Endpoint Protection clients 14.2 MP1 show offline in Endpoint Protection Manager after migration, but continue to receive updates
Last Updated May 01, 2019
You notice after upgrading Symantec Endpoint Protection (SEP) clients to 14.2 MP1 that they show offline in the Symantec Endpoint Protection Manager (SEPM), but they continue to receive updates.
Two root causes:
1. Upgrade logic would overwrite the SYLINK key in Wow6432Node hive if one was present in the native hive. This caused ClientType value to be deleted. This was mitigated in 14.0 by Sylink functionality which would put back the value if it was seen missing during startup.
2. SEP 14.2 moved from Sylink to CVE communication model and did it not have functionality to restore the ClientType value. Since it was missing, it sends '0' as the ClientType to SEPM. [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\ClientType]