After upgrading Symantec Endpoint Protection (SEP) to 14.2 on 64-bit systems, some clients fail to properly report their status within the Endpoint Protection Manager (SEPM).
This can include the following conditions:
ersecreg.log:
04/04 10:48:45 [916:4272] ###.###.###.###<AgentInfo PreferredMode="1" DomainID="################################" AgentType="0" AgentID="################################" HardwareKey="################################" UserDomain="####" LoginUser="####" ComputerDomain="####" ComputerName="####" PreferredGroup="################################" SiteDomainName="" AgentPlatform="Windows%20Server%202012%20R2"/> AgentID=################################ AgentType=0 ComputerID=################################ Hash Key=################################
Clients that were upgraded to SEP 14.2.
Some upgraded 64-bit SEP clients do not have a registry value needed to register with the SEPM correctly. Specifically, "ClientType" is missing from HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
on these systems.
Root Cause:
This issue is fixed in Symantec Endpoint Protection client 14.2 RU1. For information on how to obtain the latest build of Symantec Endpoint Protection, read
TECH 103088: Download the latest version of Symantec Endpoint Protection
You can use one of the following workarounds until a fix is available.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink]
"ClientType"=dword:00000069
ESCRT-205