New fixes and component versions in Symantec Endpoint Protection 14.2 MP1
Article ID: 150929
Updated On:
Products
Issue/Introduction
Resolution
This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 14.2 MP1. This information supplements the information found in the Release Notes.
New fixes
Firewall does not recognize traffic by application name
Fix ID: 4114008
Symptoms: The Endpoint Protection firewall sometimes does not allow traffic based on the application name.
Solution: Updated the drivers to let this traffic correctly pass through the firewall.
API command returns inaccurate computer data for clients in user mode
Fix ID: 4185073
Symptoms: The GetComputers API command unexpectedly lets you put different users on the same physical computer into different groups, which then apply different policies in Symantec Endpoint Protection Manager.
Solution: Fixed the stored procedure used for this API command so that it checks the user name and domain name in the query.
ccSVCHst.exe causes high CPU usage only on managed SEP clients
Fix ID: 4192850
Symptoms: ccSvcHst.exe causes high CPU usage on managed Symantec Endpoint Protection clients. If unmanaged, ccSvcHst.exe CPU usage is normal.
Solution: Fixed an issue with duplicate entries in LiveUpdate Content policy during Replication.
Clients are showing as offline in SEPM after upgrading to SEP 14.2
Fix ID: 4200738
Symptoms: Clients that have upgraded to Symantec Endpoint Protection 14.2 do not appear correctly in Symantec Endpoint Protection Manager.
Solution: Fixed the issue to correctly show the status of clients.
Cannot delete Citrix roaming profiles after upgrading to SEP 14 MP2
Fix ID: 4099309
Symptoms: After you upgrade the Symantec Endpoint Protection client to version 14 MP2, you cannot delete Citrix roaming profiles.
Solution: Fixed the code to prevent the locking of Windows Error Reporting folders so that roaming profiles can be deleted.
ATP does not send MD5 hashes to SEPM replication partners
Fix ID: 4181187
Symptoms: Advanced Threat Protection does not send blacklisted MD5 hashes to all Symantec Endpoint Protection Manager replication partners if Replication is enabled between all SEPMs is checked.
Solution: Added a new REST API to correctly send MD5 hashes to all replication partners.
symev process causes a kernel panic when installing SEP for Linux
Fix ID: 4189922
Symptoms: The symev process causes a kernel panic when installing a Symantec Endpoint Protection client for Linux.
Solution: Updated the Auto-Protect startup script to not load pre-built AP kernel modules if the kernel module was previously manually compiled.
SEP for Linux fails to auto-compile on Amazon Linux AMI 2018.03 virtual machines
Fix ID: 4193589
Symptoms: Auto-Protect module fails to auto-compile if running a Symantec Endpoint Protection client for Linux on Amazon Linux AMI kernel versions 4.9.81 and 14.4.
Solution: Added support for the kernel versions 4.9 and 14.4.
SEP 14.2 client cannot communicate with SEPM if client hostname contains DBCS
Fix ID: 4193683
Symptoms: If a Symantec Endpoint Protection 14.2 client machine's hostname contains DBCS, SEPM 14.2 rejects clients with HTTP error 412.
Solution: Fixed to allow DBCS as a hostname.
ccSvcHst.exe causes high memory usage
Fix ID: 4130691
Symptoms: ccSvcHst.exe causes high memory usage in Symantec Endpoint Protection.
Solution: Added Memory Fragmentation Monitor to actively monitor and resolve memory fragmentation within ccSvcHst.exe. For details, see the solution noted at the following page: Endpoint Protection client fails to update content until SEP service is restarted
Move Clients script does not work with 14.2 clients
Fix ID: 4148864
Symptoms: The Move Clients script does not move 14.2 clients based on the IP address or subnet.
Solution: Updated the script to work as expected.
SQL Server causes high CPU usage after migrating to SEP 14
Fix ID: 4157709, 4189823
Symptoms: SQL Server causes high CPU usage due to a buildup of a .bak file with Application Learning.
Solution: Fixed performance issues with Application Learning. Added a configurable record-keeping period and a periodic cleanup routine for Application Learning.
Upgrading a client to SEP 14 RU1 causes VMware server to hang
Fix ID: 4170028
Symptoms: After upgrading a Symantec Endpoint Protection client to 14 RU1 on a VMware server, the server hangs.
Solution: Fixed this issue so the VMware server does not hang.
Specific folders are world-writable in SEP 14 for Mac
Fix ID: 4171654
Symptoms: Some folders in the Symantec Endpoint Protection 14 client for Mac are world-writable.
Solution: Correctly set the folder permissions from 777 to 755.
Custom-made applications are denied access to the Crashdumps folder
Fix ID: 4174101
Symptoms: Custom-made applications cannot access the Crashdumps folder.
Solution: Fixed the permissions to allow access to the folder.
Application Control does not detect a USB storage device correctly if the device is in UAS mode
Fix ID: 4184583
Symptoms: A USB storage device in USB Attached SCSI (UAS) mode is not correctly recognized when Removable Device is checked in the Application Control policy.
Solution: Fixed code to correctly identify bus types.
SEPM REST API does not allow you to add file extensions to Exceptions policy
Fix ID: 4184584
Symptoms: Symantec Endpoint Protection Manager’s REST API does not let you add file extensions to the Exceptions policy.
Solution: Updated the REST API to let you add file extensions.
SEPFL fails to build on Ubuntu 16.04 with kernel 4.13.0-41-generic
Fix ID: 4184986
Symptoms: If you install Symantec Endpoint Protection client for Linux on an Ubuntu system that runs kernel 4.13.0-41-generic, the Auto-Protect kernel module fails to auto-compile or to manually compile.
Solution: Fixed the source code to correctly compile the Auto-Protect kernel modules.
ATP fails to refresh tokens with SEPM
Fix ID: 4185096
Symptoms: The access tokens are deleted whenever an admin object updates.
Solution: Fixed a bug that caused the access tokens to be incorrectly deleted.
SEPM database generates deadlocked entries
Fix ID: 4185949
Symptoms: Symantec Endpoint Protection Manager updates entries randomly with two modes: batch and bulk. Batch mode causes entries to become deadlocked.
Solution: Added a lock mechanism in batch mode to prevent the deadlocks.
Different technology scans show different risk names for the same application, but SONAR logs only display the first risk name
Fix ID: 4185951
Symptoms: When an application is scanned with different technology scans, SONAR logs only display the name of the first risk name scanned.
Solution: Risk names will now be displayed based on the scan technology.
SEP client does not switch to a location with the “All of the IP addresses” condition
Fix ID: 4189059
Symptoms: The Symantec Endpoint Protection client does not switch to a location when the “All of the IP addresses” condition is used.
Solution: Fixed the network change behavior to follow the correct conditions.
Clients trigger false network change events after upgrading to SEP 14.2
Fix ID: 4202807
Symptoms: Clients that have upgraded to version 14.2 are triggering false network change events in Symantec Endpoint Protection Manager due to an issue with Auto Location Awareness.
Solution: Fixed the network change behavior to follow the correct conditions.
Upgrading clients to SEP 14.2 breaks communication with SEPM when using internal certificates
Fix ID: 4190710
Symptoms: Clients that have upgraded to Symantec Endpoint Protection 14.2 fail to communicate with a Symantec Endpoint Protection Manager if they use internal certificates.
Solution: Fixed the certificate validation issues that caused these failure cases.
Client does not prompt for a password as expected with smc -stop command
Fix ID: 4190820
Symptoms: When the password protection feature is enabled in Symantec Endpoint Protection 14 RU1 MP2 and LaunchSMCGUI is set to 0, there is no prompt to enter a password when using the smc -stop command. If you set LaunchSMCGUI to 0, the notification area icon does not appear.
Solution: Corrected an issue to display the password prompt in this situation.
SMSMSE 7.9 does not update virus definitions automatically after installing or upgrading to SEP 14.2
Fix ID: 4190874
Symptoms: Symantec Mail Security for Microsoft Exchange does not automatically update virus definitions if installed on a system with Symantec Endpoint Protection 14.2. Tamper Protection blocks the update of registry keys InstalledApps and SharedDefs.
Solution: Fixed Tamper Protection to not block both registry keys.
Clicking the Logoff button on a Citrix SSL VPN client causes a BSOD
Fix ID: 4191513
Symptoms: Clicking the Logoff button on a Citrix SSL VPN client with the NetScaler v12.0-57.24 Gateway Plug-in causes a BSOD.
Solution: Updated the Teefer driver so that this issue no longer occurs.
Upgrading SEPM to SEPM 14.2 causes the Daily and Weekly risk reports to not display properly
Fix ID: 4194070
Symptoms: After upgrading the Symantec Endpoint Protection Manager to 14.2, the Daily and Weekly risk reports do not display any computer details when you select the arrow for more details in the Virus Definition Distribution section.
Solution: Added a missing reference in SEPM for the risk reports.
SEP 14.2 for Mac does not display the correct source and destination port information when blocking port scan behavior
Fix ID: 4194093
Symptoms: Symantec Endpoint Protection 14.2 client for Mac shows source and destination ports as 0 in the firewall logs after blocking for port scan behavior instead of showing the correct information.
Solution: Corrected port information after the block rule is set.
Windows 2008 R2 Server Enterprise hangs periodically after installing SEP 14 RU1 MP1
Fix ID: 4195080
Symptoms: Installing Symantec Endpoint Protection 14 RU1 MP1 on Windows 2008 R2 Server Enterprise causes the server to hang periodically.
Solution: Updated the code so that this issue no longer occurs.
Policies do not update on SEP 14.2 for Mac after removing the Integrations policy
Fix ID: 4199443
Symptoms: When you change one of your policies on a Symantec Endpoint Protection 14.2 client for Mac, the policy does not update if the Integrations policy was removed.
Solution: Fixed the proper return values so that policies correctly update.
After installing SEP 14.2 for Mac, SymDaemon crashes regularly
Fix ID: 4201440
Symptoms: SymDaemon causes the Symantec Endpoint Protection 14.2 for Mac client to crash.
Solution: Improved the checks used during installation.
SEPM does not show latest virus definitions for clients
Fix ID: 4203154
Symptoms: Clients do not send OpState information to the Symantec Endpoint Protection Manager, which causes the latest virus definitions to not show.
Solution: Fixed this issue so clients correctly send information on regular heartbeat intervals.
SEP crashes due to a file description
Fix ID: 4203341
Symptoms: Certain file descriptions cause Symantec Endpoint Protection to crash.
Solution: Fixed parsing issues for certain file descriptions.
SEP incorrectly detects and prompts network application changes
Fix ID: 4203569
Symptoms: When you disable Enable Network Application Monitoring, prompts still appear when Symantec Endpoint Protection detects any changes.
Solution: Fixed this issue so that prompts do not appear when network application monitoring is disabled.
Windows Server 2016 hangs periodically after installing SEP 14 RU1 MP1
Fix ID: 4184581
Symptoms: Installing Symantec Endpoint Protection 14 RU1 MP1 on Windows Server 2016 causes the server to hang periodically.
Solution: Updated the driver so that this issue no longer occurs.
Cannot delete applications on remote shares if Application Hardening is installed
Fix ID: 4169444
Symptoms: You cannot delete applications from remote shares with the Symantec Endpoint Protection 14 RU1 MP1 client installed if Application Hardening is also installed.
Solution: Fixed the Application Hardening feature in Data Center Security to allow applications to be deleted.
SEP 14.2 for Mac does not distinguish between AM and PM time in a scheduled scan when the system language is set to Japanese
Fix ID: 4194472
Symptoms: Running a daily or weekly scheduled scan when the system language is set to Japanese on a Symantec Endpoint Protection 14.2 client for Mac causes the scan to ignore the AM and PM settings.
Solution: Fixed this issue so that the daily and weekly scheduled scan now differentiates between the AM and PM settings.
Quarantine menu descriptions in SEP for Mac do not display properly when the system language is set to Simplified Chinese
Fix ID: 4194978
Symptoms: Quarantine menu descriptions display incorrect characters when the system language is set to Simplified Chinese in a Symantec Endpoint Protection client for Mac.
Solution: Fixed the Quarantine menu descriptions to display the correct characters.
SEP 14.2 for Mac does not send scan logs to SEPM
Fix ID: 4199447
Symptoms: Converting an unmanaged Symantec Endpoint Protection 14.2 for Mac to a managed client with SylinkDrop causes scan logs to not send correctly to Symantec Endpoint Protection Manager.
Solution: Fixed this issue to set the correct values when converting to a managed client.
Component versions
The build number for this release is 14.2.1031.0100 (or earlier equivalents 14.2.1023.0100 and 14.2.1015.0100 (PBA 40)).
Red text indicates components that have updated for this release.
|
Component |
DLL File |
DLL Version |
SYS File |
SYS Version |
|---|---|---|---|---|
|
AutoProtect |
srtsp64.dll |
15.0.40.15 |
srtsp64.sys |
15.0.40.14 |
|
BASH Defs |
BHEngine.dll Seq#= 20180212.001 |
11.4.0.29 |
BHDrvx64.sys |
11.4.0.29 |
|
BASH Framework |
BHClient.dll |
10.4.1.12 |
N/A |
- |
|
CC |
ccLib.dll |
13.4.0.20 |
ccSetx64.sys |
13.3.0.24 |
|
CIDS Defs |
IDSxpx86.dll Seq#= 20180802.540 |
16.2.1.22 |
IDSviA64.sys |
16.2.1.22 |
|
CIDS Framework |
IDSAux.dll |
15.2.5.29 |
N/A |
- |
| CP3 | version.txt | 2.5.0.174 | N/A | - |
| CX | cx_lib.dll | 3.0.3.25 | N/A | - |
|
ConMan |
version.txt |
2.1.6.2 |
N/A |
- |
|
D2D |
version.txt |
1.2.1.5 |
N/A |
- |
|
D2D_Latest |
version.txt |
1.5.0.50 |
N/A |
- |
|
DecABI |
dec_abi.dll |
2.3.5.10 |
N/A |
- |
|
DefUtils |
DefUtDCD.dll |
4.16.8.24 |
N/A |
- |
|
DuLuCallback |
DuLuCbk.dll |
1.8.1.17 |
N/A |
- |
| DuLuxCallback | duluxcallback.dll | 2.11.1.11 | N/A | - |
|
ERASER |
cceraser.dll |
117.3.1.6 |
eraser64.sys |
117.3.1.6 |
|
IRON |
Iron.dll |
7.0.6.7 |
Ironx64.sys |
7.0.6.3 |
| LUX | Lux.dll | 2.10.1.13 | ||
|
LiveUpdate |
LUEng.dll |
2.6.1.11 |
N/A |
- |
|
MicroDefs |
patch25d.dll |
5.1.3.11 |
N/A |
- |
|
SDS Engine |
sds_engine_x86.dll Seq#= 20180829.022 |
1.7.0.382 |
N/A |
- |
|
SIS |
SIS.dll |
91.12.4400.5000 |
N/A |
- |
|
STIC Defs |
stic.dll Seq#= 20180829.007 |
1.5.1.287 |
N/A |
- |
|
SymDS |
DSCli.dll |
6.2.0.17 |
N/A |
- |
|
SymEFA |
EFACli64.dll |
6.3.3.12 |
SymEFASI64.sys |
6.3.3.11 |
|
SymELAM |
ELAMCli.dll |
2.0.1.95 |
SymELAM.sys |
2.0.1.85 |
|
SymEvent |
Sevntx64.exe |
14.0.6.30 |
SymEvent.sys |
14.0.6.27 |
|
SymNetDrv |
SNDSvc.dll |
15.2.2.31 |
symnets.sys |
15.2.2.31 |
|
SymScan |
ccScanW.dll |
14.2.2.19 |
N/A |
- |
|
SymVT |
version.txt |
9.2.3.6 |
N/A |
- |
| Symulator | version.txt | 1.6.0.128 | N/A | - |
| TCSAPI | version.txt | 1.6.0.25 | N/A | - |
| Titanium | titanium.dll | 2.4.1.12 | N/A | - |
|
WLU(SEPM) |
LuComServerRes.dll |
3.3.202.6 |
N/A |
- |
Feedback
