New fixes and component versions in Symantec Endpoint Protection 14.2
Article ID: 150880
Updated On:
Products
Issue/Introduction
Resolution
This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.2. This information supplements the information found in the Release Notes.
New fixes
Unable to import a domain file
Fix ID: 4136019
Symptoms: Domain import fails with the error: Zip file is empty.
Solution: Allow domain import even if there are missing files inside the original export data file.
Clients intermittently lose network connectivity after reboot
Fix ID: 4170825
Symptoms: Network connectivity fails and the Teefer process quits with exit code 31.
Solution: Updated the root certificate cross-signing for the Teefer file based on Microsoft’s recently changed signing requirements.
Manual scan hangs on files bigger than 4 GB
Fix ID: 4071290
Symptoms: Scans hang when manually scanning large files over 4GB.
Solution: Corrected the wrong type conversion for file lengths in SymEFA.
Scheduled AD sync fails, but manual sync is successful
Fix ID: 4134414
Symptoms: Scheduled Active Directory synchronization fails every time it runs. As a result, other OUs from other AD servers cannot synchronize. However, manual synchronization succeeds.
Solution: Add a NullPointer check in the Active Directory synchronization process to avoid incorrect processing in certain cases.
SEPM installation fails using Windows Authentication with custom users created in SQL Server
Fix ID: 4148088, 4083467, 4167749
Symptoms: Installation or migration of Symantec Endpoint Protection Manager fails when you choose Windows Authentication for the SQL Server database and then add custom users.
Solution: Corrected the character set that is used during the processing of usernames.
ccSvcHst process crashes when VLANs are enabled
Fix ID: 4168710
Symptoms: The ccSvcHst process crashes when VLANs are enabled. If there are no VLANs, the crash does not occur.
Solution: Corrected hostname processing along with conflicting IPv4/IPv6 rules.
During a LiveUpdate session, SEP for Mac unexpectedly produces a network proxy authentication request
Fix ID: 4019330, 4137958, 4168444
Symptoms: When LiveUpdate runs on the Symantec Endpoint Protection client for Mac, a network proxy authentication dialog pops up, even when an anonymous proxy is already configured.
Solution: Fixed proxy info processing to better handle anonymous proxies.
SEP for Mac definition download fails with LUA over HTTPS
Fix ID: 4076407
Symptoms: When using LiveUpdate Administrator over HTTPS, the download fails for definitions for the Symantec Endpoint Protection client for Mac.
Solution: Implemented a new method to add an SSL certificate to the LUX data store, and to download the certificate from the server if the HTTPS protocol is selected for LiveUpdate.
SEPM external logging not working
Fix ID: 4092449
Symptoms: After you upgrade to a new Symantec Endpoint Protection Manager, the external logging folder remains empty and the configured Syslog server receives no updates.
Solution: Added a server error message to indicate when the Syslog server cannot be reached and external logging is blocked.
SEP service ccSvcHst terminates unexpectedly with faulting module MSVCR110.dll
Fix ID: 4103887
Symptoms: The Symantec Endpoint Protection client fails to stay in a running state on a single Windows 2012 R2 server; ccSvcHst crashes or terminates unexpectedly. The faulting module is MSVCR110.dll.
Solution: Corrected an issue with an unhandled exception that caused ccSvcHst to crash.
SEP for Linux not getting the latest virus definitions
Fix ID: 4104612
Symptoms: After an upgrade to Symantec Endpoint Protection 14 MP2, the client for Linux does not get the latest virus definitions.
Solution: Initialized defUtils with the configuration file /etc/Symantec.Conf, so that LiveUpdate works properly when it runs along with other Symantec products.
Policy incorrectly applies to multiple groups after an update to the Exceptions policy
Fix ID: 4110703
Symptoms: When you add a file to the Exceptions policy from the Risk Logs, the new policy overwrites the policy for and applies to other groups.
Solution: Fixed the query in retrieving the list of files and groups from the database.
Audit and Compliance report is unexpectedly blank
Fix ID: 4113073
Symptoms: No data displays after you run an Audit Policies Used report on a Symantec Endpoint Protection Manager with numerous policies.
Solution: Fixed the parsing routine in the Audit Policies Used report.
SEP client for Linux shows as offline in SEPM after a change to the Management Server List
Fix ID: 4113521
Symptoms: Symantec Endpoint Protection client for Linux displays as offline in Symantec Endpoint Protection Manager after you make a change to the Management Server List.
Solution: Added an exception handler to handle certain cases when modifying the Management Server List.
Linux terminal session becomes unresponsive for several seconds during certain tasks when SEP and NSCD run on the same system.
Fix ID: 4116464
Symptoms: File system access delays if the user ID to username resolution requires contacting a remote server such as LDAP. Delays also occurs if username caching, such as NSCD, runs and the caching service makes a filesystem request.
Solution: Updated Auto-Protect to cause less load on authentication services during normal use.
SEP 14 client install setting does not show progress bar as selected
Fix ID: 4116983
Symptoms: The progress bar does not display during the client installation as configured when you also select the option to remove existing Symantec Endpoint Protection client software that cannot be uninstalled.
Solution: Fixed the installation type options in the Client Install Settings.
SEP for Linux prevents access to NFS shares
Fix ID: 4118598
Symptoms: Kernel warnings generate when you access an NFSv4 share with Symantec Endpoint Protection client for Linux installed, and possibly during other activities.
Solution: Updated Symantec Endpoint Protection client for Linux to work with NFSv4 servers when using RHEL 7.3 or later.
SEPM not correctly updating Auto-Protect and scan actions for Linux
Fix ID: 4123707
Symptoms: Symantec Endpoint Protection Manager assigns the wrong Auto-Protect action setting for the Linux client. The child setting does not apply the parent setting, even when the override check box was not selected.
Solution: Let the child item apply the action setting from the parent group if the override check box is not selected.
Email attachments sent by SEPM are not showing up in iOS Mail
Fix ID: 4124597
Symptoms: Email attachments from Symantec Endpoint Protection Manager do not show up in Mail, the iOS native mail application.
Solution: Fixed the multipart subtype of the email header.
Cisco VPN v4 adapter cannot be manually added to SEPM 14 MP2 without a name change
Fix ID: 4126289
Symptoms: The network adapter “Cisco VPN v4 (Windows XP, 2000, Server 2003)” is missing in the UI settings after an upgrade from 12.1.6 MP5 to 14 MP2. However, you cannot manually add the adapter unless you change the adapter name, as if the network adapter entry is there by default.
Solution: Added this network adapter back to the UI settings.
After importing the third-party certificate, SEPM does not show certificate details during logon
Fix ID: 4127987
Symptoms: After importing a third-party CA certificate to SEPM, the certificate details do not display during logon. Instead, details show as “Unknown.”
Solution: Added auxiliary method to decode certificate.
Bluescreen occurs during SAP import when SEP 14 MP2 is installed
Fix ID: 4130097
Symptoms: Windows 2012 R2 Bugcheck 27 and 50 occurs during an import from SAP when Symantec Endpoint Protection 14 MP2 is installed.
Solution: Re-established flags during oplock processing in Auto-Protect.
Tamper protection does not protect all SEP registry keys
Fix ID: 4132040
Symptoms: Tamper protection is enabled, but some Symantec Endpoint Protection registry keys in version 14 MP2 can still be changed or deleted.
Solution: Updated Symantec Endpoint Protection code to protect all necessary registry keys.
Cannot disable SNAC for multiple client groups at once
Fix ID: 4135112
Symptoms: Cannot disable Symantec Network Access Control for multiple groups or clients. Instead, they must be disabled individually, which is not feasible for large numbers of clients or groups.
Solution: Created a tool to disable Symantec Network Access Control in bulk. You can acquire this tool by opening a case with Support.
SEP fails to restore quarantined file from Thunderbird email
Fix ID: 4135365
Symptoms: Symantec Endpoint Protection detects a threat in Thunderbird email and quarantines the inbox file. Symantec Endpoint Protection fails to restore the quarantined file because it is detected as a threat again.
Solution: Added a check to prevent the repeated quarantine of a file that is unchanged between detections.
Firewall rule that allows outgoing traffic triggers on incoming traffic
Fix ID: 4137609
Symptoms: A firewall rule that allows outgoing traffic triggers on incoming traffic.
Solution: Fixed the UDP incoming/outgoing direction condition that was lost in the Symantec Endpoint Protection client.
Some registry keys and folders are not removed after uninstalling SEP using CleanWipe
Fix ID: 4140755
Symptoms: Some registry keys, files, and folders were not deleted after uninstallation with CleanWipe.
Solution: Added missing registry and file deletes to CleanWipe.
Upgrade of SEPM 14 to 14.0.1 encounters JKS error post-upgrade
Fix ID: 4141417
Symptoms: An upgrade from Symantec Endpoint Protection Manager 14 to 14.0.1 fails if 14 was installed with the Symantec Endpoint Protection Manager port configured as 8444 (the default is 8443). The Upgrade-0.log has errors logged related to the Java Keystore (JKS).
Solution: The Symantec Endpoint Protection Manager upgrade no longer fails if Management or Remote ports are configured as 8444.
After upgrading SEPM to 14.0.1, Group Settings options take a long time to load
Fix ID: 4147125
Symptoms: The settings panels for General, External Communication, and Communication take a while to open after a Symantec Endpoint Protection Manager upgrade to 14.0.1.
Solution: Skip loading the LockDownPanel in the background when showing these settings panels.
Report does not list deleted computers in the Computers Deleted section of a report
Fix ID: 4151374
Symptoms: Deleted computers do not appear in the report next to Computers Deleted.
Solution: A deleted computer query now points to the table SEM_COMPUTER.
The SEPM web console hides the Client Properties window
Fix ID: 4153294
Symptoms: After you upgrade from version 14.0.1 or 14.0.1 MP1, the Client Properties window on the Symantec Endpoint Protection Manager web console may be hidden. To properly display, you must refresh the page.
Solution: Updated the third-party component AjaxSwing for the web console.
SymDaemon crashes frequently on SEP for Mac
Fix ID: 4156614
Symptoms: The Symantec Endpoint Protection client for Mac component SymDaemon crashes frequently on the Mac.
Solution: Added some missing dynamic link libraries.
Notifications for virus detections no longer appear after logon
Fix ID: 4157755
Symptom: You configure the Symantec Endpoint Protection client to display notifications about detections when a user logs on. However, you see detections in the risk log that never appeared in the notification at logon.
Solution: Added a short delay to allow the client computer to be ready for input before it displays these notifications.
SEP 12.1 definitions are down to a single revision
Fix ID: 4157890
Symptoms: After an upgrade to 14.0.1 MP1, some revisions for the Symantec Endpoint Protection 12.1 content are no longer available, which causes clients to download full.zip files.
Solution: The obsolete content cleaner now skips content that also appears in non-obsolete registrations.
BSODs occur with MULTIPLE_IRP_COMPLETE_REQUESTS (44)
Fix ID: 4157952
Symptoms: With Symantec Endpoint Protection installed, crashes with BugCheck code MULTIPLE_IRP_COMPLETE_REQUESTS are seen.
Solution: Eliminated a race condition on Auto-Protect IRP processing to prevent the crash.
SEP for Mac does not honor the LiveUpdate schedule in the policy
Fix ID: 4158998
Symptoms: On the Symantec Endpoint Protection client for Mac, automatic LiveUpdate does not run on the hourly schedule that is specified in the policy.
Solution: Updated code so that the policy schedule runs as expected.
SEPFL fails to build on Ubuntu 16.04
Fix ID: 4162379
Symptoms: If you install Symantec Endpoint Protection client for Linux on an Ubuntu system that runs kernel 4.13.0-26-generic, the Auto-Protect kernel module fails to auto-compile or to manually compile.
Solution: Added support for Ubuntu kernel 4.13 & 4.11 on standard Linux clients, NFS clients, and NFS servers.
Certain definitions do not update on Macs that run 14.0.1 MP1
Fix ID: 4165236
Symptoms: Certain IPS and virus definitions do not update when LiveUpdate runs on Symantec Endpoint Protection client for Mac.
Solution: Updated the LiveUpdate component.
Inconsistent policy serial numbers appear across SEPMs on the same site
Fix ID: 4166667
Symptoms: The policy serial numbers are inconsistent between different Symantec Endpoint Protection Managers that are connected on the same site.
Solution: Retrieve the latest timestamp from database when compiling a policy.
Exceptions policy does not change when you assign a new policy to group
Fix ID: 4168300
Symptoms: When you assign a new Exceptions policy to a group, the policy does not change on the group.
Solution: Updated so that Symantec Endpoint Protection Manager removes the same type of policy from the assigned policy pool first, before assigning the new policy to this group.
MSI commands to add or remove components does not honor LaunchSMCGui settings
Fix ID: 4168347
Symptoms: When you use MSI commands to add or remove components, previous settings of LaunchSMCGui=0 revert to 1.
Solution: Maintain the LaunchSMCGui state during installation changes for add/remove components.
High CPU usage by ccSvcHst persists until system restart; multiple .kc files created in Data\BASH
Fix ID: 4175017
Symptoms: The ccSvcHst process uses high amounts of CPU and writes several .kc files in the folder Data\BASH. This behavior persists until the system is restarted, but then recurs within weeks.
Solution: EDR component is doing retries, producing the .kc file. Implemented backoff to eventually eliminate this and the impact on CPU
Email notifications for security alerts are sent
Fix ID: 4118047
Symptoms: Security alert emails are from the Symantec Endpoint Protection Manager noting suspicious activities.
Solution: Added a new setting in conf.properties file to prevent this.
View Logs does not work correctly on the SEP 14 MP2 web console
Fix ID: 4131603
Symptoms: The View Logs pane in Symantec Endpoint Protection Manager does not work when using the web console on Internet Explorer 11 on Windows 7 SP1.
Solution: Fixed a related JavaScript error.
Unable to select Mac client install settings when exporting a Mac client package
Fix ID: 4141130
Symptoms: Client install settings are not honored when exporting Mac client packages.
Solution: Added comment in Mac installation settings dialog to indicate that this behavior is currently working as designed. Installation settings apply only to AutoUpgrade.
SEP for Mac client does not run LiveUpdate on schedule due to SymDaemon crash
Fix ID: 4145788
Symptoms: LiveUpdate stops updating on schedule due to intermittent SymDemon crashes. Definitions do not update.
Solution: Fixed an issue with the Job Manager scheduler.
Windows 10 Pro for Workstations systems display as “Windows 10” in SEPM reporting
Fix ID: 4156827
Symptoms: In Symantec Endpoint Protection Manager reporting, "Windows 10 Pro for Workstations" systems display as "Windows 10."
Solution: Added code to take care of this new operating system version.
Firewall state in Security Center switches from “off” to “on” by opening the SEP client UI
Fix ID: 4066199
Symptoms: The firewall state in the Windows Security Center switches from “off” to “on” when the Symantec Endpoint Protection firewall is disabled or withdrawn by Symantec Endpoint Protection Manager policy. This switch is triggered by opening the Symantec Endpoint Protection client UI.
Solution: Fixed the incorrect logic in the client UI.
Dialog panes do not display correctly when using 150% display scaling
Fix ID: 4135075
Symptoms: Dialog boxes for Auto-Protect and custom scan options only partially display the expected controls when you use 150% scaling.
Solution: Changed the affected dialog boxes to automatically scale themselves to match their contained controls.
Event Viewer shows application errors generated for .exe files with SEP installed
Fix ID: 4079621
Symptoms: With Symantec Endpoint Protection installed, application errors appear in the Event Viewer for various .exe files, like consent.exe and mmc.exe.
Solution: Fixed incorrect paths for executing the binaries that generate application errors.
The option to prevent clients from downloading full definition packages does not allow Host Integrity content downloads
Fix ID: 4100454
Symptoms: Host Integrity content does not download when the option to download full definition packages (full.zip) is disabled on Symantec Endpoint Protection Manager.
Solution: Added a check to exclude the blocking of the full.zip for Host Integrity content, even though the download of full.zip files is otherwise disabled through Symantec Endpoint Protection Manager.
The weekly scheduled scan for SEP for Mac does not run
Fix ID: 4161629
Symptoms: The weekly scheduled scan for Symantec Endpoint Protection client for Mac does not run as expected. In addition, the daily scheduled scans do not run sometimes, and the idle-time scan setting is disabled.
Solution: Changed scheduled scan management from a job manager to a task scheduler.
The default action for the SEP client for Linux is different than Windows for the same file
Fix ID: 4052862
Symptoms: In a default virus action configuration (Clean/Quarantine), Symantec Endpoint Protection client for Linux quarantines the file that the client for Windows would clean by deletion.
Solution: Added clean by deletion for Symantec Endpoint Protection client for Linux for the default action configuration (Clean/Quarantine) to match the Windows client behavior.
Reporting advanced filter configuration does not allow comma-separated IPv4 addresses
Fix ID: 4063259
Symptoms: When you try to enter multiple IPv4 addresses separated by commas in the advanced filter section of a report, you get an error that states that the IP address is invalid.
Solution: Changed the function to allow for the use of a comma in the search.
SEPM Monitors > Logs column headers are no longer static and do not remain visible when scrolling
Fix ID: 4072391
Symptoms: When you scroll through the log on Monitors > Logs, the table header does not remain static and moves to an invisible position.
Solution: Reconfigure the table so that the header is static while the content part scrolls
Error log entry appears in System log despite disabling Insight Lookup
Fix ID: 4085436
Symptoms: In the System log, you see a timeout error for a reputation check, even though you have disabled Insight Lookup: "Reputation check timed out during unproven file evaluation."
Solution: Eliminated the misleading reputation check error in the System log if Insight Lookup is disabled.
A Limited Administrator is granted full access to clients from groups they do not have access to
Fix ID: 4088968
Symptoms: A report that a Limited Administrator can run (for "Protection Content Versions") gathers information from (and allows access to) clients from groups to which access is not granted.
Solution: Separated the relevant query into two queries, one of which can apply Limited Administrator privilege.
Application List in the Exceptions Policy cannot display more than 5000 items
Fix ID: 4095030
Symptoms: The application list window only shows 5000 entries, and you want a way to see the entries that do not display.
Solution: Added an application name search box to create a filter.
ccSvcHst does not stop with smc -stop
Fix ID: 4095756
Symptoms: The command smc -stop does not stop ccSvcHst as expected.
Solution: Fixed a deadlock that caused this condition.
With SEP client installed, Linux server hangs when triggering applications that freeze filesystems
Fix ID: 4112446
Symptoms: A Linux server with the Symantec Endpoint Protection client for Linux installed stops responding when you trigger fsfreeze or ioctl(FIFREEZE).
Solution: Addressed a system hang condition between Auto-Protect and applications that freeze filesystems.
SEPM deletes .zip files to import
Fix ID: 4113265
Symptoms: When you select a .zip file to import into Symantec Endpoint Protection Manager 14 MP2, it is instead deleted. It should be left alone.
Solution: Updated to not automatically delete valid or invalid .zip files.
SEPM upgrade hangs at 48%
Fix ID: 4114673
Symptoms: During an upgrade of Symantec Endpoint Protection Manager from 12.1.6 MP6 to 14 MP2, it hangs at 48% due to a deadlock when cleaning obsolete security contents.
Solution: Use the contentCleanupTool to delete security contents from the database before attempting the upgrade again.
Unchecking option to include subfolders does not work properly for SEP Linux for excluding "/" folder in Exceptions policy
Fix ID: 4120100
Symptoms: When you exclude the root folder (“/”) and uncheck Include subfolders, Symantec Endpoint Protection client for Linux incorrectly excludes all content under /.
Solution: Updated to exclude only the files directly under /, and not exclude the subfolders under /.
GUPs are included in globallist.xml for replicated sites after disabling them
Fix ID: 4125306
Symptoms: The file globallist.xml on replication partner sites continue to reference IP/Port combinations for client computers that are no longer active GUPs.
Solution: Updated so that globallist.xml now correctly removes stale GUP entries on replication partner sites as well as on the site that manages the relevant client.
Client Install Settings dialogue disappears on the Web Console when switching to Mac settings
Fix ID: 4136821
Symptoms: When you log on to Symantec Endpoint Protection Manager with the Web Console, the Client Install Settings dialogue disappears when you switch to Mac platform settings.
Solution: Updated the Creamtec build to solve this issue.
SEPM authentication happens three times with Active Directory
Fix ID: 4137088
Symptoms: When logging in to Symantec Endpoint Protection Manager with an administrator that authenticates against Active Directory, the authentication happens three times, instead of just once.
Solution: Changed design to avoid duplicate logins.
Unable to add AutoUpgrade package after a domain import
Fix ID: 4137939
Symptoms: When you attempt to add AutoUpgrade packages to groups, the following error appears: “The replicated software package cannot be found in the cache.”
Solution: Correct the logon parameter so that the AutoUpgrade installation can succeed.
SEP client for Linux fails to install Auto-Protect modules for RHEL 7.4
Fix ID: 4139305
Symptoms: Symantec Endpoint Protection client for Linux installer fails when installing Auto-Protect kernel modules on RHEL 7.4.
Solution: Added precompiled kernel modules for RHEL 7.4, so that Symantec Endpoint Protection client for Linux can install without the need for auto-compile.
Log count mismatch occurs in exported .csv file
Fix ID: 4139406
Symptoms: A log count mismatch occurs in an exported .csv file if the domain column is not yet populated with the domain from the client.
Solution: Made the queries consistent between view logs and export.
Dark Network client displays as Standard client in SEPM console
Fix ID: 4139709
Symptoms: In Symantec Endpoint Protection Manager > Clients > Clients, Dark Network clients display as a standard client in the Protection technology client view.
Solution: Corrected the query for fetching of install types.
SEPM 14.0.1 Web Console has unexpected cursor movements
Fix ID: 4141462
Symptoms: The cursor jumps randomly while navigating the client group structure in Symantec Endpoint Protection Manager viewed through the Web Console.
Solution: Updated the AjaxSwing component.
Event ID 34054 shows up on a client without the SONAR feature installed: "SONAR has been enabled"
Fix ID: 4142238
Symptoms: A message in the Symantec Endpoint Protection client logs states that SONAR has been enabled, even though the SONAR component is not installed.
Solution: Updated so that the client no longer logs that SONAR is enabled when SONAR is uninstalled.
Daily and Weekly reports have inconsistent start times
Fix ID: 4143485
Symptoms: The scheduled Daily and Weekly reports do not generate until a few minutes after the configured start time.
Solution: Updated configuration to use the configured report start time as the next start time forthe first run.
SEP service options are configurable after changing SEP features
Fix ID: 4145430
Symptoms: After changing the installation features by modifying the installation through Control Panel, the options on the Symantec Endpoint Protection service can be modified when they previously could not be.
Solution: ACL removal no longer occurs on Modify or Repair setup actions.
REST API documentation change for Administrator privileges
Fix ID: 4147523, 4129227
Symptoms: The REST API documentation does not mention that System Administrator privileges are required.
Solution: Updated the REST API documentation to advise that System Administrator privileges are required to use REST APIs.
CleanWipe tool included with SEP 14.0.1 deletes a third-party application file
Fix ID: 4148344
Symptoms: CleanWipe removes a third-party service for CAF, CAFServiceMain.exe, because it appears to belong to Symantec Endpoint Protection.
Solution: Added executable name verification. The CAF service binary must be named CAFServiceMain.exe to be removed.
SEPM shows incorrect scan status
Fix ID: 4148895
Symptoms: If you do two or more scan updates for the same scan, Symantec Endpoint Protection Manager incorrectly displays scan status after processing the scan events.
Solution: Updated so that it processes the scan events in a sequential order.
Entries for display of the command status cannot be customized
Fix ID: 4150256
Symptoms: You are unable to customize the entries for the command status table.
Solution: Added correct html tag to close table element. This action fixes issues with misalignment and with the limit not getting saved.
Cannot input SEPM drive letter in HI policy
Fix ID: 4150318
Symptoms: You are unable to enter a file path into the Host Integrity policy if the file path contains the DVD drive letter on Symantec Endpoint Protection Manager.
Solution: Added a dialog to allow you to proceed if the input drive is a DVD drive.
Duplicate Exceptions policies listed in Monitors > Logs > Add Risk to Exception policy
Fix ID: 4152056
Symptoms: When you view logs under Monitors > Logs, duplicated Exceptions policy names appear when you select Add Risk to Exception policy.
Solution: Added a process to clean up non-applied, non-shared policies.
Use of the wildcard * (asterisk) in hostname entry for GUP configuration results in error "invalid host name"
Fix ID: 4152813
Symptoms: When you define a single GUP with a * character, you get the following message: “You entered an invalid host name or IP Address. A host name must be 255 alphabetical characters or less.”
Solution: Corrected the validation of * wildcard entry to ensure you can use this for GUP configuration.
Buttons are missing on Web Console
Fix ID: 4158599
Symptoms: In the Web Console, the buttons OK, Cancel, and Help are missing.
Solution: Made changes to render the buttons for AjaxSwing.
Group and Location use count do not sort correctly for IPS policies
Fix ID: 4168539
Symptoms: The IPS policies do not sort properly if sorted by Group or Location Use Count.
Solution: Fixed the sorting of Group and Location Use Count column in IPS policy.
Upgrade Clients with Package wizard has unclear UI
Fix ID: 3945325
Symptoms: The Upgrade Clients with Package wizard process dialogs and process is not user friendly.
Solution: Modified text to ensure that the UI is clear and understandable.
SEPM Policy REST API returns "Rate limit exceeded"
Fix ID: 4119101
Symptoms: When you use the REST API command /sepm/api/v1/policy, the misleading error message “Rate limit exceeded” generates to indicate an over-rate limit situation.
Solution: Corrected message to indicate that the cloud enrollment has exceeded its limits.
SEPM Firewall policy column size for Log doesn't increase as you select more items
Fix ID: 4058075
Symptoms: In Symantec Endpoint Protection Manager, the column size for Log in the firewall policy’s rules grid does not increase as you select more items. This behavior makes selections invisible.
Solution: Fixed the UI logic for the policy interface.
Unclear Firewall functions
Fix ID: 4058075
Symptoms: The function of the Symantec Endpoint Protection firewall may be confusing to some, particularly regarding the Windows firewall.
Solution: Explained in more detail in the firewall dialog about how the Symantec Endpoint Protection firewall and Windows firewall work.
ADC policy truncates log data
Fix ID: 4131794
Symptoms: An Application and Device Control log is missing data or truncates items that are expected to be there.
Solution: Change Application Control log codes to only treat "*" as a special character if that description string came from internal codes.
Differences in Action List and Action Distribution detection numbers in multi-SEPM environment
Fix ID: 4134916
Symptoms: With a load-balanced Symantec Endpoint Protection Manager, the numbers that display under the Action List and Action Distribution are different.
Solution: Fixed the server ID used in generating the report to ensure the corresponding numbers match.
SEPM does not process RSA SecurID sdconf.rec file
Fix ID: 4072413
Symptoms: An error message appears when you log on the Web Console to import the RSA configuration file sdconf.rec with the wizard.
Solution: Add logic to detect the Web Console, so that it gets the right file path when you use the Web Console versus the Java Console.
Typo appears while logged in as Limited Admin
Fix ID: 4085938
Symptoms: In the Client Install Settings pane, you see a spelling error, “Client Insatall Settings,” when you log on as a Limited Administrator.
Solution: Changed “Insatall” to “Install.”
Automatic update of the File Fingerprint List does not work over UNC path
Fix ID: 4089035
Symptoms: Symantec Endpoint Protection Manager cannot download the File Fingerprint update from the specified UNC path
Solution: Updated the UNC path interpretation for special characters.
Custom Applications appear to be disabled by license policy in clients not enrolled to cloud portal
Fix ID: 4098963
Symptoms: Symantec Endpoint Protection logs the following warning message in the System log: “Memory Exploit Mitigation Custom Applications disabled by license policy.” This message appears for clients of a Symantec Endpoint Protection Manager that is not currently enrolled to the cloud portal. It also appears for unmanaged clients.
Solution: Changed the message to, “This device is not licensed for Memory Exploit Mitigation Custom Applications.”
Quarantine items that are restored do not get purged.
Fix ID: 4102033
Symptoms: Restored Quarantine items are left behind and never get purged.
Solution: Added logic to purge restored Quarantine items with the same purge policy configuration as Backup items.
SEPM Limited Administrators can modify their rights
Fix ID: 4136228
Symptoms: Limited Administrators can remove their right to run commands, which should not be allowed. They can adjust this setting even if the option is locked or grayed-out in Symantec Endpoint Protection Manager.
Solution: Corrected UI control to only allow the correct functions for Limited Administrators.
SEP for Mac LiveUpdate prompts for proxy authentication if proxy or LiveUpdate address is unreachable
Fix ID: 4137958
Symptoms: LiveUpdate on the Symantec Endpoint Protection client for Mac prompts for proxy authentication if the proxy or the LiveUpdate address is unreachable. This behavior incorrectly suggests that LiveUpdate does not recognize the anonymity of an anonymous proxy.
Solution: Corrected the prompt so that it shows only if the server is reachable. No prompt appears otherwise.
MEM monitors / log reporting is not consistent
Fix ID: 4146857
Symptoms: The exported Memory Exploit Mitigation logs display an inconsistent total count and records.
Solution: Fixed the included EVENT IDs in the total count query and the export query for Memory Exploit Mitigation logs.
Status of SEPM replication partner indicates it cannot connect, despite replication working fine
Fix ID: 4168699
Symptoms: The status of the Symantec Endpoint Protection Manager replication partner indicates it cannot connect. However, replication works without issue.
Solution: Added filter to remove any invalid ReplicationState statuses before displaying, if replication ultimately succeeds.
SEPM sends more than 1024 Bytes to the Syslog server
Fix ID: 4037446
Symptoms: You notice that the Symantec Endpoint Protection Manager sends more than 1024 Bytes of data to the Syslog server.
Solution: Added an option to limit the maximum length of Syslog data to 1024 Bytes.
Japanese SEPM hangs while setting a block in a firewall rule
Fix ID: 4172271
Symptoms: You log on to the Japanese-language Symantec Endpoint Protection Manager. When you try to select Block in a firewall rule, the console hangs on the firewall rule screen. The error logs indicate a null pointer exception.
Solution: Updated the code so that this issue no longer occurs.
External logs display the incorrect URL Tracking Status
Fix ID: 4162328
Symptoms: When you view external logging, you notice that the URL Tracking Status reads as Off when it should be On.
Solution: Corrected the URL Tracking Status when using external logging.
With the Outlook AutoProtect plug-in installed, the setting to disable LaunchSMCGui is not honored
Fix ID: 4156430
Symptoms: If the Outlook AutoProtect plug-in is installed, user instances of ccSvcHst appear, even though LaunchSMCGui is disabled.
Solution: Updated the Outlook AutoProtect plug-in to honor the LaunchSMCGui setting.
Exported log column displays a number instead of a description
Fix ID: 4161759
Symptoms: When you export the Network and Host Mitigation log, you notice that the Event Type column displays "249" instead of "Browser Protection."
Solution: Added the Browser Protection event description in the Network and Host Mitigation log export.
Unable to delete an unused host group
Fix ID: 4156291
Symptoms: You cannot delete a host group, despite it not being used in any policy.
Solution: Updated code to remove references to the host group once the policy no longer uses it.
Additional fix for 14.2.760.0000
Non-shared policies are removed after an upgrade to 14.2
Fix ID: 4186631
Symptoms: After you upgrade to version 14.2, you notice that your non-shared policies are missing.
Solution: Updated the logic that is used while processing policies.
Additional fixes for 14.2.770.0000
ccSvcHst.exe crashes when VLANs are enabled after an upgrade to 14.2
Fix ID: 4188770
Symptoms: After you upgrade to version 14.2, the service ccSvcHst.exe crashes if VLANs are enabled and your location awareness policy contains DNS lookup conditions.
Solution: Updated the logic that is used while processing policies.
Replication fails after an upgrade to 14.2
Fix ID: 4189043
Symptoms: After you upgrade to version 14.2, replication fails.
Solution: Updated the upgrade routine.
Location Awareness using a subnet condition does not work after an upgrade to 14.2
Fix ID: 4189031
Symptoms: After you upgrade to version 14.2, Location Awareness that uses a subnet condition no longer works.
Solution: Updated the conversion for proper subnet construction.
Component versions
The build number for this release is 14.2.770.0000.
Note: Valid versions 14.2.758.0000 and 14.2.760.0000 were available for a short while with the same component versions. They were replaced by 14.2.770.0000.
Red text indicates components that have updated for this release.
|
Component |
DLL File |
DLL Version |
SYS File |
SYS Version |
|---|---|---|---|---|
|
AutoProtect |
srtsp64.dll |
15.0.35.29 |
srtsp64.sys |
15.0.35.27 |
|
BASH Defs |
BHEngine.dll Seq#= 20170926.001 |
11.4.0.29 |
BHDrvx64.sys |
11.4.0.29 |
|
BASH Framework |
BHClient.dll |
10.4.1.7 |
N/A |
- |
|
CC |
ccLib.dll |
13.3.1.4 |
ccSetx64.sys |
13.3.0.24 |
|
CIDS Defs |
IDSxpx86.dll Seq#= 20180605.500 |
16.2.0.814 |
IDSviA64.sys |
16.2.0.810 |
|
CIDS Framework |
IDSAux.dll |
15.2.5.29 |
N/A |
- |
| CP3 | version.txt | 2.4.0.278 | N/A | - |
| CX | cx_lib.dll | 3.6 | N/A | - |
|
ConMan |
version.txt |
2.1.6.2 |
N/A |
- |
|
D2D |
version.txt |
1.2.1.5 |
N/A |
- |
|
D2D_Latest |
version.txt |
1.5.0.44 |
N/A |
- |
|
DecABI |
dec_abi.dll |
2.3.5.10 |
N/A |
- |
|
DefUtils |
DefUtDCD.dll |
4.16.8.24 |
N/A |
- |
|
DuLuCallback |
DuLuCbk.dll |
1.8.1.17 |
N/A |
- |
| DuLuxCallback | duluxcallback.dll | 2.10.1.3 | N/A | - |
|
ERASER |
cceraser.dll |
117.3.1.6 |
eraser64.sys |
117.3.1.6 |
|
IRON |
Iron.dll |
7.0.6.7 |
Ironx64.sys |
7.0.6.3 |
| LUX | Lux.dll | 2.10.1.13 | ||
|
LiveUpdate |
LUEng.dll |
2.6.1.11 |
N/A |
- |
|
MicroDefs |
patch25d.dll |
5.1.3.11 |
N/A |
- |
|
SDS Engine |
sds_engine_x86.dll Seq#= 20180609.002 |
1.6.0.362 |
N/A |
- |
|
SIS |
SIS.dll |
91.12.4400.5000 |
N/A |
- |
|
STIC Defs |
stic.dll Seq#= 20180519.006 |
1.6.0.362 |
N/A |
- |
|
SymDS |
DSCli.dll |
6.2.0.17 |
N/A |
- |
|
SymEFA |
EFACli64.dll |
6.3.2.9 |
SymEFASI64.sys |
6.3.2.8 |
|
SymELAM |
ELAMCli.dll |
2.0.1.95 |
SymELAM.sys |
2.0.1.85 |
|
SymEvent |
Sevntx64.exe |
14.0.6.30 |
SymEvent.sys |
14.0.6.27 |
|
SymNetDrv |
SNDSvc.dll |
15.2.2.31 |
symnets.sys |
15.2.2.31 |
|
SymScan |
ccScanW.dll |
14.2.2.17 |
N/A |
- |
|
SymVT |
version.txt |
9.2.3.6 |
N/A |
- |
| Symulator | version.txt | 1.6.0.87 | N/A | - |
| TCSAPI | version.txt | 1.6.0.14 | N/A | - |
| Titanium | titanium.dll | 2.4.1.12 | N/A | - |
|
WLU(SEPM) |
LuComServerRes.dll |
3.3.202.6 |
N/A |
- |
Feedback
