This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.3 RU5 (14.3.8259.5000). This information supplements the information found in the Release Notes.

• New Fixes
• Component versions

Download the full release through the Broadcom Software Download Portal. For details, see Download the latest version of Endpoint Protection.

Additional fixes for 14.3 RU5 Patch 3 (14.3.8309.5000)

Symantec Endpoint Protection (Windows)

Incident ID: CRE-13369
Incident Description: High CPU usage observed in Chrome.exe or Edge.exe when Intrusion Prevention is enabled

Incident ID: CRE-13910
Incident Description: Application Control does not block additional processes if an invalid entry is encountered

Additional fixes for 14.3 RU5 Patch 2 (14.3.8296.5000)

Symantec Endpoint Protection (Windows)

Incident ID: CRE-11934
Incident Description: Unable to block USB drives that appear as a fixed disk drive to the Operating System

Incident ID: CRE-12427
Incident Description: Windows Server 2016 encounters bugcheck 0x1a on SymEFASI64.sys

Incident ID: CRE-13277
Incident Description: Cloud-managed endpoints do not retain client proxy settings during migration

Additional fixes for 14.3 RU5 Patch 1 (14.3.8282.5000)

Symantec Endpoint Protection (Windows)

Incident ID: CRE-9981
Incident Description: Get Quarantined File command from SEPM fails on files detected within archives

Incident ID: CRE-10327
Incident Description: Exceptions do not always apply properly to mounted drives on Windows Server 2019

Incident ID: CRE-10982
Incident Description: ClientSideClonePrepTool and smc -image command do not work as expected

Incident ID: CRE-11014
Incident Description: Upgrading a cloud-managed endpoint does not retain the assigned policy when a reboot is required

Incident ID: CRE-11403
Incident Description: NetApp Global File Cache and SEP installed together causes Windows Server 2019 to hang

Incident ID: CRE-11524
Incident Description: Client installation fails with certain security controls in place

Incident ID: AD-2723
Incident Description: Threat Defense for Active Directory generates false positive events from assets

Additional fixes for 14.3 RU5 Refresh (14.3.8268.5000)

Symantec Endpoint Protection (Windows)

Incident ID: CRE-10874
Incident Description: EAPOL traffic is blocked after upgrading to 14.3 RU5.

Incident ID: CRE-10918
Incident Description: ccSvcHst.exe instances launch for each user session when configured otherwise after upgrading to 14.3 RU5.

Additional fixes for 14.3 RU5 Refresh (14.3.8262.5000)

Symantec Endpoint Protection (Windows)

Incident ID: CRE-10765
Incident Description: License expired displayed on cloud-managed agents in some scenarios after upgrading to 14.3 RU5.

New fixes for 14.3 RU5 (14.3.8259.5000)

• Symantec Endpoint Protection Manager
• Symantec Endpoint Protection (Windows)
• Symantec Endpoint Protection (macOS)
• Symantec Endpoint Protection (Linux)
• Component Versions

Symantec Endpoint Protection Manager

Incident ID: CRE-6429
Incident Description: Content Distribution Monitor shows incorrect latest versions during phased releases of new content engines.

Incident ID: CRE-7465
Incident Description: Weekly Status or Executive Weekly Summary Report never displays content under “Less than 24Hrs”

Incident ID: CRE-7490
Incident Description: Centralized Exceptions policy for Linux “Also exclude subfolders” checkbox disappears after being checked

Incident ID: CRE-7760
Incident Description: “Security Alert: Suspicious Activity” intermittently triggered due to request authorization failure

Incident ID: CRE-8394
Incident Description: Intermittent LiveUpdate failure observed under constrained network conditions

Incident ID: CRE-8621
Incident Description: Windows 10 Enterprise for Virtual Desktops displays as Windows Server 2016

Incident ID: CRE-8627
Incident Description: Upgrading to the latest version with the embedded database option results in a rollback if a $ character is in the user name

Incident ID: CRE-8731
Incident Description: “Unexpected Error – Internal Server Error” observed when attempting to download a file from quarantine

Incident ID: CRE-8866
Incident Description: Synchronizing with the Integrated Cyber Defense Manager intermittently fails with a connection or certificate error message

Incident ID: CRE-8985
Incident Description: Immediately after upgrading, SONAR definitions are reported as “Out of date” in generated reports

Incident ID: CRE-9054
Incident Description: 64-bit client installation package disappears from list of available packages after upgrading

Incident ID: CRE-9072
Incident Description: Unable to add Recorder Group Exceptions for client groups that have subgroups

Incident ID: CRE-9187
Incident Description: Policy serial number intermittently updates after replication completion

Incident ID: CRE-9269
Incident Description: PolicyandClientGroupTool unable to resolve a broken link in SemGroupPolicy

Incident ID: CRE-9290
Incident Description: PolicyandClientGroupTool unable to resolve a broken link in TdadPolicy

Incident ID: CRE-9367
Incident Description: Content Distribution Monitor shows incorrect latest version for IPS signatures

Incident ID: CRE-9581
Incident Description: Audit Logs show an incorrect timestamp value when Audit Details are viewed for a specific event

Incident ID: CRE-9588
Incident Description: “Query Failed” observed and OS Information field is missing for some clients in a Computer Status Report

Incident ID: CRE-9667
Incident Description: Creating a Deception report results in being returned to the Login screen

Incident ID: CRE-9776
Incident Description: Endpoint Status Home Page is missing some Windows 10 clients

Incident ID: CRE-9970
Incident Description: 14.3 RU4 SEPM does not distribute SONAR content to 14.3 RU3 and older endpoints when the content is delivered via JDB

Symantec Endpoint Protection (Windows)

Incident ID: CRE-8222
Incident Description: IPS Audit Signatures changed from Allow to Block may result in an error message in the client logs “Failed to set a custom action for IPS signature (errcode=0x80004005).”

Incident ID: CRE-8259
Incident Description: Cloud-managed agents may encounter a LiveUpdate error when proxy settings are defined

Incident ID: CRE-8320
Incident Description: Exported scan logs sometimes show a scan duration of 0

Incident ID: CRE-8414
Incident Description: Under some conditions if a malformed policy is delivered to an endpoint, it will fail to load the policy and cease communication with the SEPM

Incident ID: CRE-8540
Incident Description: Cloud-managed agents attempting to load a policy specifically named “Allow Applications” will not honor the rules within

Incident ID: CRE-8678
Incident Description: “Windows Firewall is disabled.” Notification is triggered every 5 minutes if the Windows Integration policy is configured to notify when the Windows Firewall is disabled while also configured to disable the Windows Firewall always.

Incident ID: CRE-8922
Incident Description: Application Control condition for blocking CD/DVD writing intermittently triggers on unrelated conditions

Incident ID: CRE-8985
Incident Description: Immediately after upgrading, SONAR definitions are reported as “Out of date” in generated reports

Incident ID: CRE-9044
Incident Description: Installation rollback observed during CopyFile Action for EdrEpmpCStorage.dat

Incident ID: CRE-9166
Incident Description: Bugcheck 50 on SRTSP64.sys intermittently observed on Windows Server 2012

Incident ID: CRE-9305
Incident Description: Scan results inconsistently logged as “Scan Completed” instead of “Scan Aborted” when a scan is interrupted

Incident ID: CRE-9356
Incident Description: Event ID 80: “Symantec Endpoint Protection has failed to load the latest virus definitions.” Intermittently observed even though definitions are up-to-date

Incident ID: CRE-9496
Incident Description: Outlook Auto-Protect is malfunctioning error observed after modifying an existing installation via command line and changing the case sensitivity of the path

Incident ID: CRE-9657
Incident Description: Powershell commands sometimes trigger OneDrive synchronization

Incident ID: CRE-9694
Incident Description: Malware Protection displays an incorrect version in the Integrated Cyber Defense Manager console even though the endpoint is already up-to-date

Incident ID: CRE-9749
Incident Description: Active Directory Gateway Topology is not uploaded to the Integrated Cyber Defense Manager

Incident ID: CRE-9866
Incident Description: Threat Defense for Active Directory text is corrupt for Japanese endpoints

Incident ID: CRE-9923
Incident Description: Clients switching from one site to another site do not send operational status immediately after switching

Incident ID: CRE-9925
Incident Description: Intermittent system hang observed on SymEFASI64.sys and Windows Server 2016

Incident ID: CRE-9937
Incident Description: ccSvcHst.exe crash observed under certain low memory conditions

Incident ID: CRE-10028
Incident Description: Large number of masked domain admin accounts incorrectly returned to Threat Defense for Active Directory

Incident ID: CRE-10158
Incident Description: Bugcheck 139 on IRONx64.sys observed intermittently

Incident ID: CRE-10206
Incident Description: ccSvcHst.exe crash observed on Traditional Chinese language endpoints during full scan

Incident ID: CRE-10243
Incident Description: Application Control policies containing a large number of rules using multiple MD5 hashes impacts file share performance

Incident ID: CRE-10258
Incident Description: ccSvcHst.exe crash observed intermittently on Windows Server 2022

Incident ID: CRE-10355
Incident Description: Imported Application and Device Control rule into a Custom Application Behavior rule does not log USB writes as expected

Incident ID: CRE-10376
Incident Description: System Lockdown does not work on some Windows 7 endpoints when configured to “Log Unapproved Applications” while in “Allow Mode”

Incident ID: CRE-10463
Incident Description: System Lockdown whitelist does not work as expected for applications defined using SHA256

Symantec Endpoint Protection (macOS)

Incident ID: CRE-7401
Incident Description: Installation pushed from Client Download Wizard with silent flag results in a requirement to authorize the system extension even though MDM pre-approvals are in place

Incident ID: CRE-8282
Incident Description: “Pending…” dialog hung on screen after upgrading to a newer version

Incident ID: CRE-8623
Incident Description: Unable to mirror screen to Apple TV via AirPlay

Incident ID: CRE-8891
Incident Description: System extension crash observed when the firewall policy contains firewall rules with >20 IP ranges

Symantec Endpoint Protection (Linux)

Incident ID: CRE-8436
Incident Description: Error message observed in audit log: “auditd[1138]: Skpping line 8 in /etc/audit/plugins.d//sisaudisp.conf: too long”

Incident ID: CRE-9183
Incident Description: Intermittent CAFAgent crash observed during startup

Incident ID: CRE-9725
Incident Description: Intermittent crash observed during uninstallation or when running getagentinfo script

Component Versions

The build number for this release is 14.3.8259.5000. 

Red text indicates components that have updated for this release.