Symantec Sygate Enterprise Protection 5.1.7 (5.1 MR7) Readme.txt

Article:TECH102611  |  Created: 2007-01-09  |  Updated: 2011-07-11  |  Article URL http://www.symantec.com/docs/TECH102611
Article Type
Technical Solution


Issue



Symantec Sygate Enterprise Protection 5.1.7 (5.1 MR7) Readme.txt

 


Solution



Readme for Symantec Sygate Enterprise Protection 5.1.7 (5.1 MR7) Copyright (C) 2005-2007 Symantec Corporation

Contents

    1. Product Name and Version
      1. Overview of the Release
    2. System Requirements
    3. Hardware Tested
    4. Configurations
    5. Applications Tested
    6. New Features in 5.1 MR7
    7. Known Issues and Bugs
    8. Known Fixes
    9. Troubleshooting
    10. Upgrade Issues
    11. Documentation and Online Help
    12. Third Party Attributions
    13. Contact Information



1. Product Name and Version
 

    Symantec Sygate Enterprise Protection 5.1 MR7
      Release Date: September 2007
        • Symantec Policy Manager
        • Symantec Protection Agent
        • Symantec Enforcement Agent
        • Symantec Endpoint Protection for Windows XP Embedded Agent
        • Symantec Network Access Control Agent for Linux (Linux Agent)
        • Symantec Network Access Control Agent for Mac (Mac Agent)
    1. Overview of the Release
      This release supports the Protection Agent on Windows XP Embedded systems, Symantec Network Access Control Agent for Linux systems and control removable device media by device vendor/model. The Symantec Policy Management Server distributes security policies to a variety of agents across the enterprise network, including Windows agents, Mac agents, Linux agents and XP Embedded agents.


2. System Requirements
 

    Symantec Policy Manager
        Hardware Requirements
        • Pentium III 900 MHz or faster (Pentium 4 2.4 GHz recommended)
        • 512 MB RAM (1 GB RAM is recommended; 2 GB RAM or more is recommended if you have over 50,000 users)
        • 400 MB hard disk space
        • Additional disk space for storing logs and backups (disk requirements depend on the number of logs and length of time the logs are kept)
        • One (1) Ethernet adapter with TCP/IP installed
        • Monitor display: 1024x768 resolution or better
        Software Requirements
        • Windows Server 2003 Standard or Enterprise Edition (through SP1)
        • Internet Information Server (IIS) with World Wide Web services installed

    NOTE: The Policy Manager does not support IIS with multiprocessor functionality enabled. If IIS is modified to turn on multiprocessor support, the Policy Manager will shut down.
    To start the Policy Manager, IIS must be restarted without multiprocessor support (set Web Gardens to 1), and then the Policy Manager must be restarted.

      Database Requirements
        • The Policy Manager requires a database to store information. You can use the Symantec Embedded database (included) or a Microsoft SQL database (not included).


      Embedded Database Requirements
        • The Embedded Database must be installed on the same machine as the Policy Manager.

      Hardware Requirements
        • 2 GB RAM total on the Policy Manager
        • 2 GB of free hard disk space after installation
           
      Software Requirements
        • The Embedded Database is included with the Policy Manager.


    Microsoft SQL Database Requirements
        • The SQL database can be installed on the same machine as the Policy Manager or on a different computer.
      Hardware Requirements
        • 1 GB RAM (2 GB RAM if Policy Manager is installed on the same computer)
        • 2 GB of free hard disk space after SQL Server is installed
           
      Software Requirements
        • Microsoft SQL Server 2000 Standard or Enterprise Edition (installed locally or remotely)
        • Microsoft SQL Client (installed locally)
        • If Microsoft SQL Server is installed on a separate computer from the Policy Manager, you need to install the Microsoft SQL Client on the same computer as the Policy Manager.
      SQL Server Configuration Requirements
        • Use SQL Server and Windows authentication (click the Security tab of the SQL Server Properties page, or choose Mixed Mode during installation)
        • Make sure TCP/IP protocol is enabled (use the SQL Server Network Utility)

    Web Console
      Hardware Requirements
        • Pentium III 600 MHz or faster
        • 256 MB RAM (512 MB recommended)
        • 1024x768 resolution or higher

      Software Requirements
        • Java Runtime Environment 1.4 or greater (included)
           

    Symantec Protection Agent
      Hardware Requirements
        • Pentium III 700 MHz or faster
        • 128 MB RAM
        • 40 MB available hard disk space
        • One (1) Ethernet adapter (with TCP/IP installed)
      Operating System Requirements
        • Windows 2000 Professional (through SP4)
        • Windows 2000 Server, Advanced Server or Data Center (through SP4)
        • Windows XP Home Edition or Professional (through SP2)
        • Windows Vista Ultimate, 32-bit version
        • Windows Server 2003 Standard or Enterprise (through SP1)
           

    Symantec Enforcement Agent
      Hardware Requirements
        • Pentium III 700 MHz or faster
        • 128 MB RAM
        • 40 MB available hard disk space
        • One (1) Ethernet adapter (with TCP/IP installed)
      Operating System Requirements
        • Windows 2000 Professional (through SP4)
        • Windows 2000 Server, Advanced Server or Data Center (through SP4)
        • Windows XP Home Edition or Professional (through SP2)
        • Windows Vista 32-bit version
        • Windows Server 2003 Standard or Enterprise (through SP1)


3. Hardware Tested

    Symantec components have been tested to work with the following hardware. Similar hardware, such as newer models, will also work.

    Symantec Policy Manager
      Operating Systems
        • Windows Server 2003 Standard or Enterprise (through SP1 or SP2)
        • Microsoft SQL 2000 (SP3 or higher)
      System Hardware
        • Dell 2400 Celeron, 2.4GHz, 256MB
        • Dell Dimension 2350, 2GHz, 512MB
        • Dell Dimension 4500, P4 2.4GHz, 1GB RAM
        • Dell Dimension 4700, P4 2.8GHz, 1GB RAM
        • Dell Inspiron 2650, Celeron 1.5GHz, 256MB
        • Dell PowerEdge 1750, Dual Xeon 2.8GHz, 2000MB
        • Dell PowerEdge 400sc, P4 2.8GHz, 1GB RAM
        • Dell PowerEdge 600sc, P4 2.4GHz, 512MB RAM
        • Dell SC420 P4 3GHz, 512MB
        • Dell Dimension 2400, 2.4 GHz, 1GB RAM
        • Generic AMD Sempron2200+, 1.5GHz, 1000MB
        • Generic P4 2.4GHz, 1000MB
        • Generic P4 3.0GHz, 1000MB
        • Generic P4 Dual 3.06GHz, 1GB RAM

    Symantec Protection Agent
      Operating Systems
        • Windows 2000 Professional (through SP4)
        • Windows 2000 Server, Advanced Server, Datacenter Server (through SP4)
        • Windows XP Home Edition or Professional (through SP2)
        • Windows Vista Ultimate, 32-bit version
        • Windows Server 2003 Standard or Enterprise (through SP1)

      System Hardware
        • VMware Workstation 4.5.1
        • Compaq Presario X6000, P4 2.8Ghz, 512 MB
        • Dell 2400 Celeron 2.4GHz, 256MB
        • Dell Dimension 2350, P4 2.0GHz, 512MB
        • Dell Dimension 2400 Celeron, 2.4GHz
        • Dell Dimension 4550, P4 2.4GHz, 1GB
        • Dell Dimension 4700, P4 2.8GHz (HT), 512MB
        • Dell Dimension 6500, P4 2.4GHz, 1GB RAM
        • Dell Inspiron 2650, Celeron 1.5GHz, 218MB
        • Dell Inspiron 6000 Mobile1.5GHz, 512M
        • Dell PowerEdge 1750 Dual Xeon 2.8GHz, 2000MB
        • Dell SC420 P4 3GHz, 512MB
        • Generic AMD Sempron2200+, 1.5GHz, 512MB
        • Generic P3 700 MHz, 256 MB
        • Generic P4 2.0GHz, 512MB
        • Generic P4 2.4GHz, 1000MB
        • Generic P4 3.0GHz, 512MB
        • Generic P3 650 MHz, 256MB
        • Generic P4 2.4GHz, 767MB
        • Generic P4 3.0GHz, 1000MB
        • HP d530 SFF, P4 2.8 GHz, 512MB
        • HP nc6000 PM 1.6 GHz, 512MB
        • IBM Netvista Celeron 1.8GHz, 256MB
        • IBM x30, P3 Mobile 1.2GHz, 512MB
        • Sony VAIO P3 446MHz, 128MB
        • Toshiba Satellite Mobile, P4 2GHz, 192MB

      Ethernet Adapters
        • 3Com 10/100 PCI server NIC with 3XP
        • 3Com 3C920 integrated fast Ethernet controller
        • Broadcom 440x/10/100 Integrated controller
        • Broadcom NetXtreme 5751 Gigabit
        • Broadcom NetXtreme Gigabit
        • Broadcom 440 10/100 integrate controller
        • Cisco Aironet 802.11 a/b/g wireless adapter
        • Dell wireless 1450 dual-band (802.11 a/b/g) USB 2.0 adapter
        • HP W500 Wireless LAN
        • Intel Pro 100 S server adapter
        • Intel Pro 100 VE
        • Intel Pro/1000 MT
        • Intel Pro/1000 VE
        • Intel PRO/100 VE Network Connection
        • Intel PRO/Wireless 2200BG Network Connection
        • Linksys Wireless G USB
        • Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
        • Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45
        • Netgear FA 101 USB Fast Ethernet adapter
        • Netgear FA 311 Fast Ethernet
        • Netgear FA310TX fast Ethernet adapter
        • NVIDIA nForce MCP Networking Controller
        • Realtek RTL 8139/810x Family Fast Ethernet NIC
        • Realtek RTL8139 Family PCI Fast Ethernet NIC

    Symantec Enforcement Agent
      Operating Systems
        • Windows 2000 Professional (through SP4)
        • Windows 2000 Server, Advanced Server, Datacenter Server (through SP4)
        • Windows XP Home Edition or Professional (through SP2)
        • Windows Server 2003 Standard or Enterprise (through SP1)

      System Hardware
        • VMware Workstation 4.5.1
        • Compaq Presario X6000, P4 2.8Ghz, 512MB
        • Dell 2400 Celeron 2.4GHz, 256MB
        • Dell Dimension 2350, P4 2.0GHz, 512MB
        • Dell Dimension 2400 Celeron, 2.4GHz
        • Dell Dimension 4550, P4 2.4GHz, 1GB
        • Dell Dimension 4700, P4 2.8GHz (HT), 512MB
        • Dell Dimension 6500, P4 2.4GHz, 1GB RAM
        • Dell Inspiron 2650, Celeron 1.5GHz, 218MB
        • Dell Inspiron 6000 Mobile1.5GHz, 512M
        • Dell PowerEdge 1750 Dual Xeon 2.8GHz, 2000MB
        • Dell SC420 P4 3GHz, 512MB
        • Generic AMD Sempron 2200+, 1.5GHz, 512MB
        • Generic P2, 330MHz, 192 RAM
        • Generic P3 700 MHz, 256 MB
        • Generic P4 2.0GHz, 512MB
        • Generic P4 2.4GHz, 1000MB
        • Generic P4 3.0GHz, 512MB
        • Generic P3 650 MHz, 256MB
        • Generic P4 2.4GHz, 767MB
        • Generic P4 3.0GHz, 1000MB
        • HP d530 SFF, P4 2.8 GHz, 512MB
        • HP nc6000 PM 1.6 GHz, 512MB
        • IBM Netvista Celeron 1.8GHz, 256MB
        • IBM x30, P3 Mobile 1.2GHz, 512MB
        • Sony VAIO P3 446MHz, 128MB
        • Toshiba Satellite Mobile, P4 2GHz, 192MB


      Device Control
        USB Flash
          • KingSton DataTraveler Secure-Privacy Edition(DTSP/512M)
          • KingSton DataTraveler Secure-Privacy Edition(DTSP/1G)
          • KingSton DataTraveler Secure-Privacy Edition(DTSP/2G)
          • KingSton DataTraveler Secure-Privacy Edition(DTSP/4G)
          • KingSton DateTraveler (DTI/1G)
          • KingSton DateTraveler (DTI/2G)
          • KingSton DateTraveler (DTI/4G)
          • Samsung Pleomax (1G)
          • SandDisk SDCZ6/512M (U3 smart)
          • SandDisk SDCZ2/1G
        USB MP3
          • SandDisk 2GB
          • Ipod Nano 2GB
          • Creative Zen V Plus 4G

        Memory Cards
          • CF-50 SD Card Slots
          • KingSton SD Card

        Disk Driver
          • DELL(TM) Floppy driver module

        USB Camera
          • Cannon IXUS9501S
          • Cannon MVX430
          • SONY DSC-T100
          • SONY DCR-HC48 (Carl Zeiss)
          • Panasonic DMC-FX30

        USB Hard Disk
          • YDSTAR 942U2 (40G)
          • Seagate ST90000U2 (100G)
          • Seagate momentus5400.2 (40G)
          • Western digital 120G
          • NESO NS-7100

        USB CD/DVD
          • Panasonic cf-vdrrt3u
          • SONY DRX830-UL
          • Philips SPD3500CC/10

        SCSI Hard Disk
          • Hitachi E182115(320G)
          • Western digital WD3200AAJB(320G)

        PCMCIA to Compaq flash adapter
          • SandDisk PCMCIA PC CARD ATA
          • Kingston CF/1GB

        Firewire Camera
          • Toshiba
          • Fire-i
          • Apple isight

        Firewire Hard Driver
          • Hitachi
          • Seagate Buslink320G
          • LaCie


4. Configurations


    Symantec Policy Manager
    It is recommended that you close all other applications before you start installing the Symantec Policy Manager.
      Microsoft SQL Server 2000
        If you are using Microsoft SQL Server 2000, you must enable Mixed Authentication.You can set authentication for both SQL and Windows during the
        installation of Microsoft SQL Server 2000 (the default setting is Windows Only). You can also enable this setting after installation as described here:

      To enable Mixed Authentication:
      1. Start the Microsoft SQL Server Enterprise Manager.
      2. Right-click the Microsoft SQL Server and choose Properties.
      3. Select the Security tab.
      4. Select the SQL Server and Windows option.
      5. Click OK.
    Installing Multiple Symantec Policy Managers
    If installing multiple Policy Managers, you must synchronize the clocks of all Policy Managers that point to the same database server.

    In addition, it is a good idea to time-synchronize all Policy Managers across all sites. Otherwise, Agents may not be able to receive the
    latest profile if one of the servers sets the time at a future date. Also, log information could be confusing if different time settings are used.

    Symantec Protection Agent
    Before installing Symantec Protection Agent, it is recommended that you close all other applications that may be accessing your modem
    drivers or network.


5. Applications Tested
 

    System components have been tested to work with the following applications:
      Symantec Policy Manager
        • Authentication Servers
        • Active Directory and NT Domain
        • Windows 2000 Server Active Directory
        • Windows Server 2003 Active Directory
      LDAP Servers
        • Windows 2000 Server Active Directory
        • Windows Server 2003 Active Directory
        • Netscape Directory Server 6.2
        • Novell eDirectory 8.7.3

      RSA SecurID
        • RSA ACE/Server 5.2


      DHCP Servers
        • Microsoft 2003 DHCP Server
        • RedHat Linux ES 3.0 DHCP Server
        • Sygate Protection Agent and Sygate Enforcement Agent
      VPN Clients
        • Aventail VPN 5.3
        • Cisco VPN Client 4.6.02
        • Juniper NetScreen-Remote 8.2, 8.5 (Safenet)
        • Nortel Networks Contivity VPN Client 5.01
        • Microsoft PPTP
      AntiVirus Software
        • Microsoft Live Onecare
        • Microsoft ForeFront Client Security
        • Symantec NIS 2006, 2007
        • Symantec NAV 2006, 2007
        • Symantec SAV 9.0, 10.1, 10.2
        • Symantec SCS 2.0, 3.0, 3.1
        • Symantec Norton 360
        • Trend PC-Cillin Internet Security 2006, 2007
        • Trend OfficeScan 7.0, 7.3
        • McAfee Internet Security 2007
        • McAfee Internet Security (2006) Suite 8.0
        • McAfee VirusScan Plus 2006, 2007
        • McAfee VirusScan 8.5i
        • Sophos Antivirus 5.0, 6.0, 6.5
        • eTrust Internet Security 2007
        • CA Antivirus 2007
        • ez Antivirus 8.0, 8.2
        • eTrust AntiVirus 7.0.1.4
        • Panda Internet Security 2007
        • Panda Antivirus 2007
        • Panda Antivirus +Firweall 2007(Titanum)

      Symantec Protection Agent Only
        Supplicants:
          • Odyssey Client 4.50 and Odyssey Client 4.60.49335 (on Windows XP and Windows 2000)
          • Cisco Secure Services Client 4.0.51.5192 (on Windows XP and Windows 2000)
          • Microsoft supplicant on all windows system
      Symantec Enforcement Agent Only
        Firewall Support:
          • Microsoft Live OneCare
          • Microsoft Windows Firewall
          • Symantec NIS 2006, 2007
          • Symantec Norton 360
          • Symantec SCS 2.0, 3.0, 3.1
          • Symantec Norton Personal Firewall 2005, 2006
          • McAfee Internet Security 2007\
          • McAfee Virus Scan Plus 2007
          • McAfee Internet Security (2006) Suite 8.
          • McAfee Personal Firewall 8.0
          • ZoneAlarm 6.5, 7.0
          • ISS Proventia Desktop 8.0
          • ISS RealSecure Desktop Protector 7.0
          • Black Ice 3.6


6. New Features in 5.1 MR7
 

    Symantec Network Access Control Enforcement Agent for Linux is supported on the following Linux versions.
      • Suse Linux Enterprise Server 10 initial release
      • Fedora Core 6 initial release
      • Red Hat Enterprise Linux 3 (All updates)
      • Red Hat Enterprise Linux 4 (All updates)
        • Both 32bit and 64bit are supported.
    Device Control adds support for removable devices (USB, Firewire, Optical drivers, Floppies, SD cards and others) by device vendor/model in following categories.
      • OS Protection
      • Device Control
      • DevViewer tool
    Add support of new agent, Symantec Endpoint Protection for Windows XP Embedded Agent which has Firewall, Intrusion Prevention and Antivirus capabilities. Key features are as following:
      • Heatbeat synchronization
      • Customized security policy
      • Location awareness
      • Host Integrity
      • Multiple types
      • Works with the Symantec Enforcer


7.
Known Issues and Bugs
 

    Symantec Policy Manager
      Bug # 1120394
      When upgrading Symantec Policy Manager from build 3032 to 3118, the message "unexpected end of file from server" may appear. In some
      computers, an "unexpected end of file from server" error takes place duringSymantec Policy Manager upgrading. This occurs because the file
      secars.dll&semsvc.exe was not successfully replaced during installation. Bug # 852487
      After migration, the Host Integrity EXECUTE command "%1+parameters" remains "%1+parameters" and cannot be automatically converted
      to "%F%+parameters". The command must be changed manually.
        Note: theEXECUTE command is "%1"; to add parameters, the command is "%1+parameters"
      Bug # 895006
      Symantec Policy Manager Server will not start when an IP address is specified in the website. The Symantec Policy Manager Service will fail
      to start if the Symantec Web Server web site setting "Assigned IP address" is not set to "All Unassigned" on the Symantec Web Server Properties configuration page.

      Bug # 1131119
      After installing Symantec Policy Manager, if a Host Integrity policy is exported, edited, and then the Export Policy window is opened again,
      without any change to the policy name, the policy will be exported and will replace the previous policy of the same name when the Close Window button is clicked.
      Note: the window should close but the policy should not be exported or replace the previously exported policy of the same name.

      Bug # 1129096
      When "Allow All Clients with Non-windows Operating Systems" is enabled, the Gateway Enforcer still block those devices. Workaround: add
      the devices to the trusted IP range or configure the Gateway Enforcer in learning mode.

      Bug # 1129104
      In the Symantec Policy Manager Application Authentication settings,only the "Action" is valid for XPE Agent but "Exception list" is valid for Windows;
      Functions on the DLL Authentication tab only work for XPE agent.

      Bug # 904133
      Some Japanese characters are displaying incorrectly onscreen in the Symantec Policy Manager interface and the Host Integrity rule name does not
      always display correctly. Bug # 1129679
      Linux Agent: The smcgui process cannot start up automatically after a reboot of the Agent computer as expected.
        Workaround:
        • Successfully restart the Linux Agent GUI manually by clicking its program icon Symantec Enforcement Agent

          OR
        • Manually add Symantec Enforcement Agent to Startup programs.
           

      Bug # 1110375
      Linux Agent: The IP address cannot be renewed automatically by using NetworkManager on Linux with DHCP. The Agent's IP address should be automatically switched to Normal address.
        Workaround:
        • Manually restart the NIC by any means.
        • Choose ifdown/ifup mode for NIC.

      Bug # 1105315
      Linux Agent: VPN is disconnected if the Agent service is startedlater than the start of the VPN connection. The Linux Agent should work properly with a SSL-VPN connection.

      Bug # 1069448
      Linux Agent: After uninstalling and re-installing the Agent, two smcgui processes will run.

      Bug # 1082087
      Linux Agent: Linux can still connect to the Symantec Policy Manager even if the option to Never Connect to Symantec Policy Manager is enabled.

      Bug # 1115540
      Linux Agent: Agent fails to get DHCP server address and switch to a specified new location.

      Bug # 1116681
      Linux Agent: There is 802.1x authentication performance degradation on SLES10(32/64 OS); the EAP authentication process on SLES10 is much more slower
      than other platforms (about 2 - 16 minutes).


    Symantec Protection Agent
      Bug # 1114391
      Reverse DNS lookups may be blocked by the Agent even if the Allow All Firewall rule is enabled. To make the agent pass the RNDS packets
      process, add a Firewall rule that includes domain/hostname checking withthe action set to "PASS". Bug # 1110134
      The Agent cannot perform 802.1x authentication normally with the switch ZTE 2826E unless the cable is first unplugged then re-plugged one time.

      Bug # 1125187
      When running Symantec Policy Agent configured as the 802.1x supplicant, wireless with WEP authentication enabled cannot connect after attempting
      to acquire network address.

      Bug # 1089632
      When remediation fails the MSI AntiVirus file downloads successfully but does not automatically execute. However, if an executable file
      downloads, it will automatically execute. Workaround: If you are using Host Integrityto download and run an MSI install package as a part of your remediation action,
      you must reference msiexec.exe /package in the command string, entered in the Execute command dialog box. For example: "%SYSTEMROOT%\System32\msiexec.exe /package %F%"

      Bug # 1133070
      After installing Kaspersky Antivirus 7.0 on a Windows Vista system along with the Symantec Protection or Enforcement Agent, the Agent systray Icon
      does not display.


    Replication
      The Policy Manager list will be overwritten with the Policy Manager list of the first server after replication, which causes all users that are in the
      temporary group to connect to the first site instead of connecting to the current site.

      During the replication cycle, groups/domain names/admin names/policies in the Policy Library (firewall policies, Host Integrity policies, etc.) with
      duplicate names are merged according to the resolving conflict mechanism (i.e., the names are appended with a ~ depending on the number of
      duplicate items that exist).

      The entire policy file and all rules will be overwritten during replication, depending on the time stamp of the last modified policy. This means that if
      rules are created in the same policy on two different sites at the same time, only one of the updates will be kept. To work around this, change a single
      policy from only one site at a time, and wait for replication to occur before changing it from any other site.

      Data for each setting under the protection settings are merged if they belong to different groups. For example if you change the "maximum size"
      of the system logs on one site and change the "maximum size" of the security log on another site before a replication cycle, after replication you will see
      the changes on both sites. But if you modify the same group (for example, system log) on both sites, there will be an overwrite depending upon
      the time stamp.

      During replication, you may observe high CPU usage.

      The replication time schedule is set to the GMT time zone.

      Replication is always initiated by the site with the smaller ID. If you
      want to change the replication schedule from a site with a larger ID, you
      will need to use the replicate now option in order for changes to take
      place right away. Otherwise the changes will take place in the next
      replication cycle.

      Replication schedules will always be the same on two sites involved in
      replication, even if you set the schedules to be different.


    Domain/Admin
      If the name of the system administrator and domain administrator is the same (which is allowed), and the domain admin is locked out, the system
      admin will also be locked out. Likewise, the status screen for the system admin, which holds info on login attempts, etc., will append the number of
      login attempts from the domain admin status screen.

      If an administrator wants notifications to be sent to himself/herself as well as to others, the admin has to re-enter his/her email address (in
      addition to other email addresses).
        Go to the Email Notification tab > Notify other email accounts > Email configuration.
      In effect, enabling "Notify other email accounts" will disable notification to the admin's email account under the General tab.

    OS Protection
      Writing custom OS Protection rules is not for a novice administrator. It is possible to make the Agent machine unusable by writing a few specific
      OS Protection rules. Currently there is no way of recovering except by fixing or disabling the bad OSP policy on the Policy Manager, then booting the Agent into
      Safe Mode with networking support and downloading the new policy file.


    Buffer Overflow Protection
      Buffer Overflow Protection is limited to detecting stack overflows, not heap overflows or return to lib-c overflows. Also, it will not fully prevent
      a buffer overflow. Rather, Buffer Overflow Protection will prevent the execution of the hostile process, but not the intrusion or the overflow.
      Therefore, a system reboot may be required to restore functionality.

      The Security log for Buffer Overflow events will always list the remote IP as 0.0.0.0, whether or not the attack is local or remote.

    Intrusion Prevention System/Trojan Detection
      If all Intrusion Prevention System libraries are disabled under Global settings, but IPS is still enabled on the IPS tab, then the last good
      library will remain applied on the Agent, even if nothing is enabled under the global or group settings.
      If Intrusion Prevention System (IPS) is disabled on the IPS tab, the IPS serial number is removed on the server, but not on the Agent, even if
      there is no IPS applied on the Agent.

      To enable Intrusion Prevention, a Firewall Policy needs to be created, and in order to enable Trojan Protection, OS Protection needs to be enabled.

      Updates for Intrusion Prevention System (IPS) and Trojan Signature library are stored in a single file. Therefore these updates are downloaded to the
      Agent regardless of whether IPS or Trojan Protection is enabled for the Agent.


      Host Integrity
      In a Host Integrity custom rule, when you run a program with logged in user context, you must type the full path in order for it to work correctly.


8. Known Fixes
This version of Symantec Sygate Enterprise Protection has corrected the following issues:


    Symantec Policy Manager
      Bug # 1078630A
      "Failed to Export" error occurs when attempting to export Enforcer Traffic logs from the Symantec Policy Manager monitoring tab.

      Bug # 1060644
      SEP MR4 cannot support both Cisco 3750 and Huawei 3050 switches.

      Bug # 1047217
      The Agent's online status is not being shown correctly in Symentac Policy Manager.

      Bug # 1095365
      If the Symantec Policy Manager Advanced debug is enabled and set to FINE, the Agent Log Inbox will grow to a large size.

      Bug # 1087823
      The Symantec Policy Manager Agent log collections are not displaying without delay in the policy manager console.

      Bug # 1085954
      The Replication process fails at all sites with the error "The temporary group is not found".

      Bug # 1088412
      The Replication process fails with NullPointerException error.

      Bug # 1090854
      The Replication process fails due to deadlocks.

      Bug # 1105705
      Replication changes from the subsite are not seen on the main site.

      Bug # 1105706
      The Symantec Policy manager console hangs when attempting to load a group structure.

      Bug # 778972
      The Symantec Policy manager is unable to import Active Directory users with a backslash in the Organizational Unit name.

      Bug # 1046944
      An unexpected exception occurred on Symantec Policy Manager.

      Bug # 1068703
      A DBCS display error occurs in the user interface if the host name is represented as a Chinese word.

      Bug # 904133
      Japanese characters added to a Host Integrity requirement causes an incorrect log entry.

      Bug # 971112
      When Replicate All Logs is enabled on a replication partner, log entries are garbled at both sites.

      Bug # 1038754
      The Symantec Policy Manager records an IP in the Syslog that may not be a valid IP address due to a failure to append IP_ADDR1 and MAC_ADDR1 to the Syslog
      entries.

      Bug # 937441
      The feature Delete Agents That Have Not Connected for * Days adversely affected Agent database.

      Bug # 1086783
      Agent Properties are incomplete when viewed properties remotely with Internet Explorer.

      Bug # 1045108
      The MAX size of the Registry keyword REG_DWORD in the policy condition setting will not accept numbers larger than the Windows setting; for example, 2147483647
      will work, but 2147483648 or 2147483649 will not.

      Bug # 992363
      If the default values are changed, those changes to the Agent Behavior log file size setting are not written to the database. In the LOG_CONFIG table the default
      values remain in place. All other log settings apply correctly.

      Bug # 1040532
      During creation of a registry key, the registry key value name does not accept the backslash character as it should.


    Symantec Protection Agent
      Bug # 1068036
      Computers fail to install and display blue screen after attempt to install the Agent.

      Bug # 1106433
      During installation of the Agent, the system crashes with a blue screenwhen both V3 Antivirus software and NWLink IPX/SPX/NetBIOS Compatible Transport Protocol is
      installed.


      Bug # 537329
      Symantec Protection Agent will not update a profile until the user logs in.

      Bug # 1033742
      Host Integrity checking behavior may provide inconsistent pass or fail
      results.

      Bug # 1037102
      The Document Encryption Application fails to load when the SysPlant driver is enabled on the Agent computer.

      Bug # 901627
      Built-in Host integrity support for McAfee VirusScan Enterprise 8.5 is needed.

      Bug # 996897
      The Sysplant driver prevents the ATM/computer's key exchange used for encryption to fail. During system boot the key encryption fails and the XFS system reports that it
      cannot receive information from the hardware in the machine. When key exchange works the system is able to successfully utilize all ATM components.

      Bug # 1038748
      The IP address for the security logs is assigned randomly but the agent should instead be provided the IP address of the NIC with the gateway as the default IP if it is
      a multi-NIC system.

      Bug # 1038751
      The order of IP addresses the client sends to the server is in random orderbut instead the client should always provide the IP address of the NIC with a gateway at the
      top of the list so that the Symantec Policy Manager server will always log such that the NIC with a gateway address is displayed first in the SEM_COMPUTER table for IP_ADDR1.

      Bug # 1031015
      The Agent does not work with Odyssey 4.6 on a Windows XP or Windows 2000system, but does work with Odyssey 4.51 normally.

      Bug # 849920
      The ProActor application cannot start when Symantec Protection Agent build 6241 is installed.

      Bug # 771566
      The Symantec Protection Agent 5.0 anti-MAC spoofing feature is triggered when the NIC is not set to Auto or Full Duplex.

      Bug # 861016
      The Sysplant driver causes a blue screen crash when running EditPad.exe.

      Bug # 862258
      The Agent Properties displays the Local IP address as Remote and the Remote IP address as local.

      Bug # 900128
      Outbound ARP spoofing cannot be detected when driver level protection is enabled. Symantec protection Agent should block the outgoing ARP spoofing traffic.

      Bug # 1076869
      The User Information Collection popup window does not reappear after restarting the Agent on the client PC.

      Bug # 1075136
      Autolocation fails when using Checkpoint VPN version R56.

      Bug # 1074135
      Symantec Protection Agent service can be disabled by an administrator on reboot.


9. Troubleshooting
If you are having a problem related to installation, refer to the following information for common troubleshooting scenarios. For other troubleshooting
information, refer to the online Help or to the Known Issues and Bugs section of this Readme.



    Symantec Policy Manager
      After installation you cannot log on to the Server.
      If after a fresh install of the Symantec Policy Manager you are still unable
      to log on, try one of the following steps:
      • The default password is admin and the default username is admin. No domain is required for the first log on.
      • Verify that you are typing the username, password and domain correctly; all of these fields are case sensitive.


      Server will not start
      If the Symantec Policy Manager service will not start, or the service stops immediately after starting, try one of the following steps:
      • Verify that the server is able to communicate with the database. The service will not start correctly if the database connection is not available.
      • If the database server was shut down improperly you may need to rebuild the database.


      Remote or local console cannot connect to the Policy Manager
      If when you try to log on to the Policy Manager you receive an error message that says you are unable to connect to the Policy Manager, try the
      following steps:
      • Verify that the Symantec Policy Manager service is running.
      • If you are connecting remotely, make sure that the remote computer has access to the Policy Manager server and that the port used for communication
        (default TCP 8443) is not being blocked by a firewall.


      IIS and the Policy Manager shut down when multiprocessor support is enabled
      The Policy Manager does not support IIS with multiprocessor functionality enabled. If IIS is modified to turn on multiprocessor support, the Policy Manager will shut down. To start the Policy Manager,IIS must be restarted without multiprocessor support (set Web gardens
      to 1), and then the Policy Manager must be restarted.



    Symantec Protection Agent

      All traffic is being blocked
      If after installing the Agent you are unable to send or receive any network traffic, try the following troubleshooting steps:
      • Check the network card driver and see if it has a feature called Checksum Offloading. If it does, make sure that this feature is disabled.
      • Try disabling the OS Fingerprint Masquerading, Anti-IP Spoofing, and Stealth Mode Browsing.
      • Try disabling Driver Level Protection.
      • If you have the option Block all traffic while Agent is not running, check to make sure that the Agent service is running correctly.
      • You can boot to safe mode with network support to be able to download a new policy from the Policy Manager.


      Windows does not start after the Agent is installed
      If after installing the Agent on a system the system is not able to boot, try these troubleshooting steps:
      • Verify that the OS Protection policy or the System Lockdown policy does not block system files that are needed for Windows. Try disabling these policies
        on that Agent. You can boot to safe mode with network support to be able to download a new policy from the Policy Manager.
         
      • Verify that it is the Agent causing this problem. Boot to safe mode and disable the Agent service. Make sure you do not have the policy configured
        to "Block all traffic while Agent is not running".


      My application does not work after I install the Agent
      If once you have installed the Agent you discover that certain applications do not function correctly, try these troubleshooting steps:
      • Try stopping the Agent service to verify that this is a problem with the Agent.
      • Try to isolate what module on the Agent is causing the application to not function. Firewall, IPS, OS Protection, Buffer Overflow, or System
        Lockdown are common modules that could be causing this problem. One way to discover which module is causing the issue would be to view the log
        files. For instance, if the logs files on the Agent says that the application has caused a buffer overflow, then you know that the problem
        is with the Buffer Overflow protection.
      • Try disabling the function that is causing the application to malfunction.


      The Agent is unable to capture EAP requests from the switch
      • If you find this problem while using the Microsoft NIC driver, try replacing the driver with your specific manufacturer's driver.


      Svchost.exe crashes on Windows 2000 when using wireless.


10. Upgrade Issues
 

    Enforcer Update Procedures
      There are two alternative methods for updating the Enforcer Appliance:
      • Burn the two update files, initrd-Enforcer.img.gpg and packagelist, onto a CD or copy them onto the root of a USB disk, then insert the CD or USB disk into the
        Enforcer Appliance. After Mount over, run the command "update" to auto-update the Enforcer Appliance.

        OR
      • Upload the two update files, initrd-Enforcer.img.gpg and packagelist, to a TFTP server for which the Enforcer Appliance has access. From the Appliance,
        run the command: update tftp://*.*.*.* (where *.*.*.* is the IP address of TFTP Server) to auto-update the Enforcer Appliance.


11. Documentation and Online Help
 


12. Third Party Attributions
 

    Portions derived from Java and XSLT by Eric M. Burke. Copyright (C) 2001 O'Reilly & Associates.

    Portions copyright (C) 2001-2003 INCORS GmbH - All rights reserved.

    Portions copyright (C) 1995 Martin Schulze. For a period of three years from receipt of this notice, Symantec shall, at your
    request, provide a copy of the pidfile.c source code at a fee equaling Symantec's reproduction cost.

    Portions include software under the following terms:
    ____________________________________________________

    This product includes technology licensed under U.S. Patent 5,987,611 from Check Point Software Technologies, Inc.
    ____________________________________________________

    This product includes software developed by the Apache Software Foundation <http://www.apache.org>. Copyright (C) 1999, 2000 The
    Apache Software Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification,
    are permitted provided that the following conditions are met:

    1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

    2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in
    the documentation and/or other materials provided with the distribution.

    3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment:

    "This product includes software developed by the Apache Software Foundation <http://www.apache.org/>."

    Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear.

    4. The names "Xerces", "The Jakarta Project", "Tomcat", and "Apache Software Foundation" must not be used to endorse or promote products
    derived from this software without prior written permission. For written permission, please contact .

    5. Products derived from this software may not be called "Apache" nor may "Apache" appear in their names without prior written permission
    of the Apache Software Foundation.

    THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
    TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

    ___________________________________________________

    This product includes software developed by the MX4J project (http://mx4j.sourceforge.net), copyright (C) 2001 MX4J. All rights reserved.
    Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

    1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

    2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation
    and/or other materials provided with the distribution.

    3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: "This product includes software
    developed by the MX4J project (http://mx4j.sourceforge.net)." Alternately, this acknowledgment may appear in the software itself, if and wherever such
    third-party acknowledgments normally appear.

    4. The names "MX4J" and "mx4j" must not be used to endorse or promote products derived from this software without prior written permission.
    For written permission, please contact biorn_steedom@users.sourceforge.net.

    5. Products derived from this software may not be called "MX4J", nor may "MX4J" appear in their name, without prior written permission of
    Simone Bordet.

    THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
    FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL CARLOS QUIROZ OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
    OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
    OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    ___________________________________________________________

    Copyright (C) 1995-2002 World Web Consortium, (Massachusetts Institute of Technology, Institut National de Recherche en Informatique et en
    Automatique, Keio University). All Rights Reserved. This program is distributed under the W3C's Intellectual Property License.
    This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
    FITNESS FOR A PARTICULAR PURPOSE. See W3C License at http://www.w3.org/Consortium/Legal/ for more details. This work (and included
    software, documentation such as READMEs, or other related items) is being provided by the copyright holders under the following license. By obtaining,
    using and/or copying this work, you (the licensee) agree that you have read, understood, and will comply with the following terms and conditions:
    ___________________________________________________________

    Permission to copy, modify, and distribute this software and its documentation, with or without modification, for any purpose and without fee or royalty is
    hereby granted, provided that you include the following on ALL copies of the software and documentation or portions thereof, including modifications:

    1. The full text of this NOTICE in a location viewable to users of the redistributed or derivative work.

    2. Any pre-existing intellectual property disclaimers, notices, or terms and conditions. If none exist, the W3C Software Short Notice should be
    included (hypertext is preferred, text is permitted) within the body of any redistributed or derivative code.

    3. Notice of any changes or modifications to the files, including the date changes were made. (We recommend you provide URIs to the location from which
    the code is derived.)

    THIS SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
    LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE
    ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.

    COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR DOCUMENTATION.

    The name and trademarks of copyright holders may NOT be used in advertising or publicity pertaining to the software without specific, written prior
    permission. Title to copyright in this software and any associated documentation will at all times remain with copyright holders.


13. Contact Information
Symantec Corporation provides a wide variety of service and Support programs. Contact Symantec at its web site: http://www.symantec.com/techsupp/



 



Legacy ID



2007100911595948


Article URL http://www.symantec.com/docs/TECH102611


Terms of use for this information are found in Legal Notices