New fixes and features in Symantec Endpoint Protection and Network Access Control 12.1.4.1 and 12.1.4.1a

Article:TECH216262  |  Created: 2014-03-31  |  Updated: 2014-04-17  |  Article URL http://www.symantec.com/docs/TECH216262
Article Type
Technical Solution


Issue



This document lists new fixes and features in Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Pack 1 (SEP 12.1.4.1), and in Maintenance Pack 1a (SEP 12.1.4.1a). This information supplements the information found in the Release Notes.


Solution



What's new in SEP 12.1.4.1a

SEP 12.1.4.1a contains remediation for the Heartbleed OpenSSL vulnerability. The release is otherwise identical to Symantec Endpoint Protection 12.1.4.1. Symantec Endpoint Protection 12.1.4.1a can be installed over any release of Symantec Endpoint Protection. For complete information, read Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)?

 

What's new in SEP 12.1.4.1

Extended upgrade support

  • Unlike most maintenance patch releases, you can upgrade any version of Symantec Endpoint Protection directly to 12.1.4.1. Unsupported downgrade paths still apply.

Expanded operating system support

  • The Symantec Endpoint Protection (SEP) client is now supported on Windows To Go (Windows 8.1 Enterprise).
  • Symantec Endpoint Protection Manager (SEPM), the SEP client, and the Symantec Network Access Control client are now supported on Windows 8.1 Update 1.
  • SEPM, the SEP client, and the Symantec Network Access Control client are now supported on Windows Server 2012 R2 Update 1.

 

New fixes in this release

 

Slow memory leak on Exchange 2003 server
Fix ID: 3123715
Symptom: Non-paged pool memory leaks on a computer running Microsoft Exchange 2003 because the pool tag TCim does not free memory allocations.
Solution: Resolved a memory leak in the SymTDI driver.
                                                
MediaProfile open error
Fix ID: 3135955
Symptom: A Symantec Endpoint Protection compatibility issue with external drives may cause applications to fail to load or to fail to process data correctly.
Solution: Updated the Auto-Protect driver to correctly handle file systems that do not support stream contexts.
 
Files mismatch after being restored from Quarantine Server
Fix ID: 3141798
Symptom: Restored files from the Quarantine Server Console do not match the original submission.
Solution: Updated restoration logic to allow Quarantine Server Console to successfully restore newer detections.
 
An applicaton is blocked from executing even after adding it to exception list
Fix ID: 3156409
Symptom: The Symantec Endpoint Protection client does not honor intrusion prevention exclusions as specified by the Symantec Endpoint Protection Manager policy.
Solution: Modified the client to process the exclusion list correctly.
  
ccSvcHst.exe terminates unexpectedly after changing connected network
Fix ID: 3165002
Symptom: The process ccSvcHst.exe terminates unexpectedly with error code 0xc0000005.
Solution: Resolved a variable initialization condition to prevent this exception.
 
HyperV traffic was blocked with Symantec Endpoint Protection Firewall enabled
Fix ID: 3181006
Symptom: The Symantec Endpoint Protection firewall blocks HyperV traffic.
Solution: Modified the loopback packet processing in the Teefer driver.
 
File transfer speeds between servers were reduced when SEP NTP is installed
Fix ID: 3198871
Symptom: With the Symantec Endpoint Protection firewall enabled, file transfer performance slows.
Solution: Implemented a kernel traffic cache in the Teefer driver to improve performance.
 
Application crashing randomly
Fix ID: 3216032
Symptom: The 32-bit .NET application terminates unexpectedly with Application and Device Control enabled.
Solution: Resolved an issue in the Sysplant driver.
 
Cannot connect to internet using 3G connection
Fix ID: 3241534
Symptom: 3G devices experience network connectivity issues.
Solution: Resolved an issue in the Teefer driver to improve connectivity with 3G devices.
 
Windows Server Backup fails on Windows 2012 Server
Fix ID: 3247411
Symptom: Attempted backups by Windows Server Backup fail with the following error: "Error in deletion of [C:\System Volume Information\EfaData\SYMEFA.DB] while pruning the target VHD: Error [0x80070020] The process cannot access the file because it is being used by another process."
Solution: Resolved an issue in the SymEFA driver to improve backups on Windows 8, Server 2012, and later operating systems.
 
Risk notification is blank
Fix ID: 3260792
Symptom: The Symantec Endpoint Protection Manager Risk Outbreak notification email body contains "Nothing to Report."
Solution: Resolved a problem with the alert ID processing for notifications.
 
Server Activity log contains "Unexpected Server Error"
Fix ID: 3271291
Symptom: Generating the "Server Activity Log" in the Symantec Endpoint Protection Manager returns "Unexpected Server Error." The log file contains the following message: “SEVERE: in: com.sygate.scm.server.task.ScheduledReportingHelper java.lang.Exception: HTTP -1 Moved Temporarily”
Solution: Modified the Symantec Endpoint Protection Manager to log the “Moved Temporarily” event as a WARNING in the server log file.
 
Computer Status Logs contains multiple entries
Fix ID: 3292362
Symptom: User Mode clients have more than one entry in the Computer Status log.
Solution: Added a distinct keyword to remove duplicated entries in the computer status log.
 
Registry data is not logged
Fix ID: 3297715
Symptom: The Application and Device Control client control log fails to log registry data, and only logs registry values.
Solution: Modified the control log to record the registry value data as well as the value in the description field.
 
Computer becomes unresponsive
Fix ID: 3314457
Symptom: The computer becomes unresponsive after the installation of Symantec Endpoint Protection 12.1.X.
Solution: Updated the Auto-Protect driver to prevent a deadlock.
 
Location switching does not work
Fix ID: 3316527
Symptom: Location switching does not function when configured with DNS lookup.
Solution: Resolved a case-sensitivity issue in the policy to better match the strings that the DNS server returns.
 
Autolocation switching is slow
Fix ID: 3320636
Symptom: Automatic location switching performance is slow when switching locations on Windows 7.
Solution: Updated the Symantec Endpoint Protection client with a newer API for Windows Vista and later operating systems.
 
Communication between client and server fails
Fix ID: 3327072
Symptom: The Symantec Endpoint Protection client is unable to communicate with Symantec Endpoint Protection Manager.
Solution: Addressed a race condition in the Symantec Endpoint Protection client that caused the client to deadlock.
 
High network usage
Fix ID: 3361218
Symptom: Client activity causes high network usage to the Symantec Endpoint Protection Manager computer.
Solution: Corrected an issue where clients continuously attempted reconnection to the manager until successful.
 
The Replication initiator is unresponsive
Fix ID: 3362685
Symptom: Replication does not finish if it is interrupted during the data transfer. The replication status shows "Downloading (10%)." Symantec Endpoint Protection Manager does not request replication with any other replication partners until a restart of the manager services.
Solution: Updated Symantec Endpoint Protection Manager with a configurable timeout to allow administrators to adjust the behavior. The default timeout is 4 minutes. Administrators may adjust the scm.replication.socket.timeout property in the conf.properties file as needed.
 
Client entries are removed
Fix ID: 3369462
Symptom: The Symantec Endpoint Protection Manager database removes client entries before the number of days specified in the domain properties.
Solution: Resolved by setting the last updated time to the current system time when an existing client registers with Symantec Endpoint Protection Manager.
 
System terminates unexpectedly with error 0x00000044
Fix ID: 3387614
Symptom: A crash (BSOD) with Bugcheck 44 references SRTSP64.SYS.
Solution: Modified the Auto-Protect driver to prevent an opportunistic lock (oplock) issue on Windows Vista and earlier operating systems.
 
Autogrowth size limit is reached with content revisions
Fix ID: 3394104
Symptom: The SEP5_CONTENT table Autogrowth maximum file size no longer accommodates 30 content revisions.
Solution: Increased the maximum file size of the SEM5_CONTENT table for SQL database types.
 
SMC.exe terminates unexpectedly when applying LU policy
Fix ID: 3402598
Symptom: The process SMC.exe terminates unexpectedly when applying a LiveUpdate policy with a Group Update Provider. This issue only affects the Polish version of Symantec Endpoint Protection.
Solution: Resolved a malformed string in the policy processing logic.
 
Exchange servers responding intermittently
Fix ID: 3402776
Symptom: Microsoft Exchange servers intermittently become unresponsive with Symantec Endpoint Protection installed.
Solution: Resolved a potential deadlock issue in the SymEFA driver.
 
Library unloading issue causes memory leak
Fix ID: 3411531
Symptom: Application and Device Control prevents the Microsoft dynamic link library msobjs.dll from unloading.
Solution: Updated the Application and Device Control driver (sysplant.sys) to be more robust when processing section images.
 
Home Page does not update
Fix ID: 3426469
Symptom: The Symantec Endpoint Protection Manager display on the Home tab for “Latest on Manager” does not update correctly for virus definitions.
Solution: Updated the date comparison logic when writing the latest version to the database.
 
Reboot prompt does not show the correct information
Fix ID: 3429539
Symptom: When the client computer displays a prompt to reboot, the prompt does not display the information that is defined in the Client Install Settings. The client computer also does not reboot as expected.
Solution: Fixed an issue that resulted in the display of incorrect information and prevented the subsequent reboot.
 
Location switching results in incorrect policy
Fix ID: 3436888
Symptom: A partial match on location names cause the incorrect policies to apply when the client switches locations.
Solution: Fixed an issue where the Symantec Endpoint Protection client did not compare location names correctly.
 
A file in system folder could not be scanned
Fix ID: 3445854
Symptom: Unable to scan files in the Windows System32 folder with the context menu option Scan for Viruses.
Solution: Corrected an issue where a redirection did not close properly when using a Windows API.
 


Component versions in this release

Component Version
AV Engine 20131.1.5.61
AutoProtect 14.5.2.22
BASH Defs 8.1.1.2
BASH Framework 7.0.0.226
CC 12.3.5.3
CIDS Defs 12.0.5.3
CIDS Framework 11.1.0.73
ConMan 1.1.1.10
D2D 1.2.0.3
D2D_13 1.3.0.3
DecABI 2.3.1.1
DefUtils 4.8.1.4
DuLuCallback 1.5.0.69
ECOM 131.1.5.61
ERASER 113.1.3.12
IRON 3.2.3.7
LiveUpdate 2.2.2.3
MicroDefs 3.6.0.79
SIS 12.1.4013.4013
SymDS 2.3.0.20
SymEFA 4.3.2.6
SymELAM 1.0.3.17
SymEvent 12.9.5.3
SymNetDrv 13.1.3.3
SymVT 5.3.0.25
WLU (Symantec Endpoint Protection Manager) 3.3.100.15

 

 




Article URL http://www.symantec.com/docs/TECH216262


Terms of use for this information are found in Legal Notices