: ESCRT-3334

Symptoms: Attempting to edit Device Control settings causes a crash of SymDaemon

Solution: Modified handling of device model and manufacturer data to allow for non-ASCII characters

LiveUpdate fails on SEPM when using a proxy

Fix ID: ESCRT-3366

Symptoms: SEPM correctly obtains system proxy settings at install time but loses those settings if an administrator attempts to edit them within the SEPM UI.

Solution: Corrected handling of proxy settings in SEPM

SEP for Mac does not honor location switching

Fix ID: ESCRT-3374

Symptoms: SEP for Mac does not honor location switching

Solution: Fixed defect affecting application of location switching policies

SEP for Mac scheduled scans do not reliably update status in client UI

Fix ID: ESCRT-3463

Symptoms: On SEP for Mac, scheduled scans intermittently fail to cause client UI status to update

Solution: Fixed defect affecting Mac client UI

BSOD BugCheck C2 SRTSP Windows 7 32 bit

Fix ID: ESCRT-3615

Symptoms: BSOD

Solution: Resolved

Component versions

The build number for this release is 14.3.510.0000. 

Red text indicates components that have updated for this release.

Component

DLL File

DLL Version

SYS File

SYS Version

AutoProtect

srtsp64.dll

15.8.0.1045

srtsp64.sys

15.8.0.1042

BASH Defs

BHEngine.dll

Seq#= 20190927.005

12.0.2.10

BHDrvx64.sys

12.0.2.10

BASH Framework

BHClient.dll

12.0.2.10

N/A

-

CC

ccLib.dll

17.2.4.27

ccSetx64.sys

17.2.4.22

CIDS Defs

IDSxpx86.dll

Seq#= 20191114.063

17.2.1.16

IDSviA64.sys

17.2.1.16

CIDS Framework

IDSAux.dll

17.2.1.16

N/A

-

CP3

version.txt

2.8.0.39

N/A

-

CX

cx_lib.dll

3.2.0.93

N/A

-

ConMan

version.txt

3.2.1.27

N/A

-

D2D

version.txt

1.2.1.5

N/A

-

D2D_Latest

version.txt

1.5.0.51

N/A

-

DecABI

dec_abi.dll

2.3.5.10

N/A

-

DefUtils

DefUtDCD.dll

5.3.0.20

N/A

-

DuLuCallback

DuLuCbk.dll

1.13.0.86

N/A

-

DuLuxCallback

duluxcallback.dll

2.15.0.7

N/A

-

ERASER

cceraser.dll

119.1.0.93

eraser64.sys

119.1.0.89

IRON

Iron.dll

9.1.0.27

Ironx64.sys

9.1.0.23

LUX

Lux.dll

2.15.0.19

   

LiveUpdate

LUEng.dll

2.7.0.72

N/A

-

MicroDefs

patch25d.dll

6.1.1.4

N/A

-

SDS Engine

sds_engine_x86.dll

Seq#= 20200115.004

1.11.0.192

N/A

-

SIS

SIS.dll

14.3.151.0

N/A

-

STIC Defs

stic.dll

Seq#= 20190703.137

3.0.0.83

N/A

-

SymDS

DSCli.dll

6.5.0.69

N/A

-

SymEFA

EFACli64.dll

7.3.3.44

SymEFASI64.sys

7.3.3.38

SymELAM

ELAMCli.dll

2.4.0.70

SymELAM.sys

2.3.0.24

SymEvent

Sevntx64.exe

14.0.7.98

SymEvent.sys

14.0.7.96

SymNetDrv

SNDSvc.dll

17.0.3.11

symnets.sys

17.0.3.11

SymScan

ccScanW.dll

16.1.0.168

N/A

-

SymVT

version.txt

10.2.1.10

N/A

-

TCSAPI

version.txt

1.6.0.25

N/A

-

Titanium

titanium.dll

2.6.0.77

N/A

-

WLU (Symantec Endpoint Protection Manager)

LuComServerRes.dll

3.3.203.36

N/A

-