New fixes and features in Symantec Endpoint Protection 12.1 Release Update 2 Maintenance Pack 1

Article:TECH204685  |  Created: 2013-04-03  |  Updated: 2013-05-24  |  Article URL http://www.symantec.com/docs/TECH204685
Article Type
Technical Solution


Issue



This document lists new fixes and features in Symantec Endpoint Protection 12.1 Release Update 2 Maintenance Pack 1 (SEP 12.1 RU2 MP1) and Symantec Network Access Control 12.1 Release Update 2 Maintenance Pack 1. This information supplements the information found in the Release Notes.


Solution



Top Impacting Issues Resolved in this Release

 
LiveUpdate is unable to decompress the virus definition updates despite ample room on the system
Fix ID: 2847004
Symptom: Symantec Endpoint Protection client will run LiveUpdate and successfully download updated content, but occasionally cannot apply the updates.  “Decompression failed for package…” errors appear in the lue.log files.
Solution: The updated LiveUpdate Express included in RU2 MP1 updates the decompression process to use less memory, which allows the extraction to occur.
                                                                                                                                                                                    
Computer hangs when using a modem after installing Symantec Endpoint Protection firewall
Fix ID: 2885077
Symptom: With Symantec Endpoint Protection client firewall installed, any time a system attempts to connect via modem, the machine hangs.
Solution: Configured Teefer to be more backwards compatible with NDIS 4 and 5.0 packet allocation.
 
Definition out of date warning pops up every minute
Fix ID: 2949164
Symptom: When client definitions are older than the configured timeframe by the administrator, the out-of-date warning appears every minute.
Solution: Updated the out-of-date content checks to properly alert at system start, service restart, and user log off/log on.
 
Systems are unable to connect to the network using 3G USB cards after installing Symantec Endpoint Protection firewall
Fix ID: 2949361
Symptom: Certain USB 3G cards require the configuration of extensive protocols to allow network traffic to pass through the firewall.
Solution: Updated Teefer to allow for traffic missing certain header components to be processed.
 
Installing any Symantec Endpoint Protection package without the firewall disables Windows Firewall
Fix ID: 3063585
Symptom:  After installing Symantec Endpoint Protection with a configuration that installs only Virus and Spyware or Proactive Threat Protection, the application still disables the Windows Firewall.
Solution: Updated the installer conditions to properly recognize previously stored Windows Firewall states and the install or removal of Symantec Endpoint Protection firewall components.
 
Migration from Symantec Endpoint Protection 11.0.5 or higher to Symantec Endpoint Protection 12.1 RU2 and removing Network Threat Protection causes network instability
Fix ID: 3063813
Symptom: When upgrading from a later version of Symantec Endpoint Protection with the firewall component installed to a Symantec Endpoint Protection 12.1 RU2 install package without the firewall, the network may not load upon reboot.
Solution: Updated the migration mechanism for removing Teefer3 components from prior Symantec Endpoint Protection versions during the firewall uninstall.
 
 

All Resolved Issues

 
Installing Symantec Endpoint Protection firewall on an 8-core system causes SMB2 traffic to transfer slower
Fix ID: 2739448
Symptom: After installing the Symantec Endpoint Protection firewall to an 8-core computer, the time to transfer large files using SMB2 is approximately twice as long.
Solution: The Symantec Endpoint Protection client firewall was modified to enhance buffer management to allow for faster processing and to ensure proper packet ordering.
 
Microsoft DirectAccess VPN does not function with Symantec Endpoint Protection firewall
Fix ID: 2879077
Symptom: After installing the Symantec Endpoint Protection firewall, clients fail to connect to the domain servers using Microsoft DirectAccess VPN tunnel.
Solution: Updated Teefer to properly filter packets being passed without ether headers or filter flags.
 
AgentSweepingTask fails to clean the SEM_CONTENT table, leading to replication issues
Fix ID: 2956524
Symptom: Symantec Endpoint Protection Manager replication fails, and the AgentSweepingTask logs contain reported deadlocks. Multiple applications or processes attempting to access the database at the same time appear to trigger these deadlocks.
Solution: Added additional retries and failsafes to ensure that the AgentSweepingTask is given a higher priority in the event of multiple failures and failed retries to ensure it can run.
 
When Startup Scans run on a client previously migrated from SAV 10.x, users get messages saying they have a tracking cookie
Fix ID: 2959797
Symptom: On a client that had previously had Symantec AntiVirus 10.x installed and was upgraded to Symantec Endpoint Protection 11 or 12, the client will report a tracking cookie during a non-existent start up scan.
Solution: Updated the migration code initialized during a Symantec AntiVirus 10 upgrade to convert the QuickScan data to a properly configured Active Scan.
 
Bugcheck 7E after installing Symantec Endpoint Protection
Fix ID: 2968284
Symptom: After installing Symantec Endpoint Protection, the very first reboot causes a BSOD referencing SRTSP64.sys.  A reinstall of Symantec Endpoint Protection resolves the issue.
Solution: Addressed a timing issue in the AutoProtect component that could cause a lock allocation failure.
 
User does not apply policy from proper group when using fast user switching
Fix ID: 2994099
Symptom: After Symantec Endpoint Protection installs in user mode, when users opt to switch users instead of logging off and on, the previous user’s policy can sometimes still be in affect. 
Solution: Updated the Symantec Endpoint Protection client to properly recognize the actively logged in user and apply the proper policy.
 
Clients report to the Symantec Endpoint Protection Manager as offline, even though they are online
Fix ID: 3002170
Symptom: Clients will randomly report into the Symantec Endpoint Protection Manager as offline, even though they are actively online and available.
Solution: Updated the client USN management to properly update the client status in the Symantec Endpoint Protection Manager reports.
 
Server is unresponsive after installing Symantec Endpoint Protection 12.1
Fix ID: 3027951
Symptom: After installing Symantec Endpoint Protection 12.1 and rebooting, the server occasionally stops responding. A review of the memory dump shows an oplock on virscan7.dat.
Solution: Updated AutoProtect to properly read the virus definition files to avoid any thread blocks.
 
Symantec Endpoint Protection 12.1 RU2 Clients are not updating definitions from the LiveUpdate Administrator server via HTTP
Fix ID: 3055342
Symptom: When using basic authentication, the clients are failing to download content from the LiveUpdate Administrator server. The authentication is in “domain\user” format.
Solution: Updated LiveUpdate Express to properly identify basic and NTLM authentication schemes.
 
 

Component versions

AutoProtect
14.3.0.32
AutoProtect Driver
14.3.0.31
AV Engine
20121.3.0.76
AV Engine Driver
20121.3.0.76
BASH Defs
7.6.0.7
BASH Defs Driver
7.6.0.7
BASH Framework
7.0.0.226
CIDS Defs
11.2.0.8
CIDS Defs Driver
11.1.1.5
CIDS Framework
11.1.0.73
Common Client
12.1.1.5
DecABI
2.3.0.22
DefUtil
4.6.1.11
DuLuCallback
1.5.0.69
ECOM
121.3.0.78
ERASER
112.2.0.13
ERASER Driver
112.2.0.13
Iron
3.1.1.3
Iron Driver
3.1.0.11
LiveUpdate (server)
3.3.100.15
LiveUpdate Engine (client)
2.2.1.7
MicroDefs
3.6.0.79
SymDS
2.1.1.9
SymEFA
4.1.1.10
SymEFA Driver
4.1.1.9
SymEvent
12.9.3.2
SymEvent Driver
12.9.3.1
SymNetDrv
13.1.0.8
SymNetDrv Driver
13.1.0.7

 

 




Article URL http://www.symantec.com/docs/TECH204685


Terms of use for this information are found in Legal Notices