This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.3 RU4 (14.3.7388.4000). This information supplements the information found in the Release Notes.

• New Fixes
• Component versions

Download the full release through the Broadcom Software Download Portal. For details, see Download the latest version of Endpoint Protection.

Additional fixes for 14.3 RU4 Patch 1 (14.3.7411.4000)

Symantec Endpoint Protection (Windows)

Incident ID: CRE-8259
Incident Description: Cloud-managed agents may encounter a LiveUpdate error when proxy settings are defined

Incident ID: CRE-9044
Incident Description: Installation rollback observed during CopyFile Action for EdrEpmpCStorage.dat

Incident ID: CRE-9923
Incident Description: Clients switching from one site to another site do not send operational status immediately after switching

Incident ID: CRE-9937
Incident Description: ccSvcHst.exe crash observed under certain low memory conditions

Additional fixes for 14.3 RU4 Refresh (14.3.7393.4000)

Symantec Data Center Security and Cloud Workload Protection agents are left in a disabled state after upgrading to SEP 14.3 RU4

Fix ID: ESCRT-9230

Symptoms: DCS and CWP drivers are missing and agent services are left in a disabled state after upgrading the SEP agent to 14.3 RU4 (14.3.7388.4000).

Solution: Corrected an issue that prevented the SEP agent from properly filtering DCS/CWP services during upgrade.

New fixes for 14.3 RU4 (14.3.7388.4000)

Symantec Endpoint Protection Manager AD-sync groups are no longer able to sync

Fix ID: ESCRT-6185

Symptoms: SEPM is no longer able to sync Active Directory synchronized groups.

Solution: Improved handling for certain status codes returned during sync requests.

SEPLinux clients appear in the ICDm Console as a single endpoint

Fix ID: ESCRT-6647

Symptoms: SEPLinux clients sometimes appear as a single endpoint after installation in the Integrated Cyber Defense Manager Console.

Solution: Updated the SEPLinux client to read client identifiers from a new location for cloud-managed endpoints.

SEPLinux disable repo flag does not prevent the endpoint from attempting repo access

Fix ID: ESCRT-7070

Symptoms: SEPLinux client installations with the –disable-repo flag still attempt to contact the client repositories.

Solution: Updated SEPLinux client installation scripts to properly disable repo functionality when the –disable-repo parameter is passed.

DHCP release observed when SymErr.exe is executed on Citrix servers

Fix ID: ESCRT-7202

Symptoms: Citrix servers intermittently observe a network connection reset with SEP client telemetry enabled and a scheduled submission event occurs.

Solution: Resolved a case where ping submissions could fail, which resulted in the endpoint attempting to rectify potential network connection issues.

Symantec Endpoint Protection Manager limited administrator is unable to export installation packages

Fix ID: ESCRT-7236

Symptoms: SEPM limited administrators are unable to export installation packages with Group restrictions.

Solution: Resolved an exception that was occurring when Group restrictions were present.

SEPLinux kernel log displays the error ‘sisap: module verification failed’

Fix ID: ESCRT-7265

Symptoms: SEPLinux cosmetic error observed within client logging after installation.

Solution: Updated module loading sequence for SISAP to resolve the error message.

Symantec Endpoint Protection Manager database compression step encounters an error during completion

Fix ID: ESCRT-7552

Symptoms: SEPM database compression during upgrade may encounter an error when enabling table compression if FG_Index size limit it reached.

Solution: Increased database file sizes prior to beginning database compression if they are set to default values. Added a configurable conf.properties value to skip database compression.

Symantec Endpoint Protection Manager command to upload files from quarantine encounters an error

Fix ID: ESCRT-7594

Symptoms: SEPM command ‘Get Suspicious File’ fails when an & symbol is in the file path.

Solution: Updated the format content of the file path so that & symbols are converted properly.

Intermittent error observed when downloading large executables with Microsoft Internet Explorer

Fix ID: ESCRT-7619

Symptoms: Race condition can result in download failures for large executables.

Solution: Improved handling of .partial files created by Internet Explorer for large executables.

Large number of ARP requests observed when Peer-to-Peer authentication is enabled

Fix ID: ESCRT-7729

Symptoms: Enabling Peer-to-Peer authentication results in a large number of ARP requests in certain network configurations.

Solution: P2P authentication requests are no longer sent when the destination IP is multicast.

ccSubSDK folder size continuously increases when connected to Endpoint Detection and Response

Fix ID: ESCRT-7730

Symptoms: ccSubSDK folder size continuously increases when in a dark network and connected to EDR.

Solution: Removed client authentication token requirement when only reputation is enabled.

Clients fail to register with the Symantec Endpoint Protection Manager when connected over VPN

Fix ID: ESCRT-7751

Symptoms: Clients may fail to register with the SEPM when there is no physical adapter present.

Solution: Client registration now evaluates non-physical adapters.

Clients display Proactive Threat Protection is malfunctioning error after upgrading to 14.3 RU2

Fix ID: ESCRT-7787

Symptoms: ‘Proactive Threat Protection is malfunctioning.’ error observed on some endpoints after upgrading to 14.3 RU2.

Solution: Resolved a disk latency check failure which was delaying the load of Proactive Threat Protection modules.

Client definitions do not update until a service restart

Fix ID: ESCRT-7804

Symptoms: SEP client definitions are not updated until the next available content is download or a restart.

Solution: Corrected an intermittent issue that prevented content from updating until a system reboot or service restart.

Unable to delete Symantec Endpoint Protection Manager limited administrator accounts

Fix ID: ESCRT-7854

Symptoms: SEPM administrator accounts are unable to be deleted when attempting to keep any existing reports they have created.

Solution: Resolved an issue that prevented administrator accounts from being deleted when they contain a filter with a name greater than 255 characters.

Network Provider order list does not load with SEP installed

Fix ID: ESCRT-7909

Symptoms: Windows Server 2019 is unable to display the Network Provider order.

Solution: Fixed a defect that left behind a Symantec Network Access Control artifact on upgrade.

Symantec Endpoint Protection Manager Client Inventory report cannot be saved

Fix ID: ESCRT-7988

Symptoms: Attempting to save a Client Inventory report results in a 0KB file.

Solution: Resolved an evaluation issue that happened with certain file paths when saving.

ccSvcHst.exe exception observed with tse.dll

Fix ID: ESCRT-8023

Symptoms: Rare exception observed in ccSvcHst.exe on Windows Server 2008 R2.

Solution: Corrected a memory allocation failure in traffic shaping engine.

All users are not able to disable the client firewall

Fix ID: ESCRT-8080

Symptoms: Disable Network Threat Protection is unavailable even though the ICDm policy is set to allow all users to disable the firewall.

Solution: Corrected an issue in the client policy configuration handler.

Symantec Endpoint Protection Manager cloud enrollment does not complete

Fix ID: ESCRT-8104

Symptoms: BridgeUploaderSrv.exe encounters an exception during SEPM enrollment with the cloud console.

Solution: Resolved a proxy handling issue with certain characters in the user name field.

Symantec Endpoint Protection Manager Deception policy does not apply successfully

Fix ID: ESCRT-8122

Symptoms: An error ‘There is no file extension in “C:\Program”.’ is displayed after attempting to apply the Process Termination deception policy.

Solution: Updated the default deception policies to correct a character conversion issue.

Symantec Endpoint Protection Manager external logging displays event id instead of description for EDR events

Fix ID: ESCRT-8191

Symptoms: EDR event IDs are displayed instead of the description of the event for SEPM external logging.

Solution: Added the missing description information that resulted in the event ID displaying.

ccSvcHst.exe exception observed with ucrtbase.dll

Fix ID: ESCRT-8192

Symptoms: Japanese language endpoints observe an intermittent exception with ccSvcHst.exe.

Solution: Corrected a string conversion issue with certain Japanese characters.

Bugcheck 9e observed on Windows Server 2012 R2

Fix ID: ESCRT-8212

Symptoms: Intermittent system exception observed on Windows Server 2012 R2 clusters.

Solution: Resolved a rare deadlock that can be encountered by the Auto-Protect driver.

Symantec Endpoint Protection Manager Computer Status logs are missing Operating System details

Fix ID: ESCRT-8247

Symptoms: Operating System details are missing for some platforms in the Computer Status logs.

Solution: Added the missing platform information for macOS versions.

Client communication with the Symantec Endpoint Protection Manager is prevented

Fix ID: ESCRT-8256

Symptoms: When SAM account name and UPN logon name are not the same, client communication is impacted.

Solution: Added a toggle to conf.poperties to change the login method.

Symantec Endpoint Protection Manager enrollment with ICDm Cloud Console is unable to complete

Fix ID: ESCRT-8351

Symptoms: SEPM enrollment when using NTLM proxy authentication is unable to complete.

Solution: Fixed a defect that resulted in proxy settings skipping NTLM authentication.

Client groups are missing after enrolling with the ICDm Cloud Console

Fix ID: ESCRT-8358

Symptoms: Client groups are only visible in the SEPM after enrolling with the ICDm Cloud Console.

Solution: Updated a query so that all elements are included.

Virtual Image Exception tool does not work with Nutanix Virtualization Platform

Fix ID: ESCRT-8374

Symptoms: VIETool encounters the error ‘Cannot determine if quarantine is empty: Unable to get quarantine directory’.

Solution: Updated VIETool manifest to identify required inclusions.

Location Switching criteria for logged in user does not switch locations as expected

Fix ID: ESCRT-8418

Symptoms: ALS criteria based on logged in user does not switch as expected.

Solution: Updated location switching weighting when two locations match the same condition.

SQLPS.exe exception observed with symamsi.dll

Fix ID: ESCRT-8712

Symptoms: Intermittent SQLPS.exe exception observed with Symantec Antimalware Scan Interface enabled.

Solution: Resolved an exception that can occur when symamsi is unable to locate a required resource.

Symantec Endpoint Protection Manager is unable to display Licenses page

Fix ID: ESCRT-8811

Symptoms: Japanese language SEPM is unable to load the Licenses pane.

Solution: Updated manifest to include the location of a required resource for localized SEPM versions.

RESTAPI connection is no longer possible after upgrading to 14.3 RU3

Fix ID: ESCRT-8880

Symptoms: SEPM RESTAPI connections encounter an exception during certificate evaluation.

Solution: Added a conf.properties configuration to enable complete certificate validation.

Symantec Endpoint Protection Manager upgrade to 14.3 RU3 encounters an error

Fix ID: ESCRT-8900

Symptoms: SEPM upgrade to 14.3 RU3 encounters the error ‘Failed to install Management Server webserver service. You should restart your computer and try again.’.

Solution: Updated FIPS mode script logic to resolve an unset variable issue.

Component versions

The build number for this release is 14.3.7388.4000. 

Red text indicates components that have updated for this release.