Description
This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.0.1 MP2 (14 RU1 MP2). This information supplements the information found in the Release Notes.
New fixes
Httpd.exe crashes for version 14.0.1
Fix ID: 4162475
Symptoms: Httpd randomly crashes when the reverse proxy is enabled for Symantec Endpoint Protection 14.0.1.
Solution: Fixed the issue that caused httpd to crash when a cached file is refreshed.
SEP 14.0.1 MP1 client no longer prompts for the password to stop the service
Fix ID: 4162900
Symptoms: For the Symantec Endpoint Protection 14.0 MP2 client with password protection enabled, you are prompted for the password when you try to stop the Symantec Management Client service. After an upgrade to Symantec Endpoint Protection 14.0.1 (14 RU1) MP1, however, you are no longer prompted for a password when you enter smc –stop
.
Solution: Changed the order to check the existence of a password to ensure that it gets retained after the upgrade.
The Apache service crashes on SEPM server
Fix ID: 4158800
Symptoms: After you assign an agent package to a group, the Apache service, httpd.exe, starts to crash with an access violation fault from the SECARS module.
Solution: Corrected an error in the code that caused a crash during an agent package request.
Replication partners do not handle cloud settings correctly
Fix ID: 4162484
Symptoms: Clients that communicate to a replication partner of an Advanced Threat Protection (ATP)-enrolled site do not receive the group's ATP enrollment policy.
Solution: Fixed issues that occur during the migration and replication of the various features in a group's External Communication policy.
Running LiveUpdate or upgrading causes replication to fail
Fix ID: 4156687
Symptoms: Replication fails when LiveUpdate runs or an upgrade occurs within 24 hours.
Solution: Updated the Symantec Endpoint Protection Manager configuration, which executes during an installation or an upgrade and sets the proper sequence numbers for replication.
Location Switching does not work when Windows 10 comes out of sleep mode
Fix ID: 4162899
Symptoms: The Symantec Endpoint Protection client’s location does not switch as expected when Windows 10 comes out of sleep mode.
Solution: Added sufficient time to do a DNS query on the network after sleep mode ends in order to properly assess location.
BugCheck 0x139 occurs due to LIST_ENTRY corruption by srtsp64.sys
Fix ID: 4163935
Symptoms: An invalid scan object causes a BugCheck 0x139 (KERNEL_SECURITY_CHECK_FAILURE) due to LIST_ENTRY corruption by srtsp64.sys.
Solution: AutoProtect now clears the scan object so that the next scan does not reference it in memory.
SEPM database deadlock when using GET COMPUTERS from ATP
Fix ID: 4163936
Symptoms: Interleaving calls of GET Computers and Enroll by ATP will cause a deadlock on the SEM_CLIENT table.
Solution: Updated the SEM_GET_COMPUTERS stored procedure to avoid this deadlock.
Replication is taking more and more time to complete
Fix ID: 4125568
Symptoms: The cleanup of duplicate clients during replication takes a long time when Active Directory synchronization is also in use.
Solution: Add the ability to include only OUs and Computers during Active Directory synchronization.
SEP for Linux fails to auto-compile on Ubuntu 16.04
Fix ID: 4157456
Symptoms: The Symantec Endpoint Protection client for Linux fails to build symev and symap kernel modules at installation or during auto-compile on kernel 4.11.x with the following error: “too few arguments to function ‘vfs_getattr’“
Solution: Added support for Kernel 4.11, so that the kernel modules get built at installation or with auto-compile.
SEPM processes .dat files slowly
Fix ID: 4157771
Symptoms: Symantec Endpoint Protection Manager processes .dat files too slowly.
Solution: Improved the rate of .dat file processing by optimizing several areas including queries and parameter location.
DCS agents offline after SEP client upgrade
Fix ID: 4156474
Symptoms: Data Center System (DCS) services for version 6.7.0 do not start after Symantec Endpoint Protection client upgrade.
Solution: Corrected an issue where Symantec Endpoint Protection migration disabled a standalone installation of DCS.
AutoProtect conflicts with CommVault
Fix ID: 4160263
Symptoms: SRTSP64 conflicts with the backup program CommVault Simpana SP15.
Solution: Skip the backup files that open during a scan.
The Client Deployment Wizard hangs while deploying a Communication Update Package
Fix ID: 4157774
Symptoms: The Symantec Endpoint Protection Manager Client Deployment Wizard (CDW) hangs at 0% when you deploy the Communication Update Packages to clients.
Solution: Fix the data handling when pushing a communication package remotely.
SEP 14.0 MP2 floods the Event Viewer Application log with Event ID 15
Fix ID: 4157775
Symptoms: Symantec Endpoint Protection 14.0 MP2 floods the Event Viewer Application log with Event ID 15: “Updated Symantec Endpoint Protection Status Successfully to SECURITY_PRODUCT_STATE_ON”
Solution: Altered the logic to update the state (and to log it) only when there is a change in the product.
In SEP 14.0.1, searching for clients by IP range does not produce the correct result
Fix ID: 4157784
Symptoms: After an upgrade to Symantec Endpoint Protection Manager to 14.0.1, if you search for clients by IP address range, the incorrect results display.
Solution: Fixed the function that is used for IP address criteria.
Data missing in DESCRIPTION column in AGENT_BEHAVIOR_LOG_1
Fix ID: 4158208
Symptoms: The database stores truncated description data when it processes the client logs.
Solution: Increased the column size of AGENT_BEHAVIOR_LOG tables DESCRIPTION column to 4000.
Prompt for password during uninstallation when password not enabled for use
Fix ID: 4158803
Symptoms: During the uninstallation of the Symantec Endpoint Protection client, you are prompted for a password, even if the password option is not set for uninstalling the software.
Solution: Update to checks the value of the UninstallNeedPassword attribute from the policy, which is used to determine whether a password is require during an uninstallation.
Client count is inaccurate in the Virus Definitions Distribution report
Fix ID: 4159523
Symptoms: When you generate the Computer Status > Virus Definitions Distribution report in Symantec Endpoint Protection Manager, the client count is inaccurate.
Solution: Corrected the query used to determine the client state.
SEP clients do not honor the LiveUpdate Settings policy
Fix ID: 4163673
Symptoms: LiveUpdate on the Symantec Endpoint Protection client occasionally attempts to access the default host list or the host list for a different location or policy. It does not use the correct custom host list again until a location changes or a policy updates.
Solution: Resolved the timing issue that causes this situation to happen.
REST API call for Get Groups produces an Invalid object V_POLICY_INFO error when you provide a full path name
Fix ID: 4164220
Symptoms: If you use the GET Groups REST API command using the fullPathName and the Symantec Endpoint Protection Manager uses a user-defined database schema, you get a V_POLICY_INFO error.
Solution: Recreated the GET_APPLIED_POLICY_ID function on a user-defined database schema.
Limited Administrators are unable to export a Network and Exploit Mitigation Attacks report
Fix ID: 4157779
Symptoms: Limited administrators cannot export Network and Exploit Mitigation logs. The data time format from the exported log was not consistent with the data time format that is defined in the settings.
Solution: Fixed the PHP URL encoding issue and the date time format issue.
Risk logs are not uploaded to a secondary SEPM after the primary one goes down
Fix ID: 4157772
Symptoms: Logs fail to upload to a secondary Symantec Endpoint Protection Manager when the primary one is down.
Solution: Changed the behavior for the upload of critical logs to upload logs to the current server (last connected) instead of the first server in the master server list.
Scheduled LiveUpdate never runs on unmanaged clients when there is no default gateway network configuration
Fix ID: 4157776
Symptoms: If you have configured an internal LiveUpdate server for use with Symantec Endpoint Protection clients and the client computer has no default gateway, then a scheduled LiveUpdate does not download content from the local LiveUpdate Server.
Solution: Fixed a check that required an outside network connection when an internal LiveUpdate server is involved.
No precompiled kernel modules on SUSE Enterprise Linux 11.0 SP4, Kernel 3.0.101-6
Fix ID: 4157778
Symptoms: Symantec Endpoint Protection for Linux requires development tools during installation to SUSE Enterprise Linux 11 SP4 in order to compile kernel modules, and does not enable AutoProtect functionality if they are not present.
Solution: Symantec Endpoint Protection for Linux now contains pre-compiled kernel modules to support SUSE Enterprise Linux 11 SP4 (Kernel 3.0.101-63) for both 32- and 64-bit architectures.
The SEP client for Linux logs debug errors even when not in debug mode
Fix ID: 4157780
Symptoms: A Symantec Endpoint Protection client for Linux logs a symev_evrstimes error even if symev is not in debug mode, due to an expression for a condition being incorrectly evaluated.
Solution: Added the appropriate parentheses to allow for the correct evaluation of the condition.
Number of entries to display cannot be customized from SEPM 14.0.1
Fix ID: 4157877
Symptoms: In Symantec Endpoint Protection Manager, customizing the number of entries for the command status has limits that cannot be changed.
Solution: Fixed a malformed table element. This fixed both (misalignment and limit not getting saved) issues.
Clients appear in the default group regardless of the install package configuration
Fix ID: 4160262
Symptoms: Clients appear in the default group after installation, regardless of the configuration in the installation package, if the client is under another domain.
Solution: Fixed the validation of the global group name during agent registration.
When the SEP client executes a scheduled scan, ccSvcHst.exe uses 100% CPU
Fix ID: 4160264
Symptoms: When the Symantec Endpoint Protection client executes a scheduled weekly full scan, you see the CPU usage of ccSvcHst.exe spike in the Task Manager to 100%.
Solution: Fixed a registry return value when deleting a key that causes excessive processing.
SEP client for Linux does not provide pre-compiled support for RHEL 7.4 and 6.4 kernels
Fix ID: 4158323
Symptoms: SEP does not provide pre-compiled AutoProtect kernel modules for RedHat Enterprise Linux (RHEL) 7.4 (3.10.0-693.11.6.el7.x86_64) and 6.4 (2.6.32-696.18.7.el6.x86_64).
Solution: Pre-compiled AutoProtect kernel modules added for these kernel versions.
Component versions
The build number for this release is 14.0.3929.1200. Red text indicates components that have updated for this release.
Component |
DLL File |
DLL Version |
SYS File |
SYS Version |
---|---|---|---|---|
AutoProtect |
srtsp64.dll |
15.0.30.28 |
srtsp64.sys |
15.0.30.27 |
BASH Defs |
BHEngine.dll Seq#= 20170926.001 |
11.3.2.9 |
BHDrvx64.sys |
11.3.2.9 |
BASH Framework |
BHClient.dll |
10.4.1.7 |
N/A |
- |
CC |
ccLib.dll |
13.3.1.4 |
ccSetx64.sys |
13.3.0.24 |
CIDS Defs |
IDSxpx86.dll Seq#= 20170824.200 |
16.1.4.35 |
IDSviA64.sys |
16.1.4.31 |
CIDS Framework |
IDSAux.dll |
15.2.5.23 |
N/A |
- |
CP3 | version.txt | 2.3.0.295 | N/A | - |
CX | cx_lib.dll | 3.0.1.28 | N/A | - |
ConMan |
version.txt |
2.1.5.24 |
N/A |
- |
D2D |
version.txt |
1.2.1.5 |
N/A |
- |
D2D_Latest |
version.txt |
1.5.0.44 |
N/A |
- |
DecABI |
dec_abi.dll |
2.3.5.10 |
N/A |
- |
DefUtils |
DefUtDCD.dll |
4.16.8.24 |
N/A |
- |
DuLuCallback |
DuLuCbk.dll |
1.8.1.17 |
N/A |
- |
DuLuxCallback | duluxcallback.dll | 2.9.1.7 | N/A | - |
ERASER |
cceraser.dll |
117.3.0.35 |
eraser64.sys |
117.2.0.45 |
IRON |
Iron.dll |
7.0.5.14 |
Ironx64.sys |
7.0.5.13 |
LUX | Lux.dll | 2.9.1.11 | ||
LiveUpdate |
LUEng.dll |
2.6.0.15 |
N/A |
- |
MicroDefs |
patch25d.dll |
5.1.3.11 |
N/A |
- |
SDS Engine |
sds_engine_x86.dll Seq#= 20180302.007 |
1.5.0.321 |
N/A |
- |
SIS |
SIS.dll |
91.12.4400.5000 |
N/A |
- |
STIC Defs |
stic.dll Seq#= 20171013.009 |
1.4.1.402 |
N/A |
- |
SymDS |
DSCli.dll |
6.2.0.17 |
N/A |
- |
SymEFA |
EFACli64.dll |
6.3.1.27 |
SymEFASI64.sys |
6.3.1.26 |
SymELAM |
ELAMCli.dll |
2.0.1.95 |
SymELAM.sys |
2.0.1.85 |
SymEvent |
Sevntx64.exe |
14.0.5.10 |
SymEvent.sys |
14.0.5.9 |
SymNetDrv |
SNDSvc.dll |
15.2.2.18 |
symnets.sys |
15.2.2.18 |
SymScan |
ccScanW.dll |
14.2.1.16 |
N/A |
- |
SymVT |
version.txt |
9.2.3.6 |
N/A |
- |
Symulator | version.txt | 1.5.0.64 | N/A | - |
TCSAPI | version.txt | 1.6.0.14 | N/A | - |
Titanium | titanium.dll | 2.4.1.12 | N/A | - |
WLU(SEPM) |
LuComServerRes.dll |
3.3.202.6 |
N/A |
- |
Terms of use for this information are found in Legal Notices.