search cancel

New fixes and component versions in Symantec Endpoint Protection 14.3 RU5

book

Article ID: 243971

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.3 RU5 (14.3.8259.5000). This information supplements the information found in the Release Notes.

  • New Fixes
  • Component versions


Download the full release through the Broadcom Software Download Portal. For details, see Download the latest version of Endpoint Protection.

Resolution

Additional fixes for 14.3 RU5 Refresh (14.3.8268.5000)

Symantec Endpoint Protection (Windows)


Incident ID: CRE-10874
Incident Description: EAPOL traffic is blocked after upgrading to 14.3 RU5.

Incident ID: CRE-10918
Incident Description: ccSvcHst.exe instances launch for each user session when configured otherwise after upgrading to 14.3 RU5.


Additional fixes for 14.3 RU5 Refresh (14.3.8262.5000)

Symantec Endpoint Protection (Windows)


Incident ID: CRE-10765
Incident Description: License expired displayed on cloud-managed agents in some scenarios after upgrading to 14.3 RU5.



New fixes for 14.3 RU5 (14.3.8259.5000)

Symantec Endpoint Protection Manager


Incident ID: CRE-6429
Incident Description: Content Distribution Monitor shows incorrect latest versions during phased releases of new content engines.

Incident ID: CRE-7465
Incident Description: Weekly Status or Executive Weekly Summary Report never displays content under “Less than 24Hrs”

Incident ID: CRE-7490
Incident Description: Centralized Exceptions policy for Linux “Also exclude subfolders” checkbox disappears after being checked

Incident ID: CRE-7760
Incident Description: “Security Alert: Suspicious Activity” intermittently triggered due to request authorization failure

Incident ID: CRE-8394
Incident Description: Intermittent LiveUpdate failure observed under constrained network conditions

Incident ID: CRE-8621
Incident Description: Windows 10 Enterprise for Virtual Desktops displays as Windows Server 2016

Incident ID: CRE-8627
Incident Description: Upgrading to the latest version with the embedded database option results in a rollback if a $ character is in the user name

Incident ID: CRE-8731
Incident Description: “Unexpected Error – Internal Server Error” observed when attempting to download a file from quarantine

Incident ID: CRE-8866
Incident Description: Synchronizing with the Integrated Cyber Defense Manager intermittently fails with a connection or certificate error message

Incident ID: CRE-8985
Incident Description: Immediately after upgrading, SONAR definitions are reported as “Out of date” in generated reports

Incident ID: CRE-9054
Incident Description: 64-bit client installation package disappears from list of available packages after upgrading

Incident ID: CRE-9072
Incident Description: Unable to add Recorder Group Exceptions for client groups that have subgroups

Incident ID: CRE-9187
Incident Description: Policy serial number intermittently updates after replication completion

Incident ID: CRE-9269
Incident Description: PolicyandClientGroupTool unable to resolve a broken link in SemGroupPolicy

Incident ID: CRE-9290
Incident Description: PolicyandClientGroupTool unable to resolve a broken link in TdadPolicy

Incident ID: CRE-9367
Incident Description: Content Distribution Monitor shows incorrect latest version for IPS signatures

Incident ID: CRE-9581
Incident Description: Audit Logs show an incorrect timestamp value when Audit Details are viewed for a specific event

Incident ID: CRE-9588
Incident Description: “Query Failed” observed and OS Information field is missing for some clients in a Computer Status Report

Incident ID: CRE-9667
Incident Description: Creating a Deception report results in being returned to the Login screen

Incident ID: CRE-9776
Incident Description: Endpoint Status Home Page is missing some Windows 10 clients

Incident ID: CRE-9970
Incident Description: 14.3 RU4 SEPM does not distribute SONAR content to 14.3 RU3 and older endpoints when the content is delivered via JDB

 

Symantec Endpoint Protection (Windows)


Incident ID: CRE-8222
Incident Description: IPS Audit Signatures changed from Allow to Block may result in an error message in the client logs “Failed to set a custom action for IPS signature (errcode=0x80004005).”

Incident ID: CRE-8259
Incident Description: Cloud-managed agents may encounter a LiveUpdate error when proxy settings are defined

Incident ID: CRE-8320
Incident Description: Exported scan logs sometimes show a scan duration of 0

Incident ID: CRE-8414
Incident Description: Under some conditions if a malformed policy is delivered to an endpoint, it will fail to load the policy and cease communication with the SEPM

Incident ID: CRE-8540
Incident Description: Cloud-managed agents attempting to load a policy specifically named “Allow Applications” will not honor the rules within

Incident ID: CRE-8678
Incident Description: “Windows Firewall is disabled.” Notification is triggered every 5 minutes if the Windows Integration policy is configured to notify when the Windows Firewall is disabled while also configured to disable the Windows Firewall always.

Incident ID: CRE-8922
Incident Description: Application Control condition for blocking CD/DVD writing intermittently triggers on unrelated conditions

Incident ID: CRE-8985
Incident Description: Immediately after upgrading, SONAR definitions are reported as “Out of date” in generated reports

Incident ID: CRE-9044
Incident Description: Installation rollback observed during CopyFile Action for EdrEpmpCStorage.dat

Incident ID: CRE-9166
Incident Description: Bugcheck 50 on SRTSP64.sys intermittently observed on Windows Server 2012

Incident ID: CRE-9305
Incident Description: Scan results inconsistently logged as “Scan Completed” instead of “Scan Aborted” when a scan is interrupted

Incident ID: CRE-9356
Incident Description: Event ID 80: “Symantec Endpoint Protection has failed to load the latest virus definitions.” Intermittently observed even though definitions are up-to-date

Incident ID: CRE-9496
Incident Description: Outlook Auto-Protect is malfunctioning error observed after modifying an existing installation via command line and changing the case sensitivity of the path

Incident ID: CRE-9657
Incident Description: Powershell commands sometimes trigger OneDrive synchronization

Incident ID: CRE-9694
Incident Description: Malware Protection displays an incorrect version in the Integrated Cyber Defense Manager console even though the endpoint is already up-to-date

Incident ID: CRE-9749
Incident Description: Active Directory Gateway Topology is not uploaded to the Integrated Cyber Defense Manager

Incident ID: CRE-9866
Incident Description: Threat Defense for Active Directory text is corrupt for Japanese endpoints

Incident ID: CRE-9923
Incident Description: Clients switching from one site to another site do not send operational status immediately after switching

Incident ID: CRE-9925
Incident Description: Intermittent system hang observed on SymEFASI64.sys and Windows Server 2016

Incident ID: CRE-9937
Incident Description: ccSvcHst.exe crash observed under certain low memory conditions

Incident ID: CRE-10028
Incident Description: Large number of masked domain admin accounts incorrectly returned to Threat Defense for Active Directory

Incident ID: CRE-10158
Incident Description: Bugcheck 139 on IRONx64.sys observed intermittently on Windows Server 2012

Incident ID: CRE-10206
Incident Description: ccSvcHst.exe crash observed on Traditional Chinese language endpoints during full scan

Incident ID: CRE-10243
Incident Description: Application Control policies containing a large number of rules using multiple MD5 hashes impacts file share performance

Incident ID: CRE-10258
Incident Description: ccSvcHst.exe crash observed intermittently on Windows Server 2022

Incident ID: CRE-10355
Incident Description: Imported Application and Device Control rule into a Custom Application Behavior rule does not log USB writes as expected

Incident ID: CRE-10376
Incident Description: System Lockdown does not work on some Windows 7 endpoints when configured to “Log Unapproved Applications” while in “Allow Mode”

Incident ID: CRE-10463
Incident Description: System Lockdown whitelist does not work as expected for applications defined using SHA256

 

Symantec Endpoint Protection (macOS)


Incident ID: CRE-7401
Incident Description: Installation pushed from Client Download Wizard with silent flag results in a requirement to authorize the system extension even though MDM pre-approvals are in place

Incident ID: CRE-8282
Incident Description: “Pending…” dialog hung on screen after upgrading to a newer version

Incident ID: CRE-8623
Incident Description: Unable to mirror screen to Apple TV via AirPlay

Incident ID: CRE-8891
Incident Description: System extension crash observed when the firewall policy contains firewall rules with >20 IP ranges

 

Symantec Endpoint Protection (Linux)


Incident ID: CRE-8436
Incident Description: Error message observed in audit log: “auditd[1138]: Skpping line 8 in /etc/audit/plugins.d//sisaudisp.conf: too long”

Incident ID: CRE-9183
Incident Description: Intermittent CAFAgent crash observed during startup

Incident ID: CRE-9725
Incident Description: Intermittent crash observed during uninstallation or when running getagentinfo script

 

 

Component Versions

The build number for this release is 14.3.8259.5000. 

Red text indicates components that have updated for this release.

Component

DLL File

DLL Version

SYS File

SYS Version

AutoProtect

srtsp64.dll

16.1.0.305

srtsp64.sys

16.1.0.304

BASH Defs

BHEngine.dll

Seq#= 20220421.021

12.4.0.118

BHDrvx64.sys

12.4.0.118

BASH Framework

BHClient.dll

12.4.0.121

N/A

-

CC

ccLib.dll

17.3.0.67

ccSetx64.sys

17.3.0.48

CIDS Defs

IDSxpx86.dll

Seq#= 20220525.091

17.2.8.10

IDSviA64.sys

17.2.8.10

CIDS Framework

IDSAux.dll

17.2.7.57

N/A

-

CP3

version.txt

3.1.1.31

N/A

-

CX

cx_lib.dll

3.2.0.93

N/A

-

ConMan

version.txt

3.3.4.129

N/A

-

D2D

version.txt

1.2.1.5

N/A

-

D2D_Latest

version.txt

1.5.0.81

N/A

-

DefUtils

DefUtDCD.dll

5.4.0.230

N/A

-

DuLuCallback

DuLuCbk.dll

1.13.1.26

N/A

-

DuLuxCallback

duluxcallback.dll

2.15.0.7

N/A

-

ERASER

cceraser.dll

119.1.4.18

eraser64.sys

119.1.4.18

IRON

Iron.dll

9.2.0.61

Ironx64.sys

9.2.0.58

LUX

Lux.dll

4.2.1.23

   

LiveUpdate

LUEng.dll

2.9.0.35

N/A

-

MicroDefs

patch25d.dll

6.2.3.63

N/A

-

SDS Engine

sds_engine_x86.dll

Seq#= 20220611.007

1.18.0.95

N/A

-

SEF Defs

speng32.dll

1.8.0.519

symevnt32.sys

1.8.0.502

SIS

SIS.dll

14.3.21017.5000

N/A

-

STIC Defs

stic.dll

Seq#= 20220610.001

3.6.3.503

N/A

-

STIC Framework

sticprxy.dll

3.6.3.503

 

 

SymDS

DSCli.dll

6.8.0.39

N/A

-

SymEFA

EFACli64.dll

7.5.0.82

SymEFASI64.sys

7.5.0.80

SymELAM

ELAMCli.dll

2.5.0.56

SymELAM.sys

2.5.0.54

SymEvent

Sevntx64.exe

14.0.9.35

SymEvent.sys

14.0.9.33

SymNetDrv

SNDSvc.dll

17.2.0.106

symnets.sys

17.2.0.106

SymScan

ccScanW.dll

16.4.0.70

N/A

-

SymVT

version.txt

10.2.1.10

N/A

-

Titanium

titanium.dll

2.6.0.77

N/A

-

WLU

LuComServerRes.dll

3.3.203.41

N/A

-