Disabled Memory Exploit Mitigation policy becomes enabled state after upgrade Endpoint Protection Manager from 14.0 RU1MP1 to 14.2 RU2MP1

book

Article ID: 195329

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You assigned the disabled Memory Exploit Mitigation (MEM) policy to client group in Symantec Endpoint Protection Manager (SEPM) 14.0.x. After you upgrade SEPM to 14.2 RU2MP1 or later, "Default Disabled Memory Exploit Mitigation policy" is assigned to such client group but MEM is now enabled on SEP client.

Environment

SEPM 14.2 RU1MP1 or later, upgraded from SEPM 14.0.x

Resolution

Broadcom is aware of this issue and will update this document when a solution becomes available.  

Work Around:
If you already upgraded SEPM to 14.2 RU2MP1 or later and issue is happening, create the disabled MEM policy and assign to client group manually.

If you are preparing upgrade, check your disabled MEM policy. If [Enable this policy] in [Overview] tab is unchecked, check it and uncheck [Enable Memory Exploit Mitigation] in [Memory Exploit Mitigation] tab instead to disable MEM policy, or withdraw MEM policy from client group then run upgrade.

Additional Information

ESCRT-4454