|
 | Document ID:2007121216360648
Last Modified:09/29/2008 |
Release notes for Symantec Endpoint Protection 11.0.x and Symantec Network Access Control 11.0.x
| Situation: | This article documents the changes and fixes in each update to Symantec Endpoint Protection 11.0.x and Symantec Network Access Control 11.0.x. |
| Solution: | As updates to Symantec Endpoint Protection are released, they are added as sections in this document. The sections are added in chronological order, with the most recent additions at the top. For information about how to obtain the latest build of Symantec Endpoint Protection, read the following document: Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x.
Maintenance Release 3 (MR3)
Component versions in MR3
| Major Components |  |
| Symantec Endpoint Protection | 11.0.3001.2224 |
| Client Management Component | 11.0.3001.2224 |
| Symantec Network Access Control | 11.0.3001.155 |
| Symantec Endpoint Protection Manager | 11.0.3001.2224 |
| Minor Components | |
| Auto-Protect | 10.2.6.5 |
| Behavior Blocking | 3.3.7.004 |
| COH | 6.1.6.3 |
| Common Client | 6.3.7.009 |
| DecABI | 1.1.1.39 |
| Defutils | 3.3.20.0 |
| QServer | 3.6.16 |
| SyKnAppS | 2.5.0.12 |
| SymEvent | 12.5.3.3 |
| SymNetDrv | 7.2.3.302 |
| WpsHelper | 11.0.717.804 |
Symantec Endpoint Protection client fixes
Corrupted string in User Information when using Japanese string
Fix ID: 1118892
Symptoms: When editing the "Set User Information Collection" field in the exported install package in Japanese, the string fields of the text are corrupted.
Solution: Updated fields to accept double-byte characters.
Cannot create an "ignore" exception for some proactive detections
Fix ID: 1178830
Symptoms: Certain executables do not appear in the detected processes. You are unable to set the action to "ignore."
Solution: Updated the firewall to recognize the executables and display them.
20-20 Design software does not load properly with Sysplant enabled
Fix ID: 1178838
Symptoms: After installing the 20-20 Design software with Application and Device Control enabled, the Design.exe process fails after a few seconds.
Solution: Application and Device Control was modified to allow the application to execute properly.
Symantec Endpoint Protection service stops and starts repeatedly on Windows 2000 Terminal Server
Fix ID: 1179755
Symptoms: The event log shows event ID 7031 after installing Symantec Endpoint Protection 11.0 to a Windows 2000 Terminal Server in Remote Administration mode.
Solution: Addressed a crash in the startup sequence for RTVScan to properly load and improve start up performance.
Unable to configure Application Control for Binary or DWORD registry values
Fix ID: 1180455
Symptoms: When configuring Application Control for registry access, it will not block DWORD or Binary registry values.
Solution: Updated the driver to properly monitor and control all registry key types.
Symantec AntiVirus to Symantec Endpoint Protection 11.0 migrated scheduled LiveUpdate settings are not properly reflected in the Symantec Endpoint Protection 11.0 user interface
Fix ID: 1185614
Symptoms: When migrating from Symantec AntiVirus to Symantec Endpoint Protection, the scheduled LiveUpdates appear with a default value.
Solution: Updated the migration calls to properly migrate the LiveUpdate schedules.
Terminal servers run multiple instances of ProtectionUtilSurrogate.exe
Fix ID: 1185648
Symptoms: After installing Symantec Endpoint Protection 11.0 to a Terminal Server, a copy of ProtectionUtilSurrogate.exe is ran for each user that logs on.
Solution: Symantec Endpoint Protection 11.0 now allows for a client to disable the extra components from loading in separate sessions.
Cannot schedule LiveUpdate on a unmanaged 64-bit client
Fix ID: 1196685
Symptoms: After installing Symantec Endpoint Protection 11.0 on an unmanaged 64-bit machine, you are unable to schedule any LiveUpdates.
Solution: Fixed the storage location in the registry of the LiveUpdate schedule key.
After upgrading from Symantec AntiVirus, the Symantec Endpoint Protection 11.0 client appears to have continuous QuickScans running
Fix ID: 1199488
Symptoms: After migration, the user interface shows a QuickScan continually running, even after it was completed.
Solution: All scans will be set to "done" on migration so that they will not run outside their schedule.
High CPU utilization on Terminal Servers with multiple active sessions
Fix ID: 1201882
Symptoms: Each session on a Terminal Server runs an instance of SMCGUI, which causes high CPU utilization.
Solution: Symantec Endpoint Protection now allows for a client to disable the extra components from loading in separate sessions.
Lexware software fails with Application and Device Control
Fix ID: 1204295
Symptoms: After installing Symantec Endpoint Protection, the Lexware software no longer prompts for a password and does not launch correctly.
Solution: Modified Application and Device Control to allow the application to execute properly.
Mitek's Truss Engineering design software fails to load with Application and Device Control installed
Fix ID: 1211062
Symptoms: After installing Symantec Endpoint Protection, the Mitek 20/20 software no longer loads properly.
Solution: Application and Device Control was modified to allow the application to execute properly.
Location Awareness fails to switch locations correctly when using wireless connections
Fix ID: 1214058
Symptoms: When configuring a location to switch when a "Client computer uses Wireless" configuration, the client doesn't always switch properly.
Solution: Updated the location switching engine to properly identify Wireless configurations.
Unable to stop users from stopping a scan when configuring the client to be able to snooze a scan
Fix ID: 1225607
Symptoms: To configure the client with the ability to snooze a scan, the "Allow user to stop a scan" box must also be unchecked.
Solution: Added a checkbox to allow the administrator to provide the ability to pause a scan but not cancel it.
Microsoft Dynamics application crashes in RDP session with Network Threat Protection enabled
Fix ID: 1228312
Symptoms: Microsoft Dynamics application crashes in an RDP session when using Network Threat Protection, but works locally.
Solution: Application and Device Control was modified to allow the application to launch properly.
Active Scan fails to launch after definitions are updated
Fix ID: 1228476
Symptoms: After new definitions are installed, the post-update Active Scan fails to launch.
Solution: Changed the call used to launch the Active Scan to ensure that it launches as designed.
Clients that cannot access the Group Update Provider (GUP) for updates fail over to Symantec Endpoint Protection Manager
Fix ID: 1236384
Symptoms: If a client cannot receive an update from the GUP, it fails over to Symantec Endpoint Protection Manager even if that is not what the administrator desires.
Solution: Added additional GUP configurations to allow administrators to specify that clients should never bypass the GUP.
Unable to run Ice Sword rootkit detection tool with Symantec Endpoint Protection installed
Fix ID: 1238015
Symptoms: When trying to launch the Ice Sword software with Symantec Endpoint Protection installed, an initialization error appears.
Solution: Application and Device Control was modified to allow the application to launch properly.
Symantec Endpoint Protection client does not write an event when NTP is re-enabled
Fix ID: 128512
Symptom: When allowing a user to disable NTP temporarily but with an automatic re-launch, the disabled notification is logged, but an enable notification is not.
Solution: Added an event log entry that states "Symantec Management Client has been activated" to be logged when the NTP component is re-enabled.
Symantec Endpoint Protection client fails to communicate with manager when explorer.exe is not loaded
Fix ID: 1247147
Symptoms: If explorer.exe is not loaded, the client will not communicate with Symantec Endpoint Protection Manager.
Solution: Removed the dependency on explorer.exe.
Multiple Systray icons appear after launching Citrix applications
Fix ID: 1262984
Symptoms: Each time a client opens a Citrix application, an additional tray icon appears.
Solution: Symantec Endpoint Protection now allows for a client to disable the extra components from loading in separate sessions.
"Log files written to USB drives" only logs the first file copied
Fix ID: 1263163
Symptoms: When copying multiple files to a USB drive, only the first file is logged.
Solution: Added additional Tamper Protection logic to process all events.
Uninstalling the email tools does not remove ccEmlPxy.dll
Fix ID: 1263922
Symptoms: After uninstalling the email tools, the ccEmlPxy.dll file is left behind in the Symantec Shared directory. This may cause errors.
Solution: Changed the uninstaller to remove all email plug-in related files during uninstall.
Cannot save Word 2003 file changes to a cluster server
Fix ID: 1265733
Symptoms: Word 2003 files will not save changes when attempting to edit from a cluster server share.
Solution: Updated AutoProtect to handle network file share writes.
Firewall rules created through learned applications do not block and write to log
Fix ID: 1267057
Symptoms: When rules are created using the learned applications function the rule doesn't appear to work. Creating the rule manually is successful.
Solution: Modified the firewall creation process to create the rule properly.
SMC –stop command fails when User Account Control (UAC) is enabled
Fix ID: 1268114
Symptoms: When attempting to stop the SMC service using "smc –stop" on Windows Vista with UAC enabled, the SMC service remains running.
Solution: Changed the application to properly allow the –stop command to succeed with UAC.
System log entry shows "Stop serving as the GUP" though client was never a GUP
Fix ID: 1277545
Symptoms: Symantec Endpoint Protection clients appear to have stopped serving as a GUP even though they never were a designated GUP.
Solution: Added a check to confirm that the client was a GUP prior to writing event log entries.
With Remote Registry Service disabled, Symantec Endpoint Protection 11.0 MR2 fails to install
Fix ID: 1278518
Symptoms: To complete a MR2 deployment from a remote computer, the Remote Registry Service must be running for the installation to succeed.
Solution: Changed the prerequisite check to allow for the installation to continue without Remote Registry Service.
Risk declared as clean but still shows a red 'X'
Fix ID: 1280312
Symptoms: Even after Symantec Endpoint Protection 11.0 cleans a threat, the log icon still shows a red 'X'.
Solution: Addressed the return codes so that threats that are successfully dealt with get a green check mark.
IPS detections do not contain the IP of the local machine
Fix ID: 1283095
Symptoms: Detections of outbound threats do not include the IP address of the Symantec Endpoint Protection client the detections are occurring on, but instead shows '0.0.0.0'.
Solution: Changed the call made to gather the IP address to report the client IP correctly.
SymCorpUI.exe hangs while scanning
Fix ID: 1284416
Symptoms: In some situations a scan will cause a hang in SymCorpUI.exe.
Solution: Check for NULL areas prior to using them as pointers.
SMC crash on Windows XP Service Pack 2 with Nortel VPN Client installed
Fix ID: 1288020
Symptom: On startup, SMC.exe fails.
Solution: Addressed a crash in the 802.1x part of the firewall traffic scanning engine.
Location Switching Criteria "Aventail SSL VPN" fails
Fix ID: 1289968
Symptom: When configuring the Location Switching in Symantec Endpoint Protection to use the Network Connection Type "Aventail SSL VPN" the client will not properly switch locations when using the VPN software.
Solution: Added logic to recognize the newer Aventail SSL VPN client.
ccApp causes a runtime error during e-mail download
Fix ID: 1290034
Symptoms: When using the Internet E-mail plug-in, downloading e-mail into Outlook Express may cause a ccApp runtime error.
Solution: Addressed the crash in the Common Client scan engine.
Consortium Conference Client Forum fails to open with Symantec Endpoint Protection installed
Fix ID: 1290124
Symptoms: When using Application and Device Control, the Consortium Conference Client forum fails to run.
Solution: Application and Device Control was modified to allow the application to launch properly.
Windows 2008 dropping network shares with AutoProtect enabled
Fix ID: 1290133
Symptoms: Network shares become unresponsive after installing Symantec Endpoint Protection MR2 with AutoProtect enabled on a Windows 2008 server.
Solution: Modified Auto-Protect to address the problem.
Cannot change System Recovery settings with Application and Device Control
Fix ID: 1292400
Symptoms: With Application and Device Control installed, attempts to change the System Recovery settings in Windows cause an error.
Solution: Modified Application and Device Control to allow the application to function properly.
Delay occurs when logging out of a Remote Desktop session with Symantec Endpoint Protection installed
Fix ID: 1295742
Symptoms: After installing Symantec Endpoint Protection with Application and Device Control enabled, there is an approximately one minute delay when logging out of a Remote Desktop Session.
Solution: Application and Device Control was modified to allow the application to function properly.
Symantec Endpoint Protection client reports that Network Threat Protection is active even though it is not installed
Fix ID: 1295836
Symptoms: Network Threat Protection displays in the system logs as activated and provides an engine version in the client logs even though it is not installed.
Solution: Changed the logging functionality not to log the incorrect statements and engine versions.
Initial DHCP traffic is allowed even if a rule in place is configured to block all traffic
Fix ID: 1297792
Symptoms: With a firewall rule configured to block all traffic on the wireless adapter, DHCP traffic is still allowed.
Solution: Modified the firewall to correctly block the traffic.
Users can snooze scans indefinitely
Fix ID: 1297863
Symptoms: When a policy is configured to allow users to only scan three times, the user can right-click on the scheduled scan taskbar to continue snoozing the scan.
Solution: Temporary pauses now honor the administrator's limits.
.
PTV America's VISSIM software fails to load with Application and Device Control installed
Fix ID: 1298834
Symptoms: When Application and Device control is installed, the software process (vissim0.exe) begins to load and then disappears after a few seconds.
Solution: Application and Device Control was modified to allow the application to function properly.
Application and Device Control installed with ZENRIN its-moNAVI causes an application crash
Fix ID: 1300452
Symptoms: With Application and Device Control installed, attempts to close the its-moNAVI application will cause a crash.
Solution: Updated registry protection to allow the software to exit normally.
Location Awareness displays as disabled in the client's troubleshooting user interface
Fix ID: 1315921
Symptoms: Location Awareness always appears disabled in the Client Control Mode no matter whether autolocation is enabled.
Solution: Corrected the verification calls to display the Location Awareness status correctly.
Symantec Endpoint Protection user interface hangs when the operating system is set to Traditional Chinese language input
Fix ID: 1316001
Symptoms: When Windows XP default input language is set to Traditional Chinese, Symantec Endpoint Protection UI stops responding to mouse clicks after a few clicks.
Solution: Adjusted the user interface settings to ensure that the it does not lose focus and hang.
Cannot deploy a client package without the out of date definition warnings appearing
Fix ID: 1317002
Symptoms: Even if the administrator disabled the out of date definition dialog box, the warning will appear on new installations.
Solution: Fixed the default setting to not display the dialog box when configured not to do so.
Symantec Endpoint Protection 11.0 MR2 MP2 Outlook e-mail plug-in strips attachments
Fix ID: 1317106
Symptoms: When trying to save attachments that are excluded from the File Type list, the file gets saved as a 0k file.
Solution: Modified the Outlook hook to report the scanned state of the file back correctly so that Outlook can correctly save the file.
Certain DOS applications fail with Application and Device Control enabled
Fix ID: 1363281
Symptoms: Application and Device Control's "File and Folder access attempts" function causes some DOS applications to malfunction.
Solution: Modified APIs used to handle system calls properly and allow applications to function.
Oracle Discover 3.1 fails with Application and Device Control installed
Fix ID: 1366803
Symptoms: With Application and Device Control installed, Oracle Discover 3.1 will appear to launch but will actually fail.
Solution: Modified Application and Device Control to allow the application to function properly.
Symantec Endpoint Protection Manager fixes
Symantec Endpoint Protection Manager incorrectly parses the client inventory data forwarded from Symantec AntiVirus Reporting agents
Fix ID: 1367356
Symptoms: When Symantec Endpoint Protection Manager is configured to parse legacy client logs, the system does not process the uploaded inventory log files correctly.
Solution: Modified the log parsing process to handle 0-length lines and continue processing.
Manager Server Configuration Wizard does not accept special characters
Fix ID: 1126665
Symptoms: The initial installation accepts special characters, but when trying to log on to reconfigure the management server, the logon will fail.
Solution: Special characters are no longer allowed during the installation process.
Unable to configure the definition warning message in the manager
Fix ID: 1182971
Symptoms: There is not a way to configure the out of date definition dialog message in the Policy Manager.
Solution: Added a configuration option to change the text.
Symantec AntiVirus server names and client groups are not listed for some server groups when using the Symantec Endpoint Protection Manager migration wizard
Fix ID: 1188010
Symptoms: When the server group has the same name as the primary server, the server/client hierarchy for the group does not display in the Symantec Endpoint Protection Manager migration wizard.
Solution: Changed the wizard's group import process to correctly display groups and policies.
The Symantec Endpoint Protection Manager password lifetime is hard coded
Fix ID: 1194677
Symptoms: The administrator cannot configure how long a password has before it expires and must be changed.
Solution: Added a configuration option to allow the administrator to configure the password expiration timeframe.
The list of Known Security Risk Exceptions is longer on the Symantec Endpoint Protection client than it is in Symantec Endpoint Protection Manager
Fix ID: 1201020
Symptoms: The Symantec Endpoint Protection client has a larger list of Security Risks than Symantec Endpoint Protection Manager does.
Solution: Updated the APIs used to enumerate the Risk Exception list.
An export button is missing from the export search data dialog box
Fix ID: 1203445
Symptoms: Page 73 of the Administrator guide directs the admin to click on an export button in the dialog box that doesn't appear in Symantec Endpoint Protection Manager.
Solution: Added the dialog box.
Symantec Endpoint Protection Manager fails to update virus definitions or policies to clients
Fix ID: 1212533
Symptoms: Symantec Endpoint Protection Manager outbox/agent directory fails to update with new content, and clients remain out of date.
Solution: Added a synchronizing mechanism to avoid multiple updates and replication while updating.
Inconsistent notifications when configuring Risk outbreak notifications using a damper control
Fix ID: 1214320
Symptoms: When configuring the Risk notifications using the damper configuration, the notifications aren't always consistent.
Solution: Corrected a duplicate risk log entry to address duplicate notifications.
GUP fails to update clients
Fix ID: 1222412
Symptoms: The GUP appears to be requesting a Full.zip from the server when it doesn't exist.
Solution: Addressed the server update compilation process to ensure updates are available to the GUP when requested.
Symantec Endpoint Protection Manager limited administrators can still perform administrator tasks
Fix ID: 1222797
Symptoms: A Limited Administrator in Symantec Endpoint Protection Manager still has the ability to block the addition of clients to a group and add install packages to groups by right clicking the white space on the Install Package tab and clicking Add.
Solution: Updated the user interface panels to adhere to the user's permissions.
Administrators log off time is always the same as the last log-in time
Fix ID: 1225992
Symptoms: When viewing the Online Status of all Administrators from within Symantec Endpoint Protection Manager, the Last Log Off Time always shows identical to the Last Log On Time.
Solution: Fixed the admin state to reflect the correct log off time.
Installing Symantec Endpoint Protection Manager to a custom web site will remove similarly named directories from the default Web site
Fix ID: 1226024
Symptoms: When installing to a custom Web site, installing or uninstalling Symantec Endpoint Protection Manager will remove similarly named directories that exist under the default website, even if they were not placed there by Symantec Endpoint Protection Manager.
Solution: The default Web site will not be altered when installing into a custom Web site.
Symantec Network Access Control Appliance shows online and connected to Symantec Endpoint Protection Manager even though required Symantec Network Access Control upgrade is not installed
Fix ID: 1229194
Symptoms: Symantec Network Access Control Enforcer Appliance will show SPM Status online and connected even though the Symantec Endpoint Protection Manager does not have the required Symantec Network Access Control software upgrade installed.
Solution: Modified Symantec Endpoint Protection Manager to display the Symantec Network Access Control appliance status correctly.
Port 1812 error when installing Symantec Endpoint Protection Manager
Fix ID: 1231532
Symptoms: Even if the LAN Enforcer is not being installed, Symantec Endpoint Protection Manager requires the 1812 port to be available before installing.
Solution: Removed port 1812 check if the LAN Enforcer is not being installed.
Synchronization and import errors occurs when deleting a Directory Server from the first Symantec Endpoint Protection Manager
Fix ID: 1234447
Symptoms: When two or more Symantec Endpoint Protection Managers are installed in the same site and share the same database, deleting a Directory Server from the first Symantec Endpoint Protection Manager will cause the additional Symantec Endpoint Protection Managers to lose their connection and ability to synchronize with previously established Directory Servers and Organizational Units.
Solution: Corrected the API that returns directory servers such that a null parameter correctly returns all Directory Servers.
In the Policies tab, the feature "Replace the Policy" doesn't work for the IPS policy
Fix ID: 1234753
Symptoms: When attempting to use the "Replace" Task on the Intrusion Prevention Policies pane under the Policies Tab in Symantec Endpoint Protection Manager, the dialog showing the replacement options working correctly, but the active policy is not replaced.
Solution: Added logic to correctly handle the IPS policies.
Unable to configure Symantec Endpoint Protection Manager to send e-mail notifications on a non-standard port
Fix ID: 1239649
Symptoms: Symantec Endpoint Protection Manager is configured to send e-mail notifications on port 25, and if the administrator's mail server is using a different port, Symantec Endpoint Protection Manager cannot be reconfigured.
Solution: Added a configuration option to allow the port to be configured.
An option to save reports is not available in Symantec Endpoint Protection Manager
Fix ID: 1246926
Symptoms: When running a report in the Endpoint Protection Manager and exporting the report, it automatically opens in a web browser and does not offer the option to save.
Solution: Added a download dialog after selecting the export option.
Scheduled LiveUpdate for Symantec Endpoint Protection Manager does not work within specified time frame
Fix ID: 1259224
Symptoms: LiveUpdate fails to run when the minute which Symantec Endpoint Protection Manager chooses to run LiveUpdate is equal to the end time specified within the Symantec Endpoint Protection Manager LiveUpdate schedule.
Solution: Modified the scheduler to handle overlapping LiveUpdate schedules.
Special characters in client computer description cause error
Fix ID: 1260350
Symptoms: Special characters in client computer description cause SAXParseException in scm-server-0.log.
Solution: Added function to handle the special characters properly.
After migrating Symantec Endpoint Protection Manager, policies and content are not being pushed to the client
Fix ID: 1262832
Symptoms: Definitions and policies are not being sent to the client and a JavaNullException appears in scm-server-0.log.
Solution: Added additional handling for broken links to continue processing content.
Replication of the databases takes up large amounts of drive space
Fix ID: 1263684
Symptoms: After running Symantec Endpoint Protection Manager for some time, there will be content versions that should be deleted, but are not, and it takes large amounts of database storage. Replication merges the data, taking up even more space.
Solution: Added database clean-up functions to remove unneeded content.
The reporting dashboard doesn't specify the amount of data that is being displayed
Fix ID: 1264056
Symptoms: The reporting dashboard only shows the last 12 hours of data but it is not clear that that is what is displayed.
Solution: Added a time display on the user interface.
Computer Status Log [Detail] and [Export] link do not have correct date/time
Fix ID: 1266588
Symptoms: When viewing "Computer Status Logs", different values for the same attributes are displayed depending whether the [Details] or [Export] links are chosen.
Solution: Corrected the functions used to gather the date/time stamps.
Symantec Endpoint Protection Manager auto log sweep does not log when it runs
Fix ID: 1271370
Symptoms: Auto log sweep is not logged in the Symantec Endpoint Protection Manager log, while a manual log sweep is.
Solution: Added logging functionality.
Host Group name does not change in the Firewall Policy interface
Fix ID: 1274460
Solution: Changed the call made to gather the object name.
Find Unmanaged Computers not returning Symantec AntiVirus version installed after discovery
Fix ID: 1274524
Symptoms: After the discovery finishes and the client is discovered and shows up in the "unmanaged Computer" tab, the Software Column is not populated with the information about the client Symantec AntiVirus that is installed.
Solution: Added code to recognize legacy Symantec AntiVirus and Symantec Client Security versions.
Downloaded Command filter in reporting does not report anything
Fix ID: 1275389
Symptoms: Reporting on the Event Type - Downloaded Command, the Report does not generate any information, even if the client has successfully downloaded and run a command.
Solution: Changed the report to properly display executed commands.
Symantec Endpoint Protection Manager Administrator is able to view restricted data
Fix ID: 1278495
Symptoms: A Symantec Endpoint Protection Manager Administrator (not a System Administrator) is able to view data in some reports that is outside of the Symantec Endpoint Protection Manager domain to which they belong.
Solution: Updated code to properly handle the advanced filters.
"Failed to export to Group" when exporting installation packages
Fix ID: 1282747
Symptoms: When you export a Symantec Endpoint Protection 11.0 installation package with Symantec Endpoint Protection Manager, the operation will appear to be successful, but the following error will be displayed: "Failed to export to Group <Group Name>".
Solution: Addressed an export failure that would occur if the exporting path or group name contains more than one consecutive space.
Installing Symantec Endpoint Protection Manager to a SQL database with a custom DSN port, Symantec Endpoint Protection Manager log on will fail until Symantec Endpoint Protection Manager is configured to use a static port
Fix ID: 1284996
Symptoms: When a site is reconfigured with a different SQL port or with different database instance name, the DSN used for reporting will not display reports or may display an error dialog .
Solution: Symantec Endpoint Protection Manager now recognizes the custom port and properly updates ports and database instance names.
The "change password" link is missing from the Admin\Tasks
Fix ID: 1285143
Symptoms: When signing in with an Active Directory authenticated account, navigating to the Admin Tab and choosing any of the accounts will not display the "Change Administrator Password" option.
Solution: Corrected the logon functionality and the "Change Administrator Password" link is displayed and works correctly.
Query fails on the computer status log page when the max limit is set to 1000 rows
Fix ID: 1287094
Symptoms: Using a long query string where specifying each of 1000 32-char GUIDs causes the query to fail.
Solution: Optimized the query to handle the long query strings.
Limited Admin restricted to one group can view all learned applications globally in a Symantec Endpoint Protection Manager site
Fix ID: 1292279
Symptoms: A limited administrator with full access to only one sub-group has the ability to choose the Global group when searching for learned applications.
Solution: Changed the call made to only gather the groups the administrator has access to.
Several policy changes generate broken links
Fix ID: 1293296
Symptoms: A few of successive changes in the policies in Symantec Endpoint Protection Manager causes the database to contain broken links.
Solution: Updated the code utilized to verify the inheritance configuration for Symantec Endpoint Protection Manager policies.
"Unable to read xml file" error in SesmLU.log when Symantec Endpoint Protection Manager using non-default data folder
Fix ID: 1299042
Symptoms: During installation of Symantec Endpoint Protection Manager, change the path of the Symantec Endpoint Protection Manager Data folder in the Management Server Configuration Wizard to a location other than the auto-detected location, and after running LiveUpdate errors occur in SesmLu.log.
Solution: Modified how the server.xml location is loaded by SesmLu.
Temp files build up on server when backing up sem5 database
Fix ID: 1299067
Symptoms: The server hard drive fills up with .temp files when backing up database.
Solution: Added a buffer parameter in the backup operation.
OU import fails with errors when importing from the domain level through LDAP
Fix ID: 1300113
Symptoms: When importing from the domain level, a "Failed to connect to the Directory Server. Verify that the server name and port are correct" error may appear.
Solution: Modified the import process to handle unique characters like '%2F'.
Restored backup does not sync Settings.LiveUpdate file and Symantec Endpoint Protection Manager user interface configuration
Fix ID: 1302032
Symptoms: After restoring a Symantec Endpoint Protection Manager backup, the proxy settings are not synchronized with the LiveUpdate settings file.
Solution: Forced a sync during the database backup sequence.
Cannot deploy clients to Organizational Units that have commas in the name
Fix ID: 1317112
Symptoms: When you import an Active Directory OU that has a comma in the name, that OU or other OUs below it are not usable for Symantec Endpoint Protection Manager client deployment. Any clients deployed to them will be installed to the temporary group.
Solution: Modified the function to parse OU names with commas in them correctly.
Risk log does not show up in Symantec Endpoint Protection Manager
Fix ID: 1317130
Symptoms: If a risk event is stored in the database with a blank name, the risk logs will no longer forward to Symantec Endpoint Protection Manager database.
Solution: Added additional checks to avoid the server log corruption.
Tomcat hangs when generating scheduled report
Fix ID: 1318193
Symptoms: Java task that generates reports for either scheduled reporting or notifications hangs when it is unable to access IIS with error code of 502 or 503.
Solution: Updated error code pages to allow Symantec Endpoint Protection Manager to continue processing.
Symantec Endpoint Protection Manager > Monitor > Logs does not maintain report after command initiated using custom filter
Fix ID: 1320751
Symptoms: Symantec Endpoint Protection Manager > Monitor > Logs does not maintain report after initiated command using custom saved filter. A "No Entries" message is displayed after clicking the start button for the specified command, and clients are no longer visible in logs report.
Solution: Corrected the filter name so that it can be properly saved and reused.
Assigning a policy to a group takes too long
Fix ID: 1323714
Symptoms: Slow performance when trying to assign a policy to a group when Symantec Endpoint Protection Manager is managing a large number of groups.
Solution: Optimized the database processing to handle large numbers of groups.
Symantec Endpoint Protection Manager OU Import issues if "Description field" contains escape characters \n, \u, \N, or \O
Fix ID: 1364410
Symptoms: Computer descriptions imported from Active Directory with certain characters will cause import failures or partial client deletions.
Solution: Added escape solution and better encoding translation.
System Administrator cannot view reports created by Administrators in Symantec Endpoint Protection Manager
Fix ID: 1366587
Symptoms: Scheduled reports created by an Administrator with default permissions cannot be viewed by the System Administrator.
Solution: Altered the query used to view reports to display the reports for which the administrator has permissions.
Display filter does not retain changed settings after closing Symantec Endpoint Protection Manager
Fix ID: 1371799
Symptoms: In Symantec Endpoint Protection Manager, under the Clients view, attempts to set a display filter to allow the viewing of more or less than 30 clients will be reset after Symantec Endpoint Protection Manager is closed and reopened.
Solution: New values are now remembered in later sessions.
Exporting the Application and Device Control Logs crashes due to invalid characters
Fix ID: 1395288
Symptoms: The Export function crashes when invalid characters are included in Application and Device Control logs.
Solution: Symantec Endpoint Protection Manager no longer uses XML to temporarily export logs.
Symantec Network Access Control fixes
Gateway Enforcer set to Fail Open and disable settings will not save after reboot
Fix ID: 1285052
Symptoms: Gateway Enforcer Fail Open is disabled prior to reboot. After reboot, the Fail Open status is set to enabled again.
Solution: New values are now remembered after reboot.
Maintenance Patch 2 for Symantec Endpoint Protection Maintenance Release 2 (MR2 MP2)
This section describes the fixes in Maintenance Patch 2 for Maintenance Release 2.
About Maintenance Patch 2
This Maintenance Patch cannot be installed over the 11.0.0 or 11.0.1 versions of Symantec Endpoint Protection Manager. It must be installed over Maintenance Release 2, either with or without Maintenance Patch 1. For information about how to obtain the latest build of Symantec Endpoint Protection, read the following document: Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x.
Components included in Maintenance Patch 2
Major components
| Component | Version |
| Symantec Endpoint Protection | 11.0.2020.56 |
| Client Management Component | 11.0.2020.21 |
| Symantec Network Access Control | 11.0.2020.8 |
| Symantec Endpoint Protection Manager | 11.0.2020.26 |
Minor components
| Component | Version |
| AMS | 6.12.0.148 |
| Auto-Protect | 10.2.4 |
| Behavior Blocking | 3.3.7 |
| COH | 6.1.2.3/6.1.3.20 |
| Common Client | 106.3.6.9 |
| DecABI | 1.1.1.39 |
| DefUtils | 3.3.11.0/3.3.16.0 |
| ECOM | 61.3.0.17 |
| QServer | 10.1.8.8000 |
| SyKnAppS | 2.5.0.12 |
| SymEvent | 12.5.3.3 |
| SymNetDrv | 7.2.1.110 |
| Teefer2 | 11.0.1836.12 |
| WpsHelper | 11.0.717.804 |
| VxMs (MSLight) | 5.1.1.0 |
New fixes in Maintenance Patch 2
Symantec Endpoint Protection Manager fixes
Unable to delete older Install Packages after migrating to MR2
Fix ID: 1255413
Symptom: After migrating from the MR1 build of Symantec Endpoint Protection Manager to the MR2 build, packages cannot be deleted from Admin > Install Packages.
Solution: Modified Symantec Endpoint Protection Manager to better detect when packages are in use, and allow the administrator to delete unused packages.
After migrating to Symantec Endpoint Protection Manager MR2, unable to export MR2 client install packages
Fix ID: 1265816
Symptom: Replication marks the content as "Nul" for packages, so those packages can not be exported from the console.
Solution: Addressed null packages to allow for the proper exports of packages.
Domains that have been deleted from Symantec Endpoint Protection Manager are still showing up in Reporting
Fix ID: 1269092
Symptom: When opening Reports > Advanced Settings > Domain, domains that have been deleted from Symantec Endpoint Protection Manager appear.
Solution: Fixed deleted domain entries in the database.
Centralized Exception appears 14 times in Symantec Endpoint Protection Manager interface
Fix ID: 1272374
Symptom: Administrators who have no privileges on one domain see the Centralized Exception list owned by this domain when the administrator tries to add Centralized Exceptions by risk logs.
Solution: If the logged in administrator is the system administrator, the Centralized Exceptions created in all domains are shown; if the logged in administrator is a domain administrator or limited administrator, only the Centralized Exceptions in the specific domain are shown.
Domain administrator can view groups that belong to another domain
Fix ID: 1273368
Symptom: Domain administrator can view groups that belong to another domain when clicking on group hint box on notification and advanced filters.
Solution: Updated query to include domain_id that domain administrator belongs to, as well as to add the legacy domain IDs.
A case sensitive security check prevents the command/policy publishing from completing
Fix ID: 1275710
Symptom: Symantec Endpoint Protection Manager fails to publish commands and/or policies, resulting in clients not receiving them.
Solution: Replaced the case sensitive check with a case insensitive one.
The antivirus definition version shown in the Symantec Endpoint Protection Manager console does not match the definition version shown in the client UI
Fix ID: 1276588
Symptom: On the Symantec Endpoint Protection Manager console, clients that have not been rolled out a particular antivirus definition version show that they are using that version.
Solution: Corrected an initialization error in the Symantec Endpoint Protection Manager AV operational status SAX parser.
Mdef25builder blocks other Symantec Endpoint Protection Manager processes
Fix ID: 1276873
Symptom: While creating delta, the mdefbuilder process blocks policy publishing.
Solution: Removed the mdefbuilder process from the synchronization block, so that it will not block other processes such as publishing policies.
Internal site-wide "is LiveUpdate running" flag is set incorrectly
Fix ID: 1280150
Symptom: The Symantec Endpoint Protection Manager denies requests to launch LiveUpdate, stating that it is already running.
Solution: Added an additional validation step on the site-wide "is LiveUpdate running" flag which resets it as needed.
Slow imports from Active Directory OUs and creating locations
Fix ID: 1290262
Symptom: With a large (over 1000) number of groups or locations, the console would become sluggish in several places in the Policies and Clients tabs.
Solution: Batched multiple requests for information into a single call to the Symantec Endpoint Protection Manager.
0Kb .dax files appear on the Symantec Endpoint Protection Manager
Fix ID: 1292255
Symptom: Mdefbuilder builds 0-byte dax files when it cannot generate a Delta package. Therefore, when client switches from one site to another site, 0-byte dax files get generated if the target LU content revision doesn't exist in the agent connected site.
Solution: Addressed LU content download flags and delta generation process.
Symantec Endpoint Protection client fixes
Application List not saved properly after restart
Fix ID: 1179501
Symptom: Symantec Endpoint Protection Firewall does not remember the Applications that access the internet when the rule is set to "Ask."
Solution: Resolved initialization issues to save the firewall application list correctly.
Application error CCMExec.exe when upgrading from 10.2 MP1
Fix ID: 1211174
Symptom: When deploying a client package to upgrade a 10.2 client, a CCMExec.exe error appears on the client.
Solution: Addressed sysfer installation issue so as not to cause the application error.
Symantec Endpoint Protection client does not switch from External location when switching from wireless to Ethernet connections
Fix ID: 1220727
Symptom: When connecting to the Ethernet connection for the internal location, the client does not successfully switch locations.
Solution: Addressed DNS Lookup code to allow connection switch.
Number of files in the SharedUpdates directory does not decrease
Fix ID: 1236474
Symptom: A large number of objects accumulate in the SharedUpdates directory
Solution: Updated Group Update Provider (GUP) to delete objects correctly after the size or date threshold is reached.
Intermittent ccSvcHst error on shutdown
Fix ID: 1238114
Symptom: Intermittent ccSvcHst memory error appears on system shutdown.
Solution: Addressed shutdown faults in client components.
Petrel2008 software doesn't launch when Symantec Endpoint Protection Application & Device Control installed
Fix ID: 1257774
Symptom: Petrel2008 software does not function with Symantec Endpoint Protection 11.0 Application and Device Control.
Solution: Addressed sysfer conflict with the Petrel software.
IntelliJ IDEA software does not function with Application and Device Control installed
Fix ID: 1260166
Symptom: IDEA software fails to connect with Application and Device Control installed.
Solution: Addressed conflict between Application and Device Control and the IDEA software.
Ping time and CPU utilization increase with Symantec Endpoint Protection MR2 on Vista
Fix ID: 1261384
Symptom: CPU usage becomes very high when receiving multiple ping packets.
Solution: Set the owner of ping packets to the correct state to avoid extended packet processing times.
Symantec Endpoint Protection Manager shows in reports that agent has Network Access Control installed when it does not
Fix ID: 1266426
Symptom: When the agent registers with Symantec Endpoint Protection Manager after the product installation, it reports that Network Access Control is installed when it is not. After next heartbeat, the agent sends its correct agenttype info and reports display the correct value.
Solution: Changed PHP query to not to use "SNAC" as the product type if enough information is not available. Instead, "NONE" is used as the product type until all the data is available.
On Windows 2000 without Terminal Services, users may receive a default profile during logon
Fix ID: 1266776
Symptom: Users will receive a default profile during logon.
Solution: Improved Symantec Endpoint Protection client's triggering mechanism for logon and logoff.
Sysplant.sys causes application Quintiq to crash
Fix ID: 1320412
Symptom: After installing Symantec Endpoint Protection 11.0, the Quintiq application will no longer run without unexpected errors.
Solution: Updated Sysplant to remove conflict.
Point Patch 1 for Symantec Network Access Control Maintenance Release 2 Maintenance Patch 1
Point Patch 1 is a patch specific to Symantec Network Access Control. It can only be installed over Maintenance Release 2 with Maintenance Patch 1.
Symantec Network Access Control fixes in Point Patch 1
Symantec System Health Agent (SHA) is not running after restart
Fix ID: 1267397
Symptom: Microsoft Network Access Protection (napstat.exe) displays the message "SHA Not Present." The detailed message is "A system health agent (SHA) that may be required for full network access is not present on this computer. Please contact your network administrator. ID 100848."
Solution: Made a change to bind the Symantec SHA (ID 100848) correctly with the Microsoft Network Access Protection Agent.
NAP Enforcer: Ignoring "Verify Client UID" does not work
Fix ID: 1269383
Symptom: Symantec Network Access Control Agent cannot get a normal IP address if the agent is not connected to Symantec Endpoint Protection Manager, even if the "Verify Client UID" setting is turned off in Symantec Endpoint Protection Manager.
Solution: Send Host Integrity Information to Enforcer even if the agent is not connected to Symantec Endpoint Protection Manager.
Agent built-in authentication fails when upgrading a Windows XP SP2 computer to Windows XP SP3
Fix ID: 1234014
Symptom: HI (Host Integrity) and PROFILE information on an endpoint are unavailable after Windows XP SP2 is upgraded to Windows XP SP3.
Solution: Symantec Network Access Control EAP values in the registry are reset after an endpoint is upgraded to Windows XP SP3. Upon restarting after XP SP3 installation, the Symantec Network Access Control service resets the correct EAP values in the registry.
NAP Agent does not communicate with Enforcer if "DHCP Enforcement" configured after Symantec Network Access Control Agent started on XP SP3
Fix ID: 1240376
Symptom: Microsoft Network Access Protection (NAP) does not work until either the Symantec Network Access Control service or the computer is restarted.
Solution: Detect and bind the Symantec SHA whenever the Microsoft Network Access Protection Agent is started.
Maintenance Patch 1 for Maintenance Release 2 (MR2 MP1)
This section describes the fixes in Maintenance Patch 1 for Maintenance Release 2.
About Maintenance Patch 1
This Maintenance Patch cannot be installed over the 11.0.0 or 11.0.1 versions of Symantec Endpoint Protection Manager. It must be installed over Maintenance Release 2. For information about how to obtain the latest build of Symantec Endpoint Protection, read the following document: Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x.
Components included in Maintenance Patch 1
| Component | Version |
| AMS | 6.12.0.148 |
| Auto-Protect | 10.2.4.2/10.2.4.3 |
| Behavior Blocking | 3.3.6.7/3.3.6.8 |
| ccEraser | 20072.0.1.7 |
| COH | 6.1.2.3/6.1.3.20 |
| Common Client | 106.3.6.9 |
| DecABI | 1.1.1.39 |
| Defutils | 3.3.11.0/3.3.16.0 |
| Deuce Engine | 2007-06-06-1 |
| ECOM | 61.3.0.17 |
| Intelligent Updater | 5.0 (Release .006) |
| LiveUpdate | 3.3 (Release .002) |
| LiveUpdateAdmin | 2.1.2 (Release .002) |
| LiveUpdateCCPA | 1.0 (Release .002) |
| LOTS Manager | 3.3 (Release .001) |
| Microdefs | 2.5 (Release .007) |
| SyKnAppS | 2.5.0.12 |
| SymEvent | 2.5.3\3 |
| SymNetDrv | 7.2.1 |
| Teefer2 | 11.0.1836.12 |
| WpsHelper | 11.0.717.804 |
| VxMS (MSLight) | 5.1.1.0 |
New fixes in Maintenance Patch 1
Symantec Endpoint Protection Manager fixes
Symantec Endpoint Protection Manager fails to update virus definitions or policies to clients
Fix ID: 1212533
Symptom: Symantec Endpoint Protection Manager downloads the updates correctly but does not update the clients.
Solution: Resolved synchronization error between LiveUpdate process and database replication.
In a replication environment, after a few days, both sites' Symantec Endpoint Protection Manager publishing tasks show exceptions
Fix ID: 1222330
Symptom: After updating definitions in a replication environment, "Unexpected server error" entries appear in the server log files.
Solution: Changed code to continue instead of causing an exception when encountering a content "broken link."
Newly added site slows down server and console
Fix ID: 1257786
Symptom: After adding additional servers to a site, the performance of the console and compiling group policies becomes noticeably slower.
Solution: Added performance increases to speed up functionality in large group environments.
When the Symantec Endpoint Protection Manager replication data is over 2 GB, replication fails
Fix ID: 1219223
Symptom: When the replicating data.zip size is over 2 GB, replication fails.
Solution: When restoring or replicating, Symantec Endpoint Protection Manager now decompresses the zip file to a temp folder first, then updates the DB.
The unmanaged detector does not reflect the client status correctly
Fix ID: 1201280
Symptom: When a client is enabled as an unmanaged detector and the system is restarted, the unmanaged detector function is disabled.
Solution: Addressed the merging of client information into the database so that the LAN sensor information is not lost.
In environments with more than 1,000 groups, updating content takes a long time
Fix ID: 1229073
Symptom: With 1000 groups, it can take up to an hour and a half, during which any change made to the groups configuration, including adding a new group, is not processed.
Solution: Changed the update process to greatly increase performance.
Computer Status shows "No Definitions" for clients that do have current definitions
Fix ID: 1240543
Symptom: When checking logs from Symantec Endpoint Protection Manager > Monitors > Logs > Computer Status > View Log, the [Definitions Date] field shows "No definitions" even when the client has the latest definitions.
Solution: Updated the agent to properly report the PATTERN_IDX status.
Symantec Endpoint Protection Manager creates 0-byte .DAX files, causing clients to request full definition update
Fix ID: 1250838
Symptom: Instead of providing delta updates to the clients, the clients will request full definition sets. Zero-byte .DAX files are in the contents folder.
Solution: Allow the server to compile the new content before publishing the data.
Policy creation failure due to package broken links
Fix ID: 1256146
Symptom: Policy compilation issues prevent policies from being created and deployed.
Solution: If there are any exceptions that occur during the client package retrieval from the database, they are logged and the updates continue.
Site Properties dialog fails to open
Fix ID: 1255484
Symptom: If the retry intervals are set too low, Symantec Endpoint Protection Manager fails to open the site properties.
Solution: If the configuration is below the required minimum value, it is reset to the minimum value.
Network Providers in My Network Places has more than one instance of Symantec SNAC Network Provider
Fix ID: 1150373
Symptom: When changing the client set feature from Symantec Endpoint Protection Manager, each change adds another instance of Symantec SNAC Network Provider.
Solution: Updated the code to no longer add unneeded SNAC Network Provider entries to the registry.
Symantec Endpoint Protection client fixes
RTVscan.exe crashes with faulting module msvcr80.dll fault add: 0x000046b4
Fix ID: 1247109
Symptom: Error in the application logs: Faulting application Rtvscan.exe, version 11.0.1000.1112, faulting module msvcr80.dll, version 8.0.50727.1433, fault address 0x000046b4.
Solution: Added additional exception handling.
Normal Users cannot disable firewall, even when allowed to by administrator
Fix ID: 1241207
Symptom: Restricted users are unable to disable the firewall, even though they're configured to be able to do so through the console.
Solution: Restricted users cannot stop services, but can disable the firewall if they are allowed to do so by the administrator.
A request for a restart is displayed even though no updates are needed
Fix ID: 1247970
Symptom: Even though Network Threat Detection is not installed, the user is prompted to restart the computer because there is a Network Threat Detection update that needs to be applied.
Solution: Added additional codes to display why restarts are needed.
Outlook stops unexpectedly when using "Next Item" button repeatedly
Fix ID: 1222352
Symptom: When using the "Next Item" button in Outlook to move from message to message, Outlook crashes after reviewing 5-10 messages.
Solution: Changed client so as not to cache the callback pointer when browsing messages.
Maintenance Release 2 (MR2)
This section describes the new features and fixes included in Maintenance Release 2 of Symantec Endpoint Protection 11.0 and Symantec Network Access Control 11.0.
About Maintenance Release 2 for Symantec Endpoint Protection and Symantec Network Access Control
Symantec Endpoint Protection 11.0.2 and Symantec Network Access Control 11.0.2 provide enhancements on top of the existing 11.0 functionality to support the Microsoft Windows 2008 Server. In addition to providing compatibility with the new operating system, this release adds compatibility to the Microsoft Network Access Protection (NAP) framework. Fixes for customer problems and minor enhancements since the release of Symantec Endpoint Protection and Symantec Network Access Control are included this release. This release also adds support for Windows Vista Service Pack 1 and XP Service Pack 3.
New features
- Support for Microsoft Windows 2008 Server clients
Support for Windows Server 2008 Standard/Enterprise/Datacenter/Web (32-bit or x64 edition), including Server Core installation, has been added to the Symantec Endpoint Protection and Symantec Network Access Control clients. Symantec Endpoint Protection Manager and the deployment tools have also been modified to support the management of Symantec Endpoint Protection and Symantec Network Access Control clients that run on Windows Server 2008. However, the management components cannot be installed on a computer running Windows Server 2008.
- Compatibility with Microsoft Network Access Protection (NAP) Framework
Customers can build Symantec Network Access Control-only or multi-vendor policy compliance solutions using Microsoft's Network Access Protection (NAP) technologies. This feature lets customers leverage a standards-based (TNC-compliant) and Microsoft-supported network access control framework. This framework supports 802.1x, DHCP, Microsoft VPN, and IPSec technologies to control network access.
In addition to the previously supported methods, Symantec Network Access Control customers gain the use of IPSec as a compliance method. IPSec is an endpoint-centric method designed to build trust relationships between domain members.
For customers who want to leverage this technology, a major advantage for Symantec Network Access Control is the ability to control all aspects of admission control policy in a single policy console, instead of requiring customers to deploy multiple policy servers and management plug-ins.
- Improved resource utilization in Symantec Endpoint Protection client and Symantec Endpoint Protection Manager
The MR2 release reduces the client footprint and resource utilization of the Symantec Endpoint Protection Manager in order to enhance the user experience, especially in small and medium-sized business environments. Administrators have the option to increase the space and memory allocation of the server to fit their business environment.
- Enhanced Device Control supports Device ID
This feature lets you set a policy for a specific device that is allowed or not allowed to be attached to the endpoints, which helps ensure that USB memory sticks are not used unless they are approved by your security policy.
Components included in Maintenance Release 2
| Component | Version | Comments |
| Auto-Protect | 10.2.3 | Certified on Windows 2008 |
| Behavior Blocking | 3.3.6\008 | |
| ccEraser | 20072.0.1.7 | |
| COH | 6.1.3\020 | |
| Common Client | 6.3.6\009 | |
| DecABI | 1.1.1 | |
| Defutils | 3.3 (Release .002) | |
| Deuce Engine | 2007-06-06-1 | |
| ECOM | 20071.3 | |
| Intelligent Updater | 5.0 (Release .006) | |
| LiveUpdate | 3.3 (Release .002) | |
| LiveUpdateAdmin | 2.1.2 (Release .002) | |
| LiveUpdateCCPA | 1.0 (Release .002) | |
| LOTS Manager | 3.3 (Release .001) | |
| Microdefs | 2.5 (Release .007) | |
| SyKnAppS | 2.5 | Certified on Windows 2008 |
| SymEvent | 12.5.3\3 | |
| SymNetDrv | 7.2.1 | Certified on Windows 2008 |
New fixes in Maintenance Release 2
Symantec Endpoint Protection Manager fixes
Symantec Endpoint Protection embedded database takes too much hard disk space
Fix ID: 1193157
Symptom: Over time, the embedded database continues to grow in size under normal operations. Actual used disk space is under 1GB, while unused disk space allocated to the database grows to almost 2 GB.
Solution: Unused disk space allocated to the embedded database is cleaned up more efficiently. New customers who upgrade to MR2 will not experience this problem. For existing customers who are experiencing this problem and upgrade to MR2, the database size does not shrink automatically. You must use a command line tool (dbunload.exe) to fix the problem. For more information, read the document How to shrink the embedded database using the Dbunload tool.
Port leak on Symantec Endpoint Protection Manager
Fix ID: 1183253
Symptom: Symantec Endpoint Protection Manager becomes deaf as Symantec Endpoint Protection clients download updates, CLOSE_WAIT sockets are not closed, and the server is out of ports and becomes deaf to the console. As this continues, at some point you can no longer remote desktop to the server. When the server is full, 3500 sockets are in CLOSE_WAIT, almost all the rest are in TIME_WAIT, and there are 15 or so talking to the database and clients. As time passes, the CLOSE_WAIT sockets slowly rise.
Solution: Symantec Endpoint Protection Manager process no longer has CLOSE_WAIT states after clients download updates, preventing the leaked ports from monopolizing all the server's ports.
Port Leak in Symantec Endpoint Protection Manager
Fix ID: 1193251
Symptom: An HTTP port leak (80) that regularly occurs to a server managing thousands of clients under normal load. If allowed to continue, this leak will eventually bring down the server. First the console becomes unusable, then you cannot connect via remote desktop.
Solution: Reviewed and modified Symantec Endpoint Protection Manager port 80 usage.
Localized Symantec Endpoint Protection Manager migration from 11.0.0 to 11.0.1 erases LiveUpdate Inventory
Fix ID: 1206983
Symptom: The LiveUpdate inventory is erased after a localized migration of Symantec Endpoint Protection Manager from 11.0.0 to 11.0.1. This does not occur on U.S. English migration.
Solution: LiveUpdate catalog was fixed so that this problem does not occur. There is also a workaround that can be applied: From the command line, navigate to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\, and then run the command: lucatalog.exe –update
Unexpected exception occurs on Symantec Endpoint Protection Manager
Fix ID: 1191813 / 1192650
Symptom: Numerous errors that state "An unexpected exception has occurred on Symantec Endpoint Protection Manager" occur. Searching a computer/user objects take from 5-10 minutes. Logging in to Symantec Endpoint Protection Manager takes 2-3 minutes (usually 5-10 seconds). Copying a computer object to another group takes 5-10 minutes and sometimes results in the Symantec Endpoint Protection Manager freezing.
Solution: Made modifications to the DB and Secars.dll to address these delays and unexpected exceptions.
Site replication fails due to deadlocks
Fix ID: 1180681
Symptom: Replication fails between multiple sites. The SQL database is deadlocking on certain queries.
Solution: Transaction queries and logic were updated to prevent the deadlocks from occurring.
Database deadlocks causing multiple problems
Fix ID: 1178096, 1178099
Symptom: Multiple deadlocks in database cause attempts to log in to Symantec Endpoint Protection Manager to fail. Deadlocks also cause functionality problems between multiple sites.
Solution: Optimized performance of Active Directory synchronization algorithm so that database deadlocks do not occur.
Symantec Endpoint Protection Manager user name and password in clear text in registry during LiveUpdate Policy Rolldown
Fix ID: 1006376
Symptom: User name and password are not encrypted in the registry during LiveUpdate Policy Rolldown and can be retrieved through regmon.
Solution: User name and password are now encrypted during transfer, and then unencrypted when read out to the host file.
Database sweep does not remove content which is marked for deletion on replication site
Fix ID: 1223074
Symptom: After content which is marked for deletion is deleted from one site, it is replicated to another site and not deleted. Database Sweep is slightly different in replication environment. Content is deleted only after a replication cycle has been completed.
Solution: Data that has been deleted from one site is not updated on the other site.
Group Folders are not created or take too long to create
Fix ID: 1191851, 1201662
Symptom: When you have a large number of existing groups, creating new groups fails as SemSvc.exe runs a check on all existing folders (one folder for each group). After over an hour, the new group is not created. When viewing created groups, some contained 2 files, while others contained over 20 files. In some instances, creating a group would take over an hour.
Solution: Added a condition that optimizes creation of groups, so that groups and group folders are created and created in a timely manner.
Import of policy from one Symantec Endpoint Protection Manager domain to another fails
Fix ID: 1183186
Symptom: After clicking "Import" to import a policy from one Symantec Endpoint Protection Manager domain to another, the action fails with no error message. This particularly happens when attempting to import firewall policies that use rules which apply to host groups that are not present in the new domain, or when importing policies from a migrated Symantec AntiVirus server group into a new domain.
Solution: Import action failed because new domain did not contain the same host group names. This problem is resolved by implementing the following: create host group if it doesn't exist in new domain, adding error handling messages if an error does occur, and merging host groups if user selects to overwrite existing policy for already existing groups.
Agents do not appear in Symantec Endpoint Protection Manager
Fix ID: 1178101
Symptom: Agents do not appear correctly in the Symantec Endpoint Protection Manager. Appears problem is tied with Active Directory synchronization. If Symantec Endpoint Protection Manager is restarted, agents will show up correctly. However, after Active Directory synchronizes with Symantec Endpoint Protection Manager, the agents will display offline again, which occurs every 24 hours.
Solution: Modified the order of how objects are processed so that agents appear correctly as "online" in the Symantec Endpoint Protection Manager.
Agent logs are not being replicated between Symantec Endpoint Protection Managers
Fix ID: 1178100
Symptom: Client, system, security, traffic, packet, and behavior logs are not replicated from one Symantec Endpoint Protection Manager to another.
Solution: Logs can now be replicated between Symantec Endpoint Protection Manager.
AntiVirus logs appear to cause out of memory error that kills Symantec Endpoint Protection Manager
Fix ID: 1200327
Symptom: Symantec Endpoint Protection Manager is rendered useless.
Solution: Logic was changed to handle anomaly processing regarding logging to now use the remediation path instead of the anomaly description member which is overloaded as a path value and service description value.
High CPU utilization when Symantec Endpoint Protection Manager builds definitions
Fix ID: 1191801
Symptom: When microdefinitions are being built on the Symantec Endpoint Protection Manager, CPU utilization reaches up to 95% and renders the server and console unusable.
Solution: When microdefinitions are being built, maximized the amount of CPU usage that is being utilized at 50%. Users can change this figure by adding/changing the scm.delta.cpu.usage parameter in the conf.properties file to a decimal number between 0 and 1, where 1 represents 100% usage and 0.5 represents 50% usage.
AntiVirus and Antispyware policy templates
Fix ID: 1210445
Symptom: Customer would like more AntiVirus and Antispyware policy templates from which to choose.
Solution: Symantec Endpoint Protection Manager contains new AntiVirus and Antispyware policy templates. There are now three templates from which to choose: high performance, high security, and the default (which balances performances and security).
Symantec Endpoint Protection Manager loses connection with client
Fix ID: 1209380
Symptom: After Symantec Endpoint Protection client initially connects to Symantec Endpoint Protection Manager, it immediately disconnects. The client does not download definitions or policies.
Solution: Fixed problem with Symantec Endpoint Protection Manager files that are not being processed correctly.
Client groups do not function properly
Fix ID: 1209569
Symptom: After creating a client group, attempting to create an installation package that is managed by the client group fails.
Solution: During the creation of the client group, the LiveUpdate folder is created, which was previously not created.
Symantec Endpoint Protection Manager LiveUpdate does not update content after system clock was previously set to a future date
Fix ID: 1198451
Symptom: From Symantec Endpoint Protection Manager, user changes system clock to a future date and then runs LiveUpdate. After restoring date to current time, attempts to run LiveUpdate fail. Attempts to uninstall or reinstall LiveUpdate, with or without Product.Inventory.LiveUpdate, do not resolve the problem. Setting the time to the future causes problems for policy download as well.
Solution: A recovery tool, updatedbtime.bat, is available in the Tools folder that resets the time stamps in the database to correct the problem. After running the tool, LiveUpdate problem should go away.
Disaster Recovery procedure conflicts with remote software and is difficult to follow
Fix ID: 1207080
Symptom: Restoring client communications without a database backup involves logging into Symantec Endpoint Protection Manager and traversing to Admin > Domains >About, and then pressing and holding Shift + Ctrl + Alt. When accessing remotely, this action creates conflicts. This process also is difficult to follow as only certain areas of the About box can trigger the expected result.
Solution: Added an "Advanced" button that hides the disaster recovery input area so that no conflicts arise from using Shift + Ctrl + Alt, while also making it easier to access the area for user to provide the necessary information.
Procedures to migrate embedded database to remote SQL server causes communication with client to break
Fix ID: 1211785
Symptom: After following steps in documentation to migrate embedded database to remote SQL server, Symantec Endpoint Protection clients no longer communicate with Symantec Endpoint Protection Manager.
Solution: Revised documentation to correctly migrate database over to remote SQL server. This involved including a step to restore the keystore.
Virus Definitions bar chart and IPS Signatures chart on Symantec Endpoint Protection Manager home page do not display
Fix ID: 1190971
Symptom: Charts on the home page appear blank.
Solution: Modified code to ensure that chart information is displayed as expected on the Home Page.
Cannot export agent packages from Symantec Endpoint Protection Manager Web console
Fix ID: 1204496
Symptom: When attempting to export an agent package from the Symantec Endpoint Protection Manager Web console, the user receives an error stating that exporting failed.
Solution: Agent packages can now be exported from Symantec Endpoint Protection Manager Web console.
ClientRemote Utility not functional
Fix ID: 1198284
Symptom: Attempts to install a Symantec Endpoint Protection client package with the ClientRemote utility fails with inability to authenticate using domain administrator and local administrator credentials. Error message states that it is an invalid account. When accessing workstation and C$ share, can see that share is using the domain administrator account.
Solution: Added checks in the ClientRemote utility to attempt to authenticate via domain\username, and then target\username before returning error code. This allows local administrator credentials to be used when distributing into a domain.
Communication between Symantec Endpoint Protection Manager and client breaks after moving clients to a different Organizational Unit (OU)
Fix ID: 1195419
Symptom: Duplicate Symantec Endpoint Protection client entries appear in the SQL database, and therefore break client/manager communication as clients attempt to communicate with the deleted OU.
Solution: SQL Database is cleaned up of old non-existing Active Directory groups/OUs to ensure that clients communicate with existing groups.
Users deleted from Symantec Endpoint Protection Manager groups that are synchronized from Active Directory (AD)
Fix ID: 1203581
Symptom: Objects copied from group imported from Active Directory and then copied to Symantec Endpoint Protection Manager group disappear from Symantec Endpoint Protection Manager AD group, Symantec Endpoint Protection Manager group, or both.
Solution: Symantec Endpoint Protection Manager now keeps one entry in OU group and one entry in non-OU group to resolve duplicate agents, and to resolve objects from being deleted.
Cannot connect remotely to Symantec Endpoint Protection Manager that is installed behind a firewall with Network Address Translation (NAT)
Fix ID: 1174651
Symptom: When attempting to use the remote Symantec Endpoint Protection Manager outside the private network, you can perform initial logon steps, but cannot access the console. The error message shows "Hostname Mismatch. The name on the site does not match the name on the certificate."
Solution: In NAT environment, connecting remotely uses the local address as the server IP address instead of the HTTP host to connect to Java.
LiveUpdate downloads are not always randomized
Fix ID: 1193767, 1193770
Symptom: After switching from push to pull mode, randomization of LiveUpdate downloads does not occur.
Solution: During pull mode, LU content download is randomized. By default, the thread waits for one minute before performing the download. Therefore randomization is done for clients that have pull mode interval of more than one minute.
Changing remote console port blocks Symantec Endpoint Protection Manager/Symantec Endpoint Protection communication
Fix ID: 1187451
Symptom: Changing the remote console port from 9090 (server.xml) will block clients deployed after the change from registering and communicating with Symantec Endpoint Protection Manager.
Solution: Documentation amended to explain how to modify server.xml for the port change to work. Within server.xml, change scm.http.port=<new Port>, and scm.server.http.port=<new Port> Changed in Administrator's Guide, Installation Guide, and Readme.
Migration – After restoring database after migration, two management servers appear in Symantec Endpoint Protection Manager
Fix ID: 1216751
Symptom: Backing up database of Symantec Endpoint Protection 11.0.0, uninstalling Symantec Endpoint Protection Manager 11.0, installing Symantec Endpoint Protection Manager 11.0 MR1, and then restoring the database results in two management servers listed in Symantec Endpoint Protection Manager under Admin > Servers.
Solution: Changed code to use server name that is kept in the database.
Command to cancel scans does not cancel all scans
Fix ID: 1181265
Symptom: If a user runs a scan or an admin-configured scheduled scan is running on Symantec Endpoint Protection client, attempting to cancel scan from Symantec Endpoint Protection Manager with "cancel all scans" command is not successful.
Solution: Allow administrator to cancel all scans from Symantec Endpoint Protection Manager whether they are initiated by Symantec Endpoint Protection Manager or user.
On Symantec Endpoint Protection Manager Home Page, status of Symantec Endpoint Protection client shows AntiVirus Engine is off
Fix ID: 1183055
Symptom: From Symantec Endpoint Protection Manager, multiple Symantec Endpoint Protection clients show that the Antivirus Engine is off from the Home Page > Status Summary. A local check shows that the antivirus engine is on, the definitions are current, and there are no other problems.
Solution: Fixed to present correct state of Symantec Endpoint Protection clients in Symantec Endpoint Protection Manager.
Symantec Endpoint Protection Manager hangs when performing certain operations
Fix ID: 1208845
Symptom: Unchecking "Inherit policies and settings from the parent group Global" for the Temporary group freezes the management console.
Solution: Code changes to prevent Symantec Endpoint Protection Manager from hanging/freezing when performing these operations.
Import of certain OU information from LDAP server fails
Fix ID: 1180685
Symptom: If OU information contains certain characters, importing information from LDAP server fails with error: "LDAP XML Saving Failed. The character ' ' is an Invalid XML character."
Solution: Characters previously deemed as invalid are now valid.
Windows 2000 Symantec Endpoint Protection clients appear as Unknown Computers in Symantec Endpoint Protection Manager
Fix ID: 1201891
Symptom: Running "Find Unmanaged Computers" from Symantec Endpoint Protection Manager finds Symantec Endpoint Protection Clients running on Windows 2000 as "Unknown Computers."
Solution: Correlated results of the Find Unmanaged Computers with the information already known about Symantec Endpoint Protection clients in the database to correctly identify Windows 2000 Symantec Endpoint Protection Clients.
Some non-shared policies cannot be disabled
Fix ID: 1181447
Symptom: When policies are converted from shared to non-shared, the policies can no longer be disabled. The "enable this policy" check box is grayed out.
Solution: "Enable this policy" setting activated for the following policies: firewall, intrusion prevention control, and application and device control. User cannot disable Antivirus and LiveUpdate policies.
Corrupted XML in the Symantec Endpoint Protection Manager database
Fix ID: 1187858
Symptom: Users are experiencing inconsistencies because of corrupt XML in the Symantec Endpoint Protection Manager database.
Solution: Tool was created that validates the XML in the Symantec Endpoint Protection Manager database and alerts when there are broken links or references in the XML.
Cannot log into to Symantec Endpoint Protection Manager after upgrading JRE to 1.6.x
Fix ID: 1155395
Symptom: After upgrading JRE to 1.6.x, attempting to log into Symantec Endpoint Protection Manager fails.
Solution: Added logic to Symantec Endpoint Protection Manager that recognizes JRE 1.6.x and later versions so that users can upgrade JRE and use Symantec Endpoint Protection Manager without interruption.
Need error handling when multiple attempts of clients to download LiveUpdate content from server fail
Fix ID: 1187497
Symptom: Network becomes completely saturated with failed download attempts of virus definitions to Symantec Endpoint Protection clients. In some cases many clients are requesting LiveUpdate content from IIS/Symantec Endpoint Protection Manager. If the clients encounter a network error, they retry very quickly. If the network is under heavy load then the clients encounter errors, the downloads fail, and they continue to retry the downloads.
Solution: A "backoff" algorithm was implemented that coexists with the incremental download mechanism for LiveUpdate content. This algorithm ensures that network bandwidth is never stretched to the point of rendering the customer's network unusable.
Devices may not work when Extreme switch is used in network environment
Fix ID: 1201306
Symptom: If a device, such as a printer, is connected to the same port as the Extreme switch, and since the printer does not use EAP, it would be authenticated by its MAC address. Since this is not a EAP RADIUS packet, the Extreme switch does not provide the correct "Message-Authenticator" to the LAN Enforcer. Therefore the LAN Enforcer modifies the "Authenticator" field, which is rejected by the FUNK Radius server, thus the printer (or other device) is never allowed to work.
Solution: Changed code to allow functionality.
Home and Monitors tabs don't work correctly if TEMP and TMP environment variables point to different folders
Fix ID: 1177149
Symptom: Accessing the Home or Monitors tabs brings up a blank page when the TEMP and TMP environment variables point to different folders.
Solution: Instead of relying on the TEMP and TMP environment variables, Symantec Endpoint Protection Manager now uses a custom folder for the temporary PHP session files that are used when accessing the various tabs from Symantec Endpoint Protection Manager. The new custom folder is located at: c:\Documents and Settings\All users\Application Data\Symantec\Symantec Enterprise Protection Manager\PHP\temp.
Online status of administrators always shows Offline
Fix ID: 1186783
Symptom: When an administrator logs in to the Symantec Endpoint Protection Manager, its Online Status always shows as offline.
Solution: Modified code to remove a duplicate session that caused the incorrect status.
Need to apply limits to all events to ensure hard disk does not get filled up
Fix ID: 1201915
Symptom: Without limits, hard disk may be flooded with events that eventually fill the disk to its capacity. This could potentially occur if the database goes down.
Solution: All event inboxes are included in calculations to ensure that they do not fill the hard disk to its capacity.
Centralized Exceptions does not function in exceptional situations
Fix ID: 1179354
Symptom: When creating a centralized exception for a directory that starts with a lower case n in the directory name, the exclusion does not work properly. This behavior also effects file exclusions and Tamper Protection exclusions. Garbage characters replace the "\n" and placing an infected file in the folder causes an alert to trigger even though that folder is supposed to be excluded.
Solution: Exceptions handle "\n" so that garbage characters are not created and exceptions work as expected.
Symantec Endpoint Protection Manager Process Event Log entries populated on Windows SBS Server
Fix ID: 1200391
Symptom: Event Log of Symantec Endpoint Protection Manager populated with "Create Log File Error" and "Failed to start Radius Server" on a daily basis.
Solution: Added a new check for Symantec Endpoint Protection Manager process that ensures its availability before attempting to create a log file or bind to a Radius port, thereby these event log error entries are not triggered.
Cancelling "Add Package" operation causes unexpected error message and/or system hang
Fix ID: 1190678
Symptom: If you cancel the "Add Package" operation while it is extracting the CAB file, you may get unexpected error messages and/or it may cause the management console to freeze.
Solution: Code changes to prevent error messages from popping up and Symantec Endpoint Protection Manager to freeze when cancelling "Add Package" operation.
Symantec Endpoint Protection client cannot be added to specified group if group name contains spaces
Fix ID: 1203005
Symptom: When deploying a Symantec Endpoint Protection client installation package with a specified group that contains a space in the group name, the client is added to the temporary group.
Solution: Spaces are now allowed in group names, so clients are placed in correct group after installation through the installation and migration wizard.
Cannot save report "Attacks Over Time"
Fix ID: 1179569
Symptom: Attempting to save the report "Attacks Over Time," which is accessed from Network Threat Protection > Attacks Over Time > Group option, fails. You must have data in the report to encounter this error.
Solution: Fixed the backend parsing to allow users to save this report.
Cannot configure "Check Floppies for Boot Viruses" from the Symantec Endpoint Protection Manager
Fix ID: 1158888
Symptom: Option to enable/disable "Check Floppies for Boot Viruses" is not available in the antivirus policy from the management console. Because this feature is available and configurable from the client, it should also be configurable from the management console.
Solution: "Check Floppies for Boot Viruses" is included in the antivirus policy, and is therefore configurable from the management console.
Maximum size of incoming log queues is too large (256GB)
Fix ID: 1201927
Symptom: Leaving unrestricted incoming log size could result in depletion of hard disk space.
Solution: Incoming log queue size is now limited to approximately 4GB.
Server GUI changes after clients send "User Information Collection"
Fix ID: 1205251
Symptom: User Info tab on the client properties changes after the user fills out User Information Collection dialog.
Solution: Accommodated differences in amount of information by adding a minimum size to these components.
LiveUpdate Help button unresponsive
Fix ID: 1191152
Symptom: Help button for "LiveUpdate Settings policy server settings" pane does not open the Help page.
Solution: Fixed Help button to access correct Help page.
Non-translated character strings on Report pages
Fix ID: 1132611
Symptom: After creating reports from the management console, hovering mouse over pie chart reveals character strings that have not been translated to the localized language.
Solution: Strings have been localized so that they appear in the correct language.
Incorrect Help information and links from Symantec Endpoint Protection Manager
Fix ID: 1164216, 1125095
Symptom: Steps to turn on "Collecting user information" are incorrect. Help instructs user to go to Client button, when setting is found on the Admin button. Also link for more information "About Remote Sites" points to incorrect page.
Solution: Help was fixed to correctly navigate to how to turn on "Collecting user information" and now correctly points to information "About Remote Sites."
Computer Name with Chinese characters displays incorrectly
Fix ID: 1180680
Symptom: If a computer's name has Chinese characters, it does not display correctly.
Solution: Computer name displays Chinese characters correctly.
Reports generated in Chinese .MHT format display a blank page when opened with Internet Explorer
Fix ID: 1192458
Symptom: Symantec Endpoint Protection Manager scheduled report delivers the report to a dedicated mailbox in .MHT format. Clicking on this file and opening it with Internet Explorer (default) brings up a blank page.
Solution: Added meta tag to code to address the problem.
User cannot separate port numbers with spaces from Remote and Local Ports drop-down list
Fix ID: 1195487
Symptom: From a firewall policy > Rules Page, adding a port does not let you separate multiple ports with spaces.
Solution: User can separate multiple ports by using commas and spaces. For example: (80, 800, 1024-49)
Garbage characters in Server Reporter panel
Fix ID: 1180678
Symptom: On localized Chinese build, garbage characters appear in several pages of the Symantec Endpoint Protection Manager, including "Policies" and "Monitoring."
Solution: Garbage characters removed from the affected pages.
Truscan log column truncated
Fix ID: 1201483
Symptom: Column in Truscan log is truncated, distorting the log's appearance.
Solution: Column fixed to display correctly.
Incorrect font displayed on Symantec Endpoint Protection Manager Admin page
Fix ID: 1098613
Symptom: From the Symantec Endpoint Protection Manager Admin page, several words are displayed in the serif font which is difficult to read in Japanese.
Solution: Font style corrected on the Admin page.
Symantec Endpoint Protection client fixes
TMP folders in virus definitions folder eventually consume all available drive space
Fix ID: 1177176
Symptom: Symantec Endpoint Protection clients create tmp folders in the C:\Program Files\Common Files\Symantec Shared\VirusDefs folder. When new definitions arrive, the problem stops, but starts again at random times on some computers. TMP folders are created in 5 and 10 minute intervals, eventually consuming all available space on the drive.
Solution: LiveUpdate code modified to clean up temporary folders and registry values in the case of failures during the update process.
Symantec Endpoint Protection Outlook Plug-in breaks all Outlook attachments
Fix ID: 1190655
Symptom: Whether the Outlook Plug-in is turned off or on, all Outlook attachments are broken when opened from a computer with Symantec Endpoint Protection client installed.
Solution: Ensured that Outlook attachments can be opened on Symantec Endpoint Protection Clients with Outlook Plug-in installed.
Symantec Endpoint Protection client scans do not scan any or all files
Fix ID: 1200900
Symptom: Attempts to run a full scan results in Symantec Endpoint Protection client scanning only approximately 1,000 files. Attempts to run a scan with "scan enhancements" unchecked results in 0 files scanned.
Solution: Updated the Common Client component that resolves the inconsistent scanning problem.
Windows blue screen error
Fix ID: 1159668
Symptom: Windows computer with Symantec Endpoint Protection 11.0 client installed encounters blue screen with an "Unexpected_Kernel_Mode_Trap (7f)."
Solution: Code fixed to address driver problems.
64-Bit Windows 2003 Server blue screen error
Fix ID: 1169684
Symptom: Computer encouters blue screen with reference to cceraser.dll.
Solution: Fixed problem with new release of Symantec Eraser engine.
Symantec Endpoint Protection client maintains accelerated heartbeat for too long
Fix ID: 1204176
Symptom: When the Symantec Endpoint Protection client is in pull mode, and enters an accelerated heartbeat (polls server every minute) due to content pending download, the client does not exit out of the accelerated heartbeat fast enough after the content is downloaded.
Solution: Accelerated heartbeat exit criteria has been modified to the following: client falls back to normal heartbeat interval once Symantec Endpoint Protection Manager delivers the pending LiveUpdate content/Client Package OR if the time elapsed in accelerated mode is twice the push/pull mode interval.
Symantec Endpoint Protection client migration problems
Fix ID: 1211603
Symptom: On Symantec Endpoint Protection client, migration from Symantec Endpoint Protection 11.0 RTM to later MR hangs. User is prompted several times to upgrade, selects OK, and then client stops responding.
Solution: Modified installation package to handle necessary Windows files appropriately, and updated LiveUpdate catalog.
Update Schedule for Symantec Endpoint Protection client is not updated
Fix ID: 1195527
Symptom: Once a Symantec Endpoint Protection client gets an update schedule from the Symantec Endpoint Protection Manager, it will keep the update schedule even if the server changes it. For example, if the server is configured to have all clients update within 10 days and the client picks a schedule for 8 days from now, the client will keep the 8 day schedule even if you change the server to have clients update immediately before the 8 days elapse.
Solution: New Update schedule from server now supersedes previous update schedule already on the Symantec Endpoint Protection client.
Installing Application Control without Proactive Threat Scan blocks nothing
Fix ID: 1194067
Symptom: Functionality of Application Control is non-existent without Proactive Threat Scan.
Solution: Removed Application Control's dependency on Proactive Threat Scan so that it can function independently.
With Sysplan enabled, SMC.exe crashes after Windows login
Fix ID: 1200628
Symptom: The following errors occur: "sms.exe – Application Error : The instruction at "0x6f029b8f" referenced memory at "0x038d0000." The memory could not be read." "Rundll32.exe – Application Error : The application failed to initialize properly (0xc0000005). Click on OK to terminate the application." "Explorer.exe – Application Error window The application failed to initialize properly (0xc0000005). Click OK to terminate the application."
Solution: Fixed algorithm that relates to regular expression matching and corrected errors that missed some judgment conditions, resulting in SMC.exe not crashing with these error messages.
Symantec Endpoint Protection client GUI crashes when importing rules to an unmanaged Symantec Endpoint Protection client
Fix ID: 1178530
Symptom: After modifying rules, encrypting rules, and then importing rules back to unmanaged Symantec Endpoint Protection client using command line "smc.exe –importadvrule c:\newrules.sar," client GUI crashes.
Solution: Modified XML parser so that edits made to policy in this manner do not crash the Symantec Endpoint Protection client. Specifically, how it handles the existence or non-existence of Byte Order Marks (BOMs) in the XML files.
Migration from SPA 5.1 to Symantec Endpoint Protection 11.0 causes firewall to fail to load
Fix ID: 1226009
Symptom: After migrating from SPA 5.1 to Symantec Endpoint Protection 11.0 client, no MSI errors are indicated. Upon restart, firewall service fails to load with error "Failed to start the firewall application. Error code returned: 0x80070102." Symantec Management client service also fails to load at startup and cannot be started.
Solution: Correct file is being copied over during migration that prevents the problems from occurring. SPA 5.1 now successfully migrates to Symantec Endpoint Protection 11.0.2 without the errors listed above.
Failed migration from 10.1 MR7 to 11.0 MR1 on French Operating Systems
Fix ID: 1195284
Symptom: Migration fails from 10.1 MR7 to 11.0 MR1 on French operating systems with the following error: "cba.dll is missing." Also appears that for specific common files, newer versions exist in 10.1 MR7 than in 11.0 MR1, thereby causing the failed migration.
Solution: To avoid this scenario, ensure components should not replace newer component files with older versions when the MSI product version moves forward.
System crashes when application/device control is installed
Fix ID: 1209194
Symptom: Customer has Papyrus software installed on same computer as Symantec Endpoint Protection client with application/device control installed. The computer crashes.
Solution: Application/device control views dlls based on the last few characters (tail) of their name. Some dlls have the same last few characters and can cause problems with Symantec Endpoint Protection accessing invalid memory areas. Fix applied to ensure application/device control to compare the full file name of dlls.
Symantec Endpoint Protection client does not scan files with certain special characters
Fix ID: 1213701
Symptom: Files with special characters are not scanned.
Solution: Changed code to include scanning of special characters.
Legacy scheduled scans run on client after migration to Symantec Endpoint Protection, but cannot be viewed or modified from the Symantec Endpoint Protection Manager
Fix ID: 1220783
Symptom: After migrating a Symantec AntiVirus 9.x or 10.x client to Symantec Endpoint Protection, scheduled scans previously configured for the Symantec AntiVirus clients run on the newly-migrated Symantec Endpoint Protection client. An administrator cannot see these legacy scans in the Symantec Endpoint Protection Manager and cannot configure the scans. Legacy scans are stored in the registry and not removed (or correctly migrated) for the Symantec Endpoint Protection client.
Solution: Legacy scheduled scans defined by the administrator are now migrated. When legacy clients are migrated to Symantec Endpoint Protection, they find their legacy scheduled scans, and these scans are visible and configurable from the Symantec Endpoint Protection Manager.
Current date of Proactive Threat Protection definitions is not displayed on the Symantec Endpoint Protection client
Fix ID: 1218123
Symptom: From the Symantec Endpoint Protection client user interface, the Proactive Threat Protection definition date is not displayed. They are displayed only after an initial process is scanned.
Solution: Display correct Proactive Threat Protection definitions date at all times, including before Proactive Threat Protection scans any processes.
Application Device Control Exclusions
Fix ID: 1167148
Symptom: Adding "Devices excluded from blocking" for human interface devices after already blocking USB does not work.
Solution: Implemented new device control USB additions that addressed policy discrepancies for Application Device Control exclusions.
Tray icon crashes when user logs in to computer
Fix ID: 1216558
Symptom: A scheduled scan runs when the user is logged off computer. The scheduled scan detects an infected file. After the user logs on to the computer, the Symantec tray icon (smcgui.exe) crashes.
Solution: Changed code to handle this scenario. Symantec Endpoint Protection client creates virus notification later in the log on process to avoid the crash.
Host Integrity firewall rule does not detect Norton Internet Security 2008
Fix ID: 1196203
Symptom: Host Integrity check for Norton Internet Security 2008 fails, stating that the system is not running a firewall.
Solution: Host Integrity check now recognizes NIS 2008 as a firewall.
Symantec Endpoint Protection client configuration information is not stored correctly
Fix ID: 1192670
Symptom: After applying new feature set to Symantec Endpoint Protection client, registry backups are replaced with path to SysRasMan.dll instead of rastls.dll.
Solution: This problem is caused by the installer continually overwriting the backup registry keys. Installer now detects this behavior and circumvents it from occurring. Installer also detects a migration from a broken system and repairs/resets registry keys back to defaults.
Checkpoint VPN software breaks Symantec Endpoint Protection Manager/client communication
Fix ID: 1200105
Symptom: Regardless of order of installation, Symantec Endpoint Protection client communication is disrupted when Checkpoint VPN software is installed on the client. After all necessary reboots, Symantec Endpoint Protection gold shield loses the green dot. It sometimes stays up for a minute or two at startup, but disappears shortly. Restarting the SMC service allows it to communicate again, but only for a heartbeat or two.
Solution: Modified code that makes Checkpoint VPN compatible with Symantec Endpoint Protection client.
After installing Symantec Endpoint Protection client to computer that has Cisco VPN/Checkpoint (True Vector Driver), computer cannot connect to VPN Server
Fix ID: 1177043
Symptom: Uninstalling Symantec Endpoint Protection client does not resolve the problem. Customer must reinstall Cisco VPN and True Vector. Receives error in the Application Event Logs: "TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."
Solution: Removed legacy code that is not necessary for Symantec Endpoint Protection client to address communication problem and associated error.
Cisco's stateful firewall does not start with Symantec Endpoint Protection client (Antivirus/Antispyware only) installed
Fix ID: 1197749
Symptom: Cisco stateful firewall does not start since Cisco believes that the Symantec Endpoint Protection firewall component is installed as well. Cisco detects Fwsvpn.dll and prevents Cisco VPN Client Stateful firewall from loading. This then leads to a Cisco policy violation when the client attempts to establish a VPN connection without the VPN Client Firewall enabled.
Solution: Removed Fwsvpn.dll from installed files, and therefore problem with Cisco Stateful firewall not starting no longer exists. Symantec firewall team deemed removal of Fwsvpn.dll to be safe as it is no longer needed to address a specific problem with Symantec and Zone Alarm.
Some Third-Party applications fail to load when Symantec Endpoint Protection client is installed
Fix ID: 1209639 / 1180417
Symptom: After installing Symantec Endpoint Protection client with default settings, some third party applications fail to load. Default setting under Communications Settings for Global > Upload >Upload a list of applications that the clients have run" is checked. When Symantec Endpoint Protection performs its check, it touches the license file of third party application and causes it to fail to load.
Solution: Default setting of "Upload a list of applications that the clients have run" is not checked by default so that this problem does not occur. This default setting is only for newly installed Symantec Endpoint Protection management servers and clients. If users migrate from previous versions, the setting of the previous version will also be migrated.
Symantec Endpoint Protection client does not correctly exclude Windows mount points
Fix ID: 1165797
Symptom: After creating a mount point and then excluding it in the Symantec Endpoint Protection client, performing a scan on the mount point will result in detecting infected files when they should actually be excluded.
Solution: Fixed API that addresses this problem. Note: This fix is not available for Windows 2000.
Proactive Threat Protection displays incorrect status on Symantec Endpoint Protection client
Fix ID: 1162794
Symptom: From Symantec Endpoint Protection client, under Proactive Threat Protection, it displays "Waiting for Updates," even though no updates are expected.
Solution: Status of Proactive Threat Protection displays correctly in the user interface.
Proactive Threat Scan errors after Symantec Endpoint Protection client service starts
Fix ID: 1189167, 1207606
Symptom: After about 1 hour of the Symantec Endpoint Protection service starting up (this is the default proactive threat scan frequency), Proactive Threat Scan triggers the following errors 9 and 14.
Solution: Added a new registry key that indicates whether Proactive Threat Scan is installed so that scans are only attempted when Proactive Threat Scan is available.
Symantec Client Firewall migration tool does not run when an older version of Java is installed
Fix ID: 1196059
Symptom: Symantec Client Firewall migration tool does not run on a computer with an older version of Java installed.
Solution: Checks implemented into Symantec Client Firewall migration tool to expect either of the following two conditions to be fulfilled: The JRE path for the public Java install is updated in the PATH environment variable and is either version 1.5 or greater OR the tool runs from the Symantec Endpoint Protection Manager bin directory.
No notification of location change
Fix ID: 1191379 |
|
