Endpoint Protection Application Control policy fails to apply to client

book

Article ID: 208495

calendar_today

Updated On:

Products

Endpoint Security Complete Endpoint Protection

Issue/Introduction

Policy fails to apply to the client server due to failed CAF agent enrollment. This causes executables to run without restrictions.

Cause

There is a known issue with SEP 14.3 MP1 where the bootstrap is causing blocks to the enrollment server.

[|] 2021-01-16 09:16:59 | cafservice.SAEPErrorHandling | Error | 8688 : 9200 : caf::SAEPErrorHandling::HandleErrorImpl:229 | Error code :401 , in Bootstrap
[|] 2021-01-16 09:16:59 | cafservice.SAEPErrorHandling | Error | 8688 : 9200 : caf::SAEPErrorHandling::HandleErrorImpl:230 | Error details: {"0":

{"0":"ProxyModeDisabled (16)","1":"HttpErrorCodes: Unauthorized (401)"}

,"1":

{"0":"ProxyModeDisabled (16)","1":"HttpErrorCodes: Unauthorized (401)"}

,"2":

{"0":"ProxyModeAutoDetect (2)","1":"HttpErrorCodes: Unauthorized (401)"}

,"3":{"0":"ProxyModeDefault (8)","1":"HttpErrorCodes: Unauthorized (401)"}}
[|] 2021-01-16 09:16:59 | cafservice.SAEPErrorHandling | Error | 8688 : 9200 : caf::SAEPErrorHandling::HandleErrorImpl:289 | Unauthorized communication, error message:Unauthorized

Environment

Symantec Endpoint Protection (SEP) 14.3 MP1

Resolution

Upgrade SEP client to 14.3 RU1 

Workaround:

1. Delete the CAFStorage.ini file  (C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\Common Agent Framework\CAFStorage.ini)

2. Restart the CAF service to trigger the CAF agent enrollment.

3. Check to see if the CAFStorage.ini file was recreated in the directory.

4. Check the App Control portal to verify the agent status is reporting as 'installed'.