Symantec Endpoint Protection (SEP) client users may see the following Status message on the Help > Troubleshooting > Web and Cloud Access Protection page: "Warning: Using CTCv1 (missing enrollment token)"
This occurs in the following situations:
1. On SEP clients 14.3 RU7 that you upgraded from an earlier version.
2. If you assigned a WSS V1 token in the Web and Cloud Access Protection policy (SEPM or ICDm) for 14.3 RU7 clients.
3. The Cloud SWG portal > WSS Agent Configuration > Block legacy CTC communications checkbox is disabled.
Only updated CTC communications are allowed from SEP clients to Cloud SWG. When this option is enabled, SEP clients must use enhanced CTC (CTCv2) communications to connect to Cloud SWG.
The SEP client enrollment token is not included with upgrade installations, which results in the warning.
In this state, enhanced CTC (CTCv2) does not function, even though it is supported on SEP clients 14.3 RU7.
To eliminate the warning, enable the SEP clients to use CTCv2.
Do one of the following tasks:
1) In the SEPM or ICDm Web and Cloud Access Protection policy, add a new CTCv2 token from the Cloud SWG portal.
Note: If you run a SEPM 14.3 RU6 with 14.3 RU7 clients, you can ignore the status message. However, you cannot disable legacy CTCv1 communications until you upgrade SEPM to RU7 or later.
2) Instead of an upgrade, uninstall the SEP 14.3 RU6 or earlier client and perform a fresh install of the SEP 14.3 RU7 or later client.
The fresh install triggers the installation of the enrollment token, which is necessary for enhanced CTC.
3) Upgrade the WSS token from V1 to V2. WSS V2 is not supported on 14.3 RU6 and earlier.
The message does not impact normal SEP client functionality.
However, it does prevent the ability to use new enhanced CTC services. Therefore, you should NOT enable the "Block legacy CTC communications" option in the Cloud SWG portal until ALL of your SEP clients connect to the service.