Symantec Endpoint Protection 11.0 and 12.0 Small Business Edition clients do not update Intrusion Prevention Signatures
|Article:TECH196871|||||Created: 2012-09-18|||||Updated: 2012-09-18|||||Article URL http://www.symantec.com/docs/TECH196871|
Due to this issue, Symantec Endpoint Protection (SEP) clients will not update content beyond the initial affected download and IPS will not run correctly, impacting network threat detection. Additional layers of protection, such as Antivirus, Antispyware, and Proactive Threat Protection, are not affected.
SEP clients affected:
SEP clients that receive content directly from Symantec LiveUpdate or a LiveUpdate Administrator
SEP clients receiving updates via third-party system management products
SEP versions affected:
SEP 11.0: RU5 and higher
SEP 12.0 SBE: All versions
SEP versions and clients NOT affected:
SEP 11.0 RTM to MR4-MP2
SEP 12.1 : All versions
Any client that receives content only from SEPM or GUP
Clients that receive content only from a SEPM or a GUP are not affected, as SEPM file processing removes the attribute change.
Affected clients display IPS content between 2012-09-06 rev. 002 and 2012-09-12 rev. 001 on either the SEP client or SEPM, despite updated content being available. For affected clients, the IPS protection service does not run correctly, impacting network threat detection.
A client that fails over to a LiveUpdate server during this timeframe will receive the affected content and will not be further updated by the Symantec Endpoint Protection Manager.
Intrusion Prevention updates that were released on September 18th, 2012 or later, dated 2012/09/16 rev. 002 or higher, remediate the attribute on almost all configurations. Administrators with configurations listed below can check their clients by searching in SEPM for clients that use an old IPS version.
Clients that consistently receive updates from a LiveUpdate server will receive the content update that will correct their configuration automatically.
Clients that use both LiveUpdate and Symantec Endpoint Protection Manager for content can be corrected by running LiveUpdate to a Symantec LiveUpdate server or to a LiveUpdate Administrator. This can be done from the management console by executing the "run LiveUpdate now" command. Once the client has received affected content from LiveUpdate, they will not be repaired until they run LiveUpdate again – the Symantec Endpoint Protection Manager will not distribute the fix.
Article URL http://www.symantec.com/docs/TECH196871