FIX ID: 3707721
Symptom: Symantec Endpoint Protection Manager sends out more than one "Risk Outbreak" email notification for each risk detection.
Solution: The management console now only sends one "Risk Outbreak" email notification per corresponding risk detection.
FIX ID: 3718535
Symptom: After the installation of Symantec Endpoint Protection, a significantly long delay or a system hang occurs at Windows logon.
Solution: Removed a delay load operation for WS2_32.dll from the firewall packet processing thread.
FIX ID: 3732720
Symptom: A corrupt or malformed fingerprint list can be imported into the management console without any errors by appending it to an existing fingerprint list.
Solution: Symantec Endpoint Protection Manager now checks a fingerprint list for corruption before appending it to an existing fingerprint list. An exception is thrown to notify the administrator and to prevent corrupt fingerprint lists from being allowed into the database.
FIX ID: 3712302
Symptom: The risk names associated with heuristic threats detected by SONAR do not display properly in the Symantec Endpoint Protection Manager logs.
Solution: Added a new column to the report and logs for SONAR that includes the risk name for heuristic threats in Symantec Endpoint Protection Manager. The risk name was also added to the detailed view of threats for the SONAR logs.
FIX ID: 3719323
Symptom: There are orphaned rows present in the ALERTS/ANOMALY_REMEDIATION/ANOMALYREMEDIATIONS tables, despite a retention limit of 60 days.
Solution: The agent sweeping task now sweeps orphaned entries from these tables.
FIX ID: 3744905
Symptom: Closing the windows that display when you click Display Virus List in Central Quarantine causes the mmc.exe process to use 100% of the CPU.
Solution: Prevents an invalid object from being accessed when the thread completes.
FIX ID: 3756513
Symptom: A manual scan does not scan files in the Program Files folder, which has been configured to be excluded from Auto-Protect scans.
Solution: Stopped excluding files from manual scans when exclusions are set for Auto-Protect only.
FIX ID: 3715517
Symptom: Administrator-defined weekly scheduled scans get suspended within 1-2 minutes of starting or resuming them.
Solution: Cleared registry entries from previous scan type after a change to an administrator-defined scan, so that the correct suspend time is returned correctly.
FIX ID: 3755653
Symptom: A managed Symantec Endpoint Protection client for Linux that is configured to use a custom internal LiveUpdate source attempts to access Symantec LiveUpdate over the Internet if access to the internal LiveUpdate source fails.
Solution: A managed Symantec Endpoint Protect for Linux client now properly applies configuration changes for LiveUpdate hosts.
FIX ID: 3761003
Symptom: The timestamp columns contain data in both GMT and a local time zone when you configure Symantec Endpoint Protection Manager to use external logging.
Solution: Only uses the local time zone format in the timestamps column in the log generated by the external logging server.
FIX ID: 3758498
Symptom: The Symantec Endpoint Protection client installer always maintains existing communication settings when upgrading by AutoUpgrade, regardless of policy configuration.
Solution: Client upgrade by AutoUpgrade now correctly honors the policy option to replace communication settings and policies.
FIX ID: 3766370
Symptom: Custom Host Integrity logging incorrectly triggers the display of a notification area (system tray) message.
Solution: Disabled the flag which allows these messages to display for custom messages.
FIX ID: 3705512
Symptom: Even with the "Check floppies for boot virus when accessed" option enabled, Symantec Endpoint Protection does not detect a boot sector infection when a USB drive connects.
Solution: Detects NTFS boot sectors in a similar fashion to FAT16/FAT32 for Auto-Protect to detect boot sector infections when a USB drive connects.
FIX ID: 3775299
Symptom: When viewing Application and Device Control logs in the Symantec Endpoint Protection Manager console, the "Caller Process" and "Target" paths are displayed properly with backslashes (\). However, when the logs are exported, the paths are delimited with forward slashes (/).
Solution: Exported Application and Device Control logs are now properly export using backslashes to delimit the paths.
FIX ID: 3784549
Symptom: The following message appears in the system log when the Symantec Endpoint Protection client scans an empty folder: "Reputation check timed out during unproven file evaluation."
Solution: When there are no items to scan in a folder, the Symantec Endpoint Protection client now considers the scan successful and does not log an error message.
FIX ID: 3783015
Symptom: When you log on by the Symantec Endpoint Protect Manager web console, you cannot edit or change the Host Integrity operating system check.
Solution: Logon with Symantec Endpoint Protection Manager web console now allows the Host Integrity OS check to be edited.
FIX ID: 3743115
Symptom: After replication completes, revision data for IPS, Download Protection, and SONAR definitions report as "Not available" in the Symantec Endpoint Protect Manager console.
Solution: Symantec Endpoint Protection Manager now correctly reports IPS, Download Protection, and SONAR definition information after replication.
FIX ID: 3778957
Symptom: The option Disable Symantec Endpoint Protection from the Symantec Endpoint Protection notification area icon is grayed out and unavailable. The policy indicates you should be able to disable Symantec Endpoint Protection.
Solution: Allow Symantec Endpoint Protection to be disabled from the notification area icon when configured to do so.
FIX ID: 3783027
Symptom: If you enter more than 480 characters into the message box for the Host Integrity policy option Utility: Show message dialog while logged on with the Symantec Endpoint Protect Manager web console, the text cannot be saved. The text you entered disappears.
Solution: Changed the text area limit from 480 to 1000 characters for this Host Integrity option.
FIX ID: 3747451
Symptom: The virus definition date is reported as unavailable in the Symantec Endpoint Protection Manager console after the corresponding Symantec Endpoint Protection client is restarted.
Solution: Stopped initializing registry entry when the ccSvcHst process starts.
FIX ID: 3778949
Symptom: The Symantec Management Client (SMC) service crashes on system startup.
Solution: Initialize Symantec Management Client service properly so it does not crash on startup.
FIX ID: 3783087
Symptom: A guest virtual machine and its host computer cannot ping each other with anti-MAC spoofing enabled.
Solution: Modified the anti-MAC spoofing functionality to better handle virtual machine and host setups.
FIX ID: 3769213
Symptom: Following a ccSvsHst.exe crash, a "blue screen of death" kernel crash occurs attributed to Teefer.sys, or network applications behave unexpectedly or crash.
Solution: Added safeguards to protect memory in heavy-load scenarios.
FIX ID: 3767156
Symptom: The report in Symantec Endpoint Protection Manager that lists computers that have not scanned displays some clients with a scan date of 12/31/1969 or 12/31/1970.
Solution: Modified how the timestamp is stored, so that the correct scan date displays.
FIX ID: 3809931
Symptom: In the Computer Status report in Symantec Endpoint Protection Manager, the operating system filter for Windows Server 2008 also displays Windows Server 2012 systems.
Solution: Added a check in the query filter for Windows Server 2008 so that the Computer Status report only displays Windows Server 2008 clients.
FIX ID: 3730554
Symptom: Replication always fails with BCP errors: "BCP data error: Warning: -f overrides –c," "String data, right truncation"
Solution: When preparing a BCP import, remove any terminator strings that appear in the data.
FIX ID: 3806993
Symptom: When running the ADSITask, Symantec Endpoint Protection Manger crashes with the error "SEPM OutOfMemoryError: GC overhead limit exceeded".
Solution: Improved the memory efficiency of Active Directory synchronization.
FIX ID: 3823084
Symptom: The installation of Symantec Endpoint Protection Manager 12.1 RU6 fails with an MSI rollback. The Symantec Endpoint Protection Manager log indicates the failure occurs with the message "CustomAction GPOPolicyReview returned actual error code 1603".
Solution: Symantec Endpoint Protection Manager 12.1 RU6 install now succeeds if the environmental variables TMP and TEMP are not identical.
FIX ID: 3805004
Symptom: After switching the location order by Clients > Policies > Client group > Tasks > Manage Locations, a broken link occurs from both replication sites.
Solution: Updated the schema data so that there are no broken links.
FIX ID: 3806382
Symptom: Symantec Endpoint Protection client for Linux fails to install because Auto-Protect modules fail to load. The failure occurs when the Tripwire agent is already present on the system.
Solution: Now uses system call handlers that are different than the ones that are hooked by Tripwire and other applications. This way, the Auto-Protect modules load properly during client installation for Symantec Endpoint Protection for Linux.
FIX ID: 3802652
Symptom: The Check Account button for testing directory authentication (Admin > Administrators > Tasks > Edit the Administrator) malfunctions. When you configure a Symantec Endpoint Protection Manager administrator to use LDAP authentication, you can modify the account name after you authenticate, but before you click OK on the properties window.
Solution: Updated the string filter for the LDAP context search. Now validates the Active Directory user before storing the account name to the database.
FIX ID: 3826253
Symptom: A datastore error occurs when you add the exception to allow DNS or host file changes from the SONAR logs in Symantec Endpoint Protection Manager.
Solution: Added the logic to handle the case when there are multiple entries for the same application associated with the SONAR log in the SEM_APPLICATION table.
FIX ID: 3812465
Symptom: When you apply and save a firewall rule, and then close and open the Symantec Endpoint Protection client, the network interface card adapter no longer appears selected as the default one.
Solution: Updated the method of encoding the adapter card’s name string, so that the local adapter card name and firewall rule adapter card name now match.
FIX ID: 3810355
Symptom: You cannot delete a client installation package from a client group in an environment that uses replication.
Solution: Added synchronization to prevent broken links from occurring during replication.
FIX ID: 3816808
Symptom: Running sadiag.sh -j does not return any Java LiveUpdate data. In sadiag.txt, the LiveUpdate command shows a failure, since the Java path to an installation of Symantec Mail Security for SMTP would not exist.
Solution: Modified the sadiag.sh script, so that LiveUpdate diagnostic does not fail.
FIX ID: 3824316
Symptom: On Windows XPe point-of-sale terminals, scheduled Quick Scan scans do not complete due to high memory usage by ccSvsHst.exe.
Solution: Resolved a deadlock in the IRON component during a cloud-based Reputation Scan.
FIX ID: 3695520
Symptom: System hangs due to low resources and excessive page pool usage by Symantec Endpoint Protection.
Solution: Modified the memory allocation that was causing pool exhaustion.
FIX ID: 3837363
Symptom: The Group Update Provider is unable to detect and handle download by range when the server has disabled the HTTP header range request in Apache.
Solution: Group Update Providers are now able to detect and download the whole file when the HTTP header range request is disabled in the Apache configuration file httpd.conf.
FIX ID: 3835801
Symptom: When you take the recovery file from an existing Symantec Endpoint Protection Manager and uses it to install a new one, it duplicates the server ID, which can cause risk notification mail failures.
Solution: Resets the server ID if the recovery file from an existing Symantec Endpoint Protection Manager is used to install the new management console.
FIX ID: 3834142
Symptom: In Restart Settings, when you switch from Custom Restart to Forced Restart, the option Immediately allows Randomize the start time to also be enabled.
Solution: Changed the logic to disable restart randomization when the immediate restart option is checked.
FIX ID: 3802635
Symptom: The ccSvcHst.exe process, module ccL120U, crashes continuously with bug check error 0x80000003.
Solution: Modified code to handle the method failure that caused the crash.
FIX ID: 3839021
Symptom: The Symantec Content Distribution Manager tool incorrectly reports no downloads under Virus/Spyware content downloads today from SEPM(s).
FIX ID: 3846189
Symptom: Unable to complete installation of Symantec Endpoint Protection for Linux due to Java LiveUpdate failure. The sepjlu-install.log shows the exit status of 1. This occurs when the line that indicates the setting for the base installation directory is deleted or commented out in the configuration file /etc/Symantec.conf.
Solution: Displays a warning in sadiag.txt when the base installation directory setting is deleted or commented out in /etc/Symantec.conf.
FIX ID: 3676721
Symptom: Network Threat Protection notifications and reports in Symantec Endpoint Protection Manager randomly display the incorrect number of computers attacked.
Solution: Corrected the query mismatch and time range conflict in the notification and corresponding report.
FIX ID: 3849601
Symptom: Exporting a CSV file that contains numbers with decimals from the Content Distribution Manager tool breaks the CSV format when the decimal mark is defined as a comma in the operating system’s localization settings.
Solution: Corrected the number format to allow Excel to open CSV files in these localized operating systems.
FIX ID: 3831744
Symptom: A manual scan for Symantec Endpoint Protection for Linux scans fewer files than expected.
Solution: Manual scan now correctly handles when file access is denied.
FIX ID: 3849411
Symptom: Replication attempts fail and there are multiple SQL Server exception entries in the logs. This failure occurs when there are a large number of hardware devices in the database.
Solution: Split a single large SQL Server operation into multiple smaller operations to better handle this larger volume.
FIX ID: 3836958
Symptom: When Application Control injects sysfer.dll into the .NET process cdmsdatamanagerservice.exe, this process hangs indefinitely.
Solution: Changed Application Control to avoid a deadlock condition.
FIX ID: 3365873
Symptom: Old IPS definitions for CIDS do not get purged and are filling up disk space.
Solution: Allows the oldest CIDS definitions to be purged when newer definitions arrive.
FIX ID: 3843210
Symptom: When you try to make policy changes in Symantec Endpoint Protection Manager, they seem to fail, though no errors appear. After you run the DB Validator tool, it indicates a broken link.
Solution: Symantec Endpoint Protection Manager pops up an error dialog to let you refresh the console and redo your action, if the action causes broken link issues.
FIX ID: 3852067
Symptom: When the Symantec Endpoint Protection client receives any new policy while in Client Control mode, user-defined settings for Auto-Protect and Download Insight are deleted and replaced with the default values.
Solution: User-defined Auto-Protect and Download Insight settings are no longer reset to default values whenever a new policy is applied to a client in Client Control mode.
FIX ID: 3704022
Symptom: Virtual machines in a Virtual Desktop Infrastructure freeze and hang.
Solution: Updated the IRON component to a newer version.
FIX ID: 3854999
Symptom: The SONAR logs and Application logs exported by syslog do not include the IP address of the client computers.
Solution: Added computer IP address to these logs when exported by syslog.
FIX ID: 3861691
Symptom: In the report Protection Content Versions from Symantec Endpoint Protection Manager, the AP Portal List version displayed is incorrect.
Solution: Fixed the query used in getting the content revisions installed on the client.
FIX ID: 3830629
Symptom: A "Query Failed" error occurs and reports fail to display in Symantec Endpoint Protection Manager after you change the language of the database within the SQL Server Management Studio. The error occurs due to a change in the date format.
Solution: The date format is now correctly converted to match the language selected by the administrator, and is passed on to these stored queries.
FIX ID: 3867903
Symptom: A blank error message displays when an exception is thrown from the remote site when you add a replication partner with the Management Server Configuration Wizard.
Solution: Correctly parses the error code now to return the actual error message.
FIX ID: 3812341
Symptom: The Symantec Endpoint Protection service terminates unexpectedly when it scans a particular file. The computer then becomes unresponsive.
Solution: Updated the ConMan component to a newer version.
FIX ID: 3861334
Symptom: Installing a new Symantec Endpoint Protection Manager as a replication partner from the Management Server Configuration Wizard fails with a null server exception during the "Registering Site Information" step.
Solution: Added additional cases to handle HTML decimal and hex constants which are used for URL encoding.
FIX ID: 3871715
Symptom: On a Turkish system, when you log on to Symantec Endpoint Protection Manager, you see the error, "Request contents are invalid."
Solution: Sets the locale to English when converting to lower case and upper case.
FIX ID: 3833043
Symptom: After a particular XLSX file is scanned, the following scan omission event is reported in the system logs: "Could not scan 1 files inside <filepath> due to extraction errors encountered by the Decomposer Engines."
Solution: Increased the limit of decompression ratios.
FIX ID: 3872999
Symptom: "Failed to submit" errors occur when replicating two sites with different primary keys on their Filter tables.
Solution: Fixed the primary keys of the Filter tables during an upgrade.
FIX ID: 3855690
Symptom: Sysplant causes a system blue-screen crash with the driver verifier option Code integrity checks enabled, and may not be loaded on the physical machine under HVCI mode.
Solution: Updated the firewall drivers.
FIX ID: 3814364
Symptom: In 12.1 RU6, the process ccSvcHst.exe crashes when it reaches the 2GB limit with a memory allocation failure.
Solution: The process now catches the exception instead of crashing when memory allocation fails.
FIX ID: 3843779
Symptom: During replication, Host Integrity content is treated as normal content. Therefore, after replication, there are two sets of Host Integrity content in Symantec Endpoint Protection Manager. This duplication causes a broken link.
Solution: Corrected how Host Integrity content is handled during replication so that after replication, only one set of Host Integrity content exists in Symantec Endpoint Protection Manager.
FIX ID: 3867064
Symptom: ccSvcHst.exe crashes on the Group Update Provider in module MFC100.dll. The Symantec Endpoint Protection service restarts.
Solution: Added the logic needed to handle the out-of-memory exception.
FIX ID: 3877279
Symptom: Symantec Endpoint Protection Manager incorrectly displays Windows 10 Enterprise 2015 LTSB clients as "Windows 10."
Solution: Updated the Symantec Endpoint Protection client and Symantec Endpoint Protection Manager to handle the Windows 10 Enterprise 10 LTSB edition.
FIX ID: 3871395
Symptom: The Repetition column is missing values when you export from Symantec Endpoint Protection Manager a CSV file of the Network Threat Protection log.
Solution: Added the missing values in the CSV file for Network Threat Protection log, and made the naming of fields consistent.
FIX ID: 3886636
Symptom: The Site Heath status report from Symantec Endpoint Protection Manager displays the wrong information for disabled replication partnerships.
Solution: Symantec Endpoint Protection Manager now checks whether the replication is enabled or not when it generates a Site Health status report.
FIX ID: 3886756
Symptom: Exporting logs from the Symantec Endpoint Protection Manager web console returns certificate errors when it uses a custom certificate.
Solution: Symantec Endpoint Protection Manager now uses IP, FQDN, or host name, based on the URL used when exporting the logs.
FIX ID: 3880002
Symptom: Rules in the firewall policies in Symantec Endpoint Protection Manager are not behaving as expected after inheritance is checked and unchecked.
Solution: Changed the logic for how rules are processed during firewall rule inheritance.
FIX ID: 3888135
Symptom: Areas that are not clickable appear to be clickable when logged on to the Symantec Endpoint Protection Manager using the web console.
Solution: Changed cursor behavior to match the cursor behavior on the desktop console.
FIX ID: 3873664
Symptom: Symantec Endpoint Protection prompts for a password during uninstallation when the uninstall password option is set to off. The client computer previously belonged to a domain that enabled the uninstall password.
Solution: Added a missing item to the policy template so that the uninstall password is honored.
FIX ID: 3891472
Symptom: Scheduled Comprehensive Risk Report from Symantec Endpoint Protection Manager fails with an exception in the reporting log.
Solution: Scheduled Comprehensive Risk Report from Symantec Endpoint Protection Manager now runs without any exceptions or errors.
FIX ID: 3897087
Symptom: The last modified time in Symantec Endpoint Protection Manager displays an invalid timestamp for Learned Applications.
Solution: Added validation check for the last modified time.
FIX ID: 3868362
Symptom: Comprehensive risk report does not complete.
Solution: Updated the comprehensive risk report query so that it runs successfully with a custom risk report filter.
FIX ID: 3891515
Symptom: Application Control centralized exclusions using the PROGRAM_FILES prefix variable do not work on 64-bit Windows.
Solution: Added new functionality to populate the other Program File path and to add it to the Application Control whitelist for exclusion.
FIX ID: 3897016
Symptom: Using the Test Account button to test directory authentication for a Symantec Endpoint Protection Manager administrator fails when you use the User logon name (pre-Windows 2000) option in Active Directory.
Solution: Symantec Endpoint Protection Manager now tests both accounts when User logon name and User logon name (pre-Windows 2000) are both set.
FIX ID: 3891336
Symptom: A Symantec Endpoint Protection client configured as a Group Update Provider loses this role after a restart.
Solution: Modified how the Group Update Provider setting is initialized in the registry.
FIX ID: 3891980
Symptom: ccSvcHst.exe crashes during a scheduled scan.
Solution: Stopped the unloading of components that are not loaded into memory when "ForwardingEnable" is turned off.
FIX ID: 3902490
Symptom: The DB Validator tool reports broken links in the database for the object SemLocationConfig.
Solution: Symantec Endpoint Protection Manager will now pop up an error dialog to let the user refresh the console and redo the action if the action causes broken link.
FIX ID: 3877104
Symptom: Symantec Endpoint Protection Manager shows Java "out of memory" errors and stops generating delta files. Instead, it provides full definitions to clients.
Solution: Created a tool to purge stale replication partners so that the sweeping task can automatically remove obsolete items in schema objects. Decreased database socket timeout value to reduce too many threads from getting blocked. Upgraded from 32-bit to 64-bit JRE.
FIX ID: 3901314
Symptom: Events for when LiveUpdate successfully completed are missing from system event notifications in Symantec Endpoint Protection Manager.
Solution: Added "LiveUpdate succeeded" events to system event notifications in Symantec Endpoint Protection Manager.
FIX ID: 3897026
Symptom: Moving a client from the default group to a different group in Symantec Endpoint Protection Manager causes the rest of the clients in the default group list to disappear.
Solution: Added check to ensure that every time a table column is moved, it can be rendered properly.
FIX ID: 3903087
Symptom: When comparing the Sylink.xml exported from the communication settings and one from an exported client install package, the latter Sylink.xml includes the server certificates from a deleted site.
Solution: Exclude server certificates from a deleted site in Sylink.xml.
FIX ID: 3896480
Symptom: The computer status logs from Symantec Endpoint Protection Manager still show very old and stale clients in the database after the agent sweeping task runs.
Solution: Fixed the schema type in Domain schema to allow the sweeping task succeed, which in turn purges the stale clients from the database.
FIX ID: 3896116
Symptom: The embedded database service crashes and causes database connection failures. Database backups for Symantec Endpoint Protection Manager intermittently fail.
Solution: Fixed the query which uses an OpenXML function that caused the database service to crash.
FIX ID: 3907974
Symptom: While installing a new client from within a group the Clients tab, if you select a name on the client group tree in the Client Deployment Wizard, it does not appear. Instead, it displays the group name from which you launched the Client Deployment Wizard.
Solution: The Client Deployment Wizard now displays the correct group name selected during the process of installing new client.
FIX ID: 3906682
Symptom: Daily Reputation Lookup notifications continue to be sent out after the event has already occurred once. The notification email also contains old events.
Solution: Fixed the filter used in Reputation Lookup notification.
FIX ID: 3729549
Symptom: High CPU utilization by ccSvcHst.exe slows the computer down so badly that it needs to be restarted.
Solution: Regularly remove stale PIDs from database.
FIX ID: 3891819
Symptom: Location switching does not happen, and the client has the default policy when connected through Juniper VPN, Pulse Secure 5.1.
Solution: Added a check for an extra registry key which is available in Juniper Junos Pulse 5.1 that indicates whether it is installed or not.
FIX ID: 3903064
Symptom: The Symantec Vulnerability Protection plug-in displays a message that indicates it is incompatible when Enhanced Protection Mode is enabled in Internet Explorer.
Solution: Updated the IPS component framework so that the status of the Symantec Vulnerability Protection plug-in can be displayed as disabled.
FIX ID: 3912542
Symptom: Unable to use SylinkDrop to import a Sylink.xml that is 64 KB or larger in size, with the error, "Sylink file is too large."
Solution: Increased the buffer size so SylinkDrop is able to import Sylink.xml that exceeds 64 KB in size.
FIX ID: 3914115
Symptom: The ccSvcHst.exe process crashes with a reference to the module TSE.dll.
Solution: Added a check and exception handling to prevent this crash.
FIX ID: 3904771
Symptom: When a replication partner is removed and a new replication partner with the same site name is added, Symantec Endpoint Protection Manager does not correctly purge obsolete items. These obsolete items accumulate over time and result in out of memory issues.
Solution: Correctly purge obsolete items associated with stale and disabled replication partnerships.
FIX ID: 3890781
Symptom: In the list of intrusion prevention signatures from which you choose to add an exception, Symantec Endpoint Protection Manager displays IPS signatures marked "silent."
Solution: The Symantec Endpoint Protection Manager now hides these IPS signatures in the Add Intrusion Prevention Exceptions pane.
FIX ID: 3911203
Symptom: The license expiration issue notification is sent on the day of the expiration date.
Solution: Updated the logic so the notification for Paid License issue is sent the day after the expiration date.
FIX ID: 3902324
Symptom: The LiveUpdate schedule on a Symantec Endpoint Protection client for Linux is not applied after restarting the computer or restarting the SMC daemon.
Solution: Added logic to apply the correct LiveUpdate schedule on a Symantec Endpoint Protection client for Linux.
FIX ID: 3906627
Symptom: Searching for clients using the criteria Client Version from the Clients tab in Symantec Endpoint Protection Manager doesn’t display any results.
Solution: Symantec Endpoint Protection Manager now displays the correct search results.
FIX ID: 3898587
Symptom: symevent64.sys impacts system performance due to high non-paged pool memory consumption and high CPU utilization.
Solution: Updated the SymEvent component to a newer version.
FIX ID: 3923218
Symptom: Offline clients are counted as scan failures in Symantec Endpoint Protection Manager.
Solution: Modified query to filter out offline clients so that they are no longer counted as scan failures.
FIX ID: 3924096
Symptom: The Agent Sweeping task is not able to purge the stale entries in SEM_COMPUTER and SEM_CLIENT tables due to SQLTimeoutExceptions. The stale records accumulate and cause out-of-memory errors and performance issues.
Solution: Reduced the number of records being cached and deleted the stale records in chunks.
FIX ID: 3930992
Symptom: ccSvcHst.exe crashes when client switches between GUP servers.
Solution: Resolved the access violation.
FIX ID: 3924668
Symptom: If policy is imported then copied, and then either the imported policy or its copy was deleted, the remaining policy has a broken link pointing to MacAdminDefinedScan.
Solution: New imports can now be copied and deleted without resulting in broken links.
FIX ID: 3916699
Symptom: A client request for delta content creates a network load alert for full content.
Solution: Resolved a mismatch between the content download request and the actual content download, so Symantec Endpoint Protection client downloads content from the correct server.
FIX ID: 3931604
Symptom: Invalid characters can be copied and pasted into the text fields within the Symantec Endpoint Protection Manager web console.
Solution: Added check to prevent a copy and paste operation in the Symantec Endpoint Protection Manager web console.
FIX ID: 3939911
Solution: Fixed the request validation of script tags in Symantec Endpoint Protection Manager.
FIX ID: 3943261
Symptom: When Advanced Threat Protection uses a web service to send commands to Symantec Endpoint Protection Manager localized for Japanese, the description of the command is displayed in pseudo-translated text.
Solution: The properties file is now properly translated, and the correct Japanese strings will be visible to the customers.
FIX ID: 3880747
Symptom: Clients incorrectly report the statuses for SONAR, Download Insight, and Threat Protection as "Component is malfunctioning" to the Symantec Endpoint Protection Manager.
Solution: Clients no longer report the statuses for SONAR, Download Insight, and Threat Protection as "Component is malfunctioning."
FIX ID: 3870943
Symptom: Cannot disable TLS versions earlier than 1.2 to only use version 1.2 with the Tomcat 8443 connector.
Solution: Removed OS specific changes for enabling TLS versions, making it consistent for TLS v1.2.
FIX ID: 3946691
Symptom: Enabling Symantec Endpoint Protection from the Action Center returns the following error, even though the service starts and is running: "You cannot turn on Symantec Endpoint Protection. This action is locked by the Symantec Endpoint Protection administrator."
Solution: No error or pop-up displays to the user if both AP and Security risk scan are turned on. For Windows 10 only one pop-up will be displayed if both the settings are off and locked by administrator.
FIX ID: 3945629
Symptom: When you attempt to uninstall the Symantec Endpoint Protection reduced-size client from the Control Panel, the installer indicates two or three times that it cannot find the file sep.msi. When you click Cancel, however, the uninstallation process continues and removes the client.
Solution: Added a condition so that the reduced-size client requires the installation package to uninstall or modify the feature set.
FIX ID: 3945202
Symptom: The LiveUpdate Settings policy blocks the clients from downloading the full definition download file (full.zip) from Symantec Endpoint Protection Manager. However, when the first entry in the download queue is a full.zip request, the clients stop updating all content.
Solution: When Download smaller client installation packages from a LiveUpdate server is enabled, Symantec Endpoint Protection Manager no longer blocks other content from being downloaded.
FIX ID: 3927805
Symptom: Active Directory sync fails and the log shows the following message: "SEVERE: org.w3c.dom.ls.LSException: The character ‘[BEL]’ is an invalid XML character."
Solution: Added a check to handle Active Directory objects with invalid characters.
FIX ID: 3959382
Symptom: The ludbfix64 tool fails with a resource exception and cannot fix any broken links in the database.
Solution: Removed limit on the maximum values that can be processed.
FIX ID: 3956644
Symptom: Changing the managed client mode from Server Control to Client Control grays out and disables the Enable Firewall check box.
Solution: The Enable Firewall check box is enabled when Client Control mode is selected.
FIX ID: 3869923
Symptom: When you export logs to a CSV file using the Symantec Endpoint Protection Manager user interface and you use a non-default file name, the export process excludes some of the records.
Solution: Log exports no longer handles by JDIC and IEmbed, but by the JavaFX web engine.
FIX ID: 3944736
Symptom: If you define a path for the installation log that uses the standard Windows %PROGRAMFILES% variable, the installation fails, resulting in the following Windows Installer error: "Error opening installation Log File. Verify that the specified Log File location exists and is writable."
Solution: Blocks the usage of %PROGRAMFILES% and %COMMONPROGRAMFILES% in the installation log path because they are not supported.
FIX ID: 3342586
Symptom: Risks that appear in Symantec Endpoint Protection Manager risk reports are categorized as "Unknown."
Solution: Added the correct category value to avoid returning "Unknown" in the risk report.
FIX ID: 3891593
Symptom: The Symantec Endpoint Protection Windows client installation fails. The error log for EFAInst.exe shows error = 2: "Failed to open key."
Solution: EFAInst.exe creates missing registry keys if necessary during installation.
FIX ID: 3953313
Symptom: After you install the Symantec Endpoint Protection Windows client, the system occasionally hangs due to issues with BHDrvx64 and SymEvent.
Solution: Added code to prevent a deadlock condition.
FIX ID: 3949582
Symptom: The LiveUpdate policy is configured to prevent the download of a full definition file (full.zip) by Symantec Endpoint Protection clients, but the network traffic shows that clients are still downloading this file from Symantec Endpoint Protection Manager.
Solution: Modified the response on the server to correctly block full.zip downloads.
FIX ID: 3936679
Symptom: With Auto-Protect enabled, a shell script fails when it runs during a Cygwin build compilation.
Solution: Updated Auto-Protect driver so that shell script runs successfully during a Cygwin build compilation.
FIX ID: 3978035
Symptom: Compiling the Symantec Endpoint Protection for Linux Auto-Protect kernel module for the Ubuntu 16.04 LTS 4.7.0 kernel fails with multiple errors.
Solution: Added support for the Linux kernel version 4.7 for auto-compile and for custom compile.
FIX ID: 3985541
Symptom: The email for Outlook and New Risk Detected notifications are missing the risk events.
Solution: Added the java token into PHP reporting link and added PHP token validation check in PHP files.
FIX ID: 3968310
Symptom: Multiple processes crash on exit when Application and Device Control runs on Windows 10 when Impero (Education) Pro 5.x is also installed.
Solution: Updated Application and Device Control so that it is able to work with Impero software installed on Windows 10.
FIX ID: 3986532
Symptom: After AutoUpgrade runs, it does not delete the registry entry HKLM\System\currentcontrolset\services\smcinst, which points to an old AutoUpgrade package.
Solution: Updated the smcinst application path so that this registry entry is deleted correctly.
FIX ID: 3974654
Symptom: When you log on to Symantec Endpoint Protection Manager with LDAP authentication, it triggers a second authentication attempt.
Solution: Logon with Symantec Endpoint Protection Manager by LDAP authenticates only one time upon success.
FIX ID: 3993417
Symptom: The application name of the firewall appears as "Symantec Endpoint Protection,Symantec Endpoint Protection" in the Windows Control Panel.
Solution: Updated logic to prevent the firewall application from registering more than once.
FIX ID: 3954493
Symptom: The httpd service crashes when you configure reverse proxy, when clients send file requests.
Solution: Correct the logic so that httpd does not crash.
FIX ID: 3999879
Symptom: Excessive "GetCommand 404 OpenFailed: Error (2) while opening the Command file" errors appear in exsecars log due to a failed command.
Solution: A failed command is no longer executed more than once in every heartbeat.
FIX ID: 3961965
Symptom: Clients stop updating definitions and the SepMasterService is in a stopping state.
Solution: Fixed the deadlock condition so that the definition updates are processed correctly.
FIX ID: 3973685
Symptom: Explorer.exe is unresponsive and hangs because SymEFASI blocks its prefetcher operations.
Solution: Updated a filter driver to avoid a deadlock condition.
FIX ID: 3778766
Symptom: Symantec Endpoint Protection clients that use the Management Server Connection location criteria do not switch to an alternate Symantec Endpoint Protection Manager.
Solution: Improved the heartbeat logic to allow clients to correctly switch managers with this location criteria.
WLU (Symantec Endpoint Protection Manager)
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.