This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.3 RU1 (14.3.3384.1000). This information supplements the information found in the Release Notes.
Download the full release through the Broadcom Software Download Portal. For details, see Download the latest version of Endpoint Protection.
SEP prevents user profile WER folders from being deleted at logoff
Fix ID: ESCRT-767
Symptoms: WER folders are not deleted on logoff.
Solution: Resolved a scenario that prevented the removal of a handle to the WER folders.
AD synchronization imports OU User userPrincipalName while clients check in using sAMAccountName
Fix ID: ESCRT-1053
Symptoms: Clients check-in to the Default Group using the sAMAccountName instead of the UPN.
Solution: Updated the API used to get the correct value.
Windows Server 2012 R2 hangs at login after a client upgrade and the first reboot
Fix ID: ESCRT-2299
Symptoms: Windows hangs on the first reboot post migration.
Solution: Corrected an intermittent problem where Windows would hang on the first reboot after migrating Symantec Endpoint Protection.
Invalid MAC addresses listed in network logs when Risk Tracer is enabled
Fix ID: ESCRT-2401
Symptoms: Local MAC field in client logging is showing an invalid format.
Solution: Updated the format to ensure the value is passed in the correct form.
SEP Firewall reverse DNS lookup is not resolving the DNS name
Fix ID: ESCRT-2618
Symptoms: SEP firewall is not resolving DNS under certain conditions.
Solution: Added support for compressed strings in DNS reverse response packets.
SEP Application Control log entries are truncated if it is longer than 512 characters
Fix ID: ESCRT-2984
Symptoms: Log entries in the Application Control can appear truncated if the associated path, key, or value is long.
Solution: Increased the character length support for Application Control logs.
SEP Application Control causes a delay for Chinese language input in Word and Excel
Fix ID: ESCRT-2997
Symptoms: Chinese character input is delayed for Word and Excel when Application Control is present.
Solution: Corrected a lock timing issue that caused a delay.
SEP Download Insight detects a file downloaded via a Trusted Domain
Fix ID: ESCRT-3031
Symptoms: Download Insight detects files downloaded via a Trusted Domain when an IP address is used instead of a URL.
Solution: Added support for IP addresses within Trusted Domain exclusions.
Firewall rules imported via command line are not saved on Windows 10
Fix ID: ESCRT-3098
Symptoms: Firewall rules imported via smc –importadvrule command are not saved on Windows 10.
Solution: Corrected an issue that prevented rules from saving when using the importadvrule command.
Bugcheck 0x34 on SymEFASI64.sys
Fix ID: ESCRT-3201
Symptoms: Intermittent system crash observed with SymEFASI64.sys.
Solution: Updated SymEFA to correct a scenario that could result in a system crash.
Missing description for SEPM Command Scan to identify which type applies each SEP Client
Fix ID: ESCRT-3338
Symptoms: There is no icon or description to identify which scan types are supported by which SEP Client in the SEPM Command Scan dialog window.
Solution: Added an OS icon ahead of each scan type.
Automatic exclusions missing for File Based Write Filter (FBWF) on Windows 7 Embedded
Fix ID: ESCRT-3355
Symptoms: Managed SEP client on Windows 7 Embedded with FBWF enabled is unable to update content without manual exclusions.
Solution: Automatic exclusions added to allow content to be updated on managed clients when FBWF is enabled.
IPS signatures display incorrect default values for Action and Log in the SEPM IPS Exclusion dialog
Fix ID: ESCRT-3368
Symptoms: Specific IPS Audit signatures display incorrect default values in the SEPM IPS Exception policy for Action and Log.
Solution: Corrected an issue that prevented the correct values for Action and Log from being displayed.
Location Awareness does not change locations as expected when Airplane Mode is enabled
Fix ID: ESCRT-3424
Symptoms: The SEP client does not change locations when Airplane Mode is enabled or all Network Adapters are disabled and the location condition “Client does not use any networking” is used as location change criteria.
Solution: Corrected an issue that prevented Location Awareness from identifying that no working interface is available.
ccSubSDK folder increases in size periodically
Fix ID: ESCRT-3437
Symptoms: ProgramData\Symantec\Symantec Endpoint Protection\<Version>\Data\CmnClnt\ccSubSDK increases in size when product submissions are unable to complete.
Solution: Implemented a file size limit for the ccSubSDK folder.
Details missing for Event Type: The computer account has been deleted
Fix ID: ESCRT-3495
Symptoms: Event Type: The computer account has been deleted contains no information about the event.
Solution: Added Computer Name to the event description for System Logs: Administrative in SEPM.
Cloud-managed SEP clients continue to download content on a LiveUpdate schedule when disabled
Fix ID: ESCRT-3518
Symptoms: System Policy is configured to disable the LiveUpdate schedule, but clients continue to run LiveUpdate.
Solution: Corrected a LiveUpdate trigger that would occur on client restart.
Clients with an IP address ending in .255 do not switch locations
Fix ID: ESCRT-3637
Symptoms: The SEP client does not change locations when the IP address ends in .255 and a location condition that relies upon IP address as location criteria is used.
Solution: Corrected an issue that prevented Location Awareness from evaluating a client ending with a .255 IP address.
Browser Protection events are not exported to a dump file
Fix ID: ESCRT-3702
Symptoms: The event type field is missing from Browser Protection events that are exported to a dump file.
Solution: Event Type column added to the external log-security file.
Windows Security Log contains Event ID 4673 with UAC enabled
Fix ID: ESCRT-3739
Symptoms: The Windows Security Log contains multiple Event ID 4673 events with UAC enabled and SEP installed.
Solution: Corrected an issue that resulted in continuous admin checks for the user session of ccSvcHst.exe.
Deadlock observed with Auto-Protect enabled alongside the Qualys Agent
Fix ID: ESCRT-3823
Symptoms: Unable to login to 3rd party application due to a deadlock between SRTSP64 and Qualys Agent.
Solution: Resolved an issue in Auto-Protect so that a lock is no longer required.
Credential Theft deceptor incorrectly triggers every 2 hours
Fix ID: ESCRT-3872
Symptoms: Clients intermittently trigger the Credential Theft deceptor on non-English operating systems.
Solution: Updated Credential, File, and DNS deceptor scripts to support non-English operating systems.
Bugcheck 139 on SymEFASI.sys
Fix ID: ESCRT-3883
Symptoms: Rare system crash observed on Windows Server 2012 that involves SymEFASI64.sys.
Solution: Added synchronization protection in several places for SymEFA.
Bugcheck on Windows 10 with Early Launch AntiMalware set to Good Only
Fix ID: ESCRT-3955
Symptoms: System crash observed when Early Launch AntiMalware is enabled and configured to “Good Only”.
Solution: Updated SymELAM to properly support updated boot-start drivers.
Locations do not change for an extended period of time
Fix ID: ESCRT-4076
Symptoms: When Cisco VPN is present and DNS Lookup is used as location criteria the location may not change immediately.
Solution: Location Awareness will now check location criteria again after Cisco VPN is ready.
Users are unable to disable the firewall even though the policy is configured to All Users
Fix ID: ESCRT-4132
Symptoms: Only Administrator accounts can disable Network Threat Protection or uncheck Enable Firewall.
Solution: Updated the SEP client to properly honor the All Users setting for limited users.
SEPM Administrators can create Single Risk Event notifications for domains they do not administer
Fix ID: ESCRT-4272
Symptoms: Single Risk Event notifications can be configured for all domains instead of the domain defined for the SEPM Admin account.
Solution: Updated Single Risk Event notification to honor the correct rights for the account creating it.
Bash.exe is not blocked by Application Control
Fix ID: ESCRT-4275
Symptoms: Application Control rules that would apply to Git Bash are not honored.
Solution: Updated Application Control to properly initialize and control Git Bash.
Virtual Image Exception tool is no longer functional after upgrading to 14.3
Fix ID: ESCRT-4321
Symptoms: VIETool.exe exits with an unexpected termination error and does not complete successfully with 14.3.
Solution: Addressed an issue where VIETool would fail to complete with error “Service terminated unexpectedly.”
Policies fail to import when FileLastModifiedDate is defined
Fix ID: ESCRT-4353
Symptoms: Policies with Network Monitoring enabled and Unmonitored Applications with FileLastModifiedDate defined do not import into the SEP client.
Solution: Corrected an issue where policies containing last fail date modified would fail to import.
Location Awareness conditions for DNS Server Address do not work as expected
Fix ID: ESCRT-4409
Symptoms: Location does not change as expected when an IPv6 DNS address is specified.
Solution: Updated location awareness to better handle special IPv6 DNS addresses.
Bugcheck 50 on SRTSP64.sys
Fix ID: ESCRT-4438
Symptoms: Intermittent system crash observed on Windows Server 2016.
Solution: Updated SRTSP to prevent the encounter of a scenario that could result in a system crash.
System hang observed after upgrade of the SEP client
Fix ID: ESCRT-4552
Symptoms: Immediately after upgrading the SEP client a rare system hang may be experienced after the first reboot.
Solution: Updated Application Control to prevent a scenario that could result in a system hang.
Symantec Endpoint Protection creates .dat files in Windows\Temp folder
Fix ID: ESCRT-4600
Symptoms: After upgrading to 14.3, a large number of .dat files are observed in the Windows\Temp folder on some systems.
Solution: Corrected an error in Common Client that resulted in extra .dat files being created when a problem is encountered.
SEP Mac SepInstallerApp crash observed after upgrading to 14.3
Fix ID: ESCRT-4636
Symptoms: SepInstallerApp crash observed intermittently when upgrading from a previous version of the SEP Mac client.
Solution: Resolved an issue that results in a possible SepInstallerApp crash when upgrading from a prior version of the SEP Mac client.
SEP EFAInst.exe crash observed during upgrade on Windows 7
Fix ID: ESCRT-4639
Symptoms: EFAInst.exe crash observed intermittently during upgrade of the SEP client.
Solution: Updated SymEFA to prevent the encounter of a scenario that could result in a EFAInst.exe process crash.
SEP Mac application firewall pop-ups observed with 14.3 MP1
Fix ID: ESCRT-4667
Symptoms: Non-configurable application firewall pop-up displayed in 14.3 MP1.
Solution: Added a check for the application firewall dialog window.
Intermittent definition corruption observed on SEP clients
Fix ID: ESCRT-4698
Symptoms: Definition corruption observed intermittently on SEP clients.
Solution: Resolved a rare scenario that prevented definitions from updating properly.
Client group changes in SEPM are not synced to the Cloud Console
Fix ID: ESCRT-4740
Symptoms: The removal and addition of client groups in SEPM are not always synced to the Cloud Console.
Solution: Updated CommonCloudHub to ensure that SEPM group changes are now always reflected on the Cloud Console.
SQL deadlocks observed after upgrading SEPM to 14.2 RU2
Fix ID: ESCRT-4749
Symptoms: Intermittent SQL deadlocks observed when processing Event notifications or with External Logging enabled.
Solution: Fixed a deadlock when updating the SYSTEM_STATE table.
ccSvcHst.exe crash observed intermittently
Fix ID: ESCRT-4928
Symptoms: ccSvcHst.exe periodically crashes with faulting module: ucrtbnase.dll.
Solution: Fixed a scenario that resulted in an exception encountered in ccSvcHst.exe.
SEPM upgrade to 14.3 RU1 encounters an error if a repair installation is performed
Fix ID: ESCRT-5679
Symptoms: SEPM upgrade to 14.3 RU1 is interrupted due to missing cryptoj.jar if a repair installation is performed.
Solution: Corrected an issue during repair installations that could prevent a specific JAR file from being placed in its proper location.
SEPM upgrade to 14.3 RU1 encounters a SQL Exception if database mirroring is enabled
Fix ID: ESCRT-5685
Symptoms: SEPM upgrade to 14.3 RU1 is unable to proceed if database mirroring is enabled. The following error is observed: "The operation cannot be performed on database "sem5" because it is involved in a database mirroring session or an availability group."
Solution: Corrected an issue that impacted support for database mirroring SQL Server configurations.
The build number for this release is 14.3.3384.1000.
Red text indicates components that have updated for this release.
Component |
DLL File |
DLL Version |
SYS File |
SYS Version |
---|---|---|---|---|
AutoProtect |
srtsp64.dll |
15.8.5.90 |
srtsp64.sys |
15.8.5.75 |
BASH Defs |
BHEngine.dll Seq#= 20190927.005 |
12.1.0.271 |
BHDrvx64.sys |
12.1.0.271 |
BASH Framework |
BHClient.dll |
12.1.0.271 |
N/A |
- |
CC |
ccLib.dll |
17.2.6.16 |
ccSetx64.sys |
17.2.4.22 |
CIDS Defs |
IDSxpx86.dll Seq#= 20201022.022 |
17.2.4.18 |
IDSviA64.sys |
17.2.4.18 |
CIDS Framework |
IDSAux.dll |
17.2.4.18 |
N/A |
- |
CP3 |
version.txt |
2.10.0.84 |
N/A |
- |
CX |
cx_lib.dll |
3.2.0.93 |
N/A |
- |
ConMan |
version.txt |
3.3.0.313 |
N/A |
- |
D2D |
version.txt |
1.2.1.5 |
N/A |
- |
D2D_Latest |
version.txt |
1.5.0.61 |
N/A |
- |
DecABI |
dec_abi.dll |
2.3.5.10 |
N/A |
- |
DefUtils |
DefUtDCD.dll |
5.3.1.7 |
N/A |
- |
DuLuCallback |
DuLuCbk.dll |
1.13.0.86 |
N/A |
- |
DuLuxCallback |
duluxcallback.dll |
2.15.0.7 |
N/A |
- |
ERASER |
cceraser.dll |
119.1.1.39 |
eraser64.sys |
119.1.1.39 |
IRON |
Iron.dll |
9.1.1.28 |
Ironx64.sys |
9.1.0.27 |
LUX |
Lux.dll |
4.2.0.22 |
||
LiveUpdate |
LUEng.dll |
2.7.1.5 |
N/A |
- |
MicroDefs |
patch25d.dll |
6.2.2.13 |
N/A |
- |
SDS Engine |
sds_engine_x86.dll Seq#= 20201117.004 |
1.13.0.271 |
N/A |
- |
SEF Defs |
speng32.dll |
1.7.3.247 |
symevnt32.sys |
1.7.3.161 |
SIS |
SIS.dll |
14.3.3228.1000 |
N/A |
- |
STIC Defs |
stic.dll Seq#= 20190703.137 |
3.3.0.138 |
N/A |
- |
SymDS |
DSCli.dll |
6.5.0.70 |
N/A |
- |
SymEFA |
EFACli64.dll |
7.4.0.125 |
SymEFASI64.sys |
7.4.0.106 |
SymELAM |
ELAMCli.dll |
2.4.0.85 |
SymELAM.sys |
2.4.0.83 |
SymEvent |
Sevntx64.exe |
14.0.7.107 |
SymEvent.sys |
14.0.7.104 |
SymNetDrv |
SNDSvc.dll |
17.0.4.3 |
symnets.sys |
17.0.4.3 |
SymScan |
ccScanW.dll |
16.2.0.46 |
N/A |
- |
SymVT |
version.txt |
10.2.1.10 |
N/A |
- |
Titanium |
titanium.dll |
2.6.0.77 |
N/A |
- |
WLU |
LuComServerRes.dll |
3.3.203.41 |
N/A |
- |