Incident ID: CRE-8259
Incident Description: Cloud-managed agents may encounter a LiveUpdate error when proxy settings are defined
Incident ID: CRE-9044
Incident Description: Installation rollback observed during CopyFile Action for EdrEpmpCStorage.dat
Incident ID: CRE-9923
Incident Description: Clients switching from one site to another site do not send operational status immediately after switching
Incident ID: CRE-9937
Incident Description: ccSvcHst.exe crash observed under certain low memory conditions
Symantec Data Center Security and Cloud Workload Protection agents are left in a disabled state after upgrading to SEP 14.3 RU4
Fix ID: ESCRT-9230
Symptoms: DCS and CWP drivers are missing and agent services are left in a disabled state after upgrading the SEP agent to 14.3 RU4 (14.3.7388.4000).
Solution: Corrected an issue that prevented the SEP agent from properly filtering DCS/CWP services during upgrade.
Symantec Endpoint Protection Manager AD-sync groups are no longer able to sync
Fix ID: ESCRT-6185
Symptoms: SEPM is no longer able to sync Active Directory synchronized groups.
Solution: Improved handling for certain status codes returned during sync requests.
SEPLinux clients appear in the ICDm Console as a single endpoint
Fix ID: ESCRT-6647
Symptoms: SEPLinux clients sometimes appear as a single endpoint after installation in the Integrated Cyber Defense Manager Console.
Solution: Updated the SEPLinux client to read client identifiers from a new location for cloud-managed endpoints.
SEPLinux disable repo flag does not prevent the endpoint from attempting repo access
Fix ID: ESCRT-7070
Symptoms: SEPLinux client installations with the –disable-repo flag still attempt to contact the client repositories.
Solution: Updated SEPLinux client installation scripts to properly disable repo functionality when the –disable-repo parameter is passed.
DHCP release observed when SymErr.exe is executed on Citrix servers
Fix ID: ESCRT-7202
Symptoms: Citrix servers intermittently observe a network connection reset with SEP client telemetry enabled and a scheduled submission event occurs.
Solution: Resolved a case where ping submissions could fail, which resulted in the endpoint attempting to rectify potential network connection issues.
Symantec Endpoint Protection Manager limited administrator is unable to export installation packages
Fix ID: ESCRT-7236
Symptoms: SEPM limited administrators are unable to export installation packages with Group restrictions.
Solution: Resolved an exception that was occurring when Group restrictions were present.
SEPLinux kernel log displays the error ‘sisap: module verification failed’
Fix ID: ESCRT-7265
Symptoms: SEPLinux cosmetic error observed within client logging after installation.
Solution: Updated module loading sequence for SISAP to resolve the error message.
Symantec Endpoint Protection Manager database compression step encounters an error during completion
Fix ID: ESCRT-7552
Symptoms: SEPM database compression during upgrade may encounter an error when enabling table compression if FG_Index size limit it reached.
Solution: Increased database file sizes prior to beginning database compression if they are set to default values. Added a configurable conf.properties value to skip database compression.
Symantec Endpoint Protection Manager command to upload files from quarantine encounters an error
Fix ID: ESCRT-7594
Symptoms: SEPM command ‘Get Suspicious File’ fails when an & symbol is in the file path.
Solution: Updated the format content of the file path so that & symbols are converted properly.
Intermittent error observed when downloading large executables with Microsoft Internet Explorer
Fix ID: ESCRT-7619
Symptoms: Race condition can result in download failures for large executables.
Solution: Improved handling of .partial files created by Internet Explorer for large executables.
Large number of ARP requests observed when Peer-to-Peer authentication is enabled
Fix ID: ESCRT-7729
Symptoms: Enabling Peer-to-Peer authentication results in a large number of ARP requests in certain network configurations.
Solution: P2P authentication requests are no longer sent when the destination IP is multicast.
ccSubSDK folder size continuously increases when connected to Endpoint Detection and Response
Fix ID: ESCRT-7730
Symptoms: ccSubSDK folder size continuously increases when in a dark network and connected to EDR.
Solution: Removed client authentication token requirement when only reputation is enabled.
Clients fail to register with the Symantec Endpoint Protection Manager when connected over VPN
Fix ID: ESCRT-7751
Symptoms: Clients may fail to register with the SEPM when there is no physical adapter present.
Solution: Client registration now evaluates non-physical adapters.
Clients display Proactive Threat Protection is malfunctioning error after upgrading to 14.3 RU2
Fix ID: ESCRT-7787
Symptoms: ‘Proactive Threat Protection is malfunctioning.’ error observed on some endpoints after upgrading to 14.3 RU2.
Solution: Resolved a disk latency check failure which was delaying the load of Proactive Threat Protection modules.
Client definitions do not update until a service restart
Fix ID: ESCRT-7804
Symptoms: SEP client definitions are not updated until the next available content is download or a restart.
Solution: Corrected an intermittent issue that prevented content from updating until a system reboot or service restart.
Unable to delete Symantec Endpoint Protection Manager limited administrator accounts
Fix ID: ESCRT-7854
Symptoms: SEPM administrator accounts are unable to be deleted when attempting to keep any existing reports they have created.
Solution: Resolved an issue that prevented administrator accounts from being deleted when they contain a filter with a name greater than 255 characters.
Network Provider order list does not load with SEP installed
Fix ID: ESCRT-7909
Symptoms: Windows Server 2019 is unable to display the Network Provider order.
Solution: Fixed a defect that left behind a Symantec Network Access Control artifact on upgrade.
Symantec Endpoint Protection Manager Client Inventory report cannot be saved
Fix ID: ESCRT-7988
Symptoms: Attempting to save a Client Inventory report results in a 0KB file.
Solution: Resolved an evaluation issue that happened with certain file paths when saving.
ccSvcHst.exe exception observed with tse.dll
Fix ID: ESCRT-8023
Symptoms: Rare exception observed in ccSvcHst.exe on Windows Server 2008 R2.
Solution: Corrected a memory allocation failure in traffic shaping engine.
All users are not able to disable the client firewall
Fix ID: ESCRT-8080
Symptoms: Disable Network Threat Protection is unavailable even though the ICDm policy is set to allow all users to disable the firewall.
Solution: Corrected an issue in the client policy configuration handler.
Symantec Endpoint Protection Manager cloud enrollment does not complete
Fix ID: ESCRT-8104
Symptoms: BridgeUploaderSrv.exe encounters an exception during SEPM enrollment with the cloud console.
Solution: Resolved a proxy handling issue with certain characters in the user name field.
Symantec Endpoint Protection Manager Deception policy does not apply successfully
Fix ID: ESCRT-8122
Symptoms: An error ‘There is no file extension in “C:\Program”.’ is displayed after attempting to apply the Process Termination deception policy.
Solution: Updated the default deception policies to correct a character conversion issue.
Symantec Endpoint Protection Manager external logging displays event id instead of description for EDR events
Fix ID: ESCRT-8191
Symptoms: EDR event IDs are displayed instead of the description of the event for SEPM external logging.
Solution: Added the missing description information that resulted in the event ID displaying.
ccSvcHst.exe exception observed with ucrtbase.dll
Fix ID: ESCRT-8192
Symptoms: Japanese language endpoints observe an intermittent exception with ccSvcHst.exe.
Solution: Corrected a string conversion issue with certain Japanese characters.
Bugcheck 9e observed on Windows Server 2012 R2
Fix ID: ESCRT-8212
Symptoms: Intermittent system exception observed on Windows Server 2012 R2 clusters.
Solution: Resolved a rare deadlock that can be encountered by the Auto-Protect driver.
Symantec Endpoint Protection Manager Computer Status logs are missing Operating System details
Fix ID: ESCRT-8247
Symptoms: Operating System details are missing for some platforms in the Computer Status logs.
Solution: Added the missing platform information for macOS versions.
Client communication with the Symantec Endpoint Protection Manager is prevented
Fix ID: ESCRT-8256
Symptoms: When SAM account name and UPN logon name are not the same, client communication is impacted.
Solution: Added a toggle to conf.poperties to change the login method.
Symantec Endpoint Protection Manager enrollment with ICDm Cloud Console is unable to complete
Fix ID: ESCRT-8351
Symptoms: SEPM enrollment when using NTLM proxy authentication is unable to complete.
Solution: Fixed a defect that resulted in proxy settings skipping NTLM authentication.
Client groups are missing after enrolling with the ICDm Cloud Console
Fix ID: ESCRT-8358
Symptoms: Client groups are only visible in the SEPM after enrolling with the ICDm Cloud Console.
Solution: Updated a query so that all elements are included.
Virtual Image Exception tool does not work with Nutanix Virtualization Platform
Fix ID: ESCRT-8374
Symptoms: VIETool encounters the error ‘Cannot determine if quarantine is empty: Unable to get quarantine directory’.
Solution: Updated VIETool manifest to identify required inclusions.
Location Switching criteria for logged in user does not switch locations as expected
Fix ID: ESCRT-8418
Symptoms: ALS criteria based on logged in user does not switch as expected.
Solution: Updated location switching weighting when two locations match the same condition.
SQLPS.exe exception observed with symamsi.dll
Fix ID: ESCRT-8712
Symptoms: Intermittent SQLPS.exe exception observed with Symantec Antimalware Scan Interface enabled.
Solution: Resolved an exception that can occur when symamsi is unable to locate a required resource.
Symantec Endpoint Protection Manager is unable to display Licenses page
Fix ID: ESCRT-8811
Symptoms: Japanese language SEPM is unable to load the Licenses pane.
Solution: Updated manifest to include the location of a required resource for localized SEPM versions.
RESTAPI connection is no longer possible after upgrading to 14.3 RU3
Fix ID: ESCRT-8880
Symptoms: SEPM RESTAPI connections encounter an exception during certificate evaluation.
Solution: Added a conf.properties configuration to enable complete certificate validation.
Symantec Endpoint Protection Manager upgrade to 14.3 RU3 encounters an error
Fix ID: ESCRT-8900
Symptoms: SEPM upgrade to 14.3 RU3 encounters the error ‘Failed to install Management Server webserver service. You should restart your computer and try again.’.
Solution: Updated FIPS mode script logic to resolve an unset variable issue.