Endpoint Protection

 View Only

  • 1.  Endpoint 12.1 safe to push out?

    Posted Jul 06, 2011 11:50 AM

    I just made new summer images for a few hundred workstations using the client for Symantec Endpoint Protection 11.0.6300.803 and I'm almost done pushing them out.  Now that 12.1 is out, I'm wondering if I should start over on my images or if I can safely upgrade the Manager to 12.1 and push the new clients out.  Normally, I'd just push the clients out from the manager but I can't figure out if it's any different this time around since this is an entirely new version.

    Thanks! :-)



  • 2.  RE: Endpoint 12.1 safe to push out?
    Best Answer

    Posted Jul 06, 2011 12:26 PM

    From our perspective, we typically wait untill the first MP is released before rolling a new version out to production.

    That said, here are some things to think about.

    1) Wait a week and watch the forums closely before making any production jump.

    2) Just because 12.1 was released, doesn't mean that you need it...RU7 is coming too.

    3) The only reason I would jump right away to 12.1 is if there are features (64bit ADC) that you have been itching for and need to get implemented ASAP (us) sad.

    Just my .02

    Hope this helps,

    -Mike



  • 3.  RE: Endpoint 12.1 safe to push out?

    Posted Jul 06, 2011 12:39 PM

    there are lots of good things going for SEP12.1, not just 64 bit app and device control, but SONAR, Insight, all the performance improvements, etc.

    As Mike says, you really have to make that decision yourself, but I can tell you that so far its been a good release - we have over 10,000 clients installed in Symantec with the SEPM running for over a month with no issues, in addition, we have thousands of clients deployed at our customer sites already with very few issues.



  • 4.  RE: Endpoint 12.1 safe to push out?

    Posted Jul 06, 2011 01:06 PM

    SEP 12.1 offers a variety of new features that we will all benefit from...I can say for sure that we will be upgrading sometime soon.

    I just upgraded our Beta 12.1 Server to the full 12.1.671.4971 release today, and so far the only issue we've seen is with Tamper Protect not allowing the beta 12.1.601 clients to be upgraded (auto upgrade via the console) to 12.1.671.

    Starts the install, asks for a reboot, reboots and then rolls back the install. Checking the event logs, they are littered with Tamper Protect events and events that the SMC service has unexpectedly stopped.

    Still t-shooting that one...

    -Mike



  • 5.  RE: Endpoint 12.1 safe to push out?

    Posted Jul 06, 2011 01:14 PM

    Mike, do you have more information on the tamper protection logs?

    We have done that upgrade thousands of times here at Symantec with no issues.



  • 6.  RE: Endpoint 12.1 safe to push out?

    Posted Jul 06, 2011 01:19 PM
    Computer User Action Taken Object Type Event Actor Target Target Process Date and Time
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\sysfer.dll (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\sysferThunk.dll (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SysPlant.sys (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\syDvCtrl.Inf (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SyDvCtrl64.sys (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\sysfer.dll (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\sysferThunk.dll (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IDSAux.dll (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IPSFFPl.dll (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IPS\IPSBHO.dll (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\IPS\IDSSettg.dat (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SPManifests\cids.grd (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SPManifests\cids.sig (PID 0)  (PID 0) 7/6/2011 10:32
    My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SPManifests\cids.spm (PID 0)  (PID 0) 7/6/2011 10:32
    My Server SYSTEM Blocked File Open C:\WINDOWS\SYSTEM32\MSIEXEC.EXE (PID 5572) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\sysfer.dll (PID 0)  (PID 0) 7/6/2011 10:33
    My Server SYSTEM Blocked File Open C:\WINDOWS\SYSTEM32\MSIEXEC.EXE (PID 5572) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\sysferThunk.dll (PID 0)  (PID 0) 7/6/2011 10:33
    My Server SYSTEM Blocked File Open C:\WINDOWS\SYSTEM32\MSIEXEC.EXE (PID 5572) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IDSAux.dll (PID 0)  (PID 0) 7/6/2011 10:33
    My Server SYSTEM Blocked File Open C:\WINDOWS\SYSTEM32\MSIEXEC.EXE (PID 5572) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IPSFFPl.dll (PID 0)  (PID 0) 7/6/2011 10:33

    -Mike



  • 7.  RE: Endpoint 12.1 safe to push out?

    Posted Jul 06, 2011 01:27 PM

    It's nice of you to ask for more information Paul, but your a busy guy and I can call in a support request like everyone else...

    Faulting application name: Smc.exe, version: 12.1.601.4699, time stamp: 0x4db231f1
    Faulting module name: MSVCR90.dll, version: 9.0.30729.4940, time stamp: 0x4ca2e32e
    Exception code: 0x40000015
    Fault offset: 0x0000000000042686
    Faulting process id: 0xf98
    Faulting application start time: 0x01cc3bf9f579c62c
    Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\Smc.exe
    Faulting module path: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
    Report Id: a42dab5c-a7ed-11e0-a5c0-0050568900a3

    and

    Faulting application name: Smc.exe, version: 12.1.601.4699, time stamp: 0x4db231f1
    Faulting module name: SfMan.plg, version: 12.1.601.4699, time stamp: 0x4db2320d
    Exception code: 0xc0000005
    Fault offset: 0x000000000000d3c2
    Faulting process id: 0xe80
    Faulting application start time: 0x01cc3bf12ba5c7c6
    Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\Smc.exe
    Faulting module path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SfMan.plg
    Report Id: cc935857-a7ea-11e0-a5c0-0050568900a3

    -Mike



  • 8.  RE: Endpoint 12.1 safe to push out?

    Posted Jul 06, 2011 01:47 PM

    Hi Mike,

    So I spoke to engineering.  We are aware of this issue - its as a result of the way in which the removal is called for the BETA2 product.

    The best advice I can give you at the moment would be to disable tamper protection on your beta2 clients before upgrading them, then all should work well.

    Hopefully you dont have too many to upgrade!

    For this one you may have to manually uninstall and then install the RTM version.

    Let me know if you need assistance removing the beta2 build.

    thanks



  • 9.  RE: Endpoint 12.1 safe to push out?

    Posted Jul 06, 2011 02:23 PM

    I didn't see anything in the release notes/upgrade documentation regarding uninstalling beta clients first...I probably just missed it.

    You are correct, we have less than 20 clients connected to the beta server, so manually upgrading them will be trivial.

    Have a great day Paul and thanks for being so involved in these forums, your efforts truly set Symantec apart from the competitors.

    Sorry to hijack your thread Krickly...hopefully you're still getting something out of this exchange...

    -Mike



  • 10.  RE: Endpoint 12.1 safe to push out?

    Posted Jul 07, 2011 01:02 AM

    Hello,.

    Please check out the below link for more information on Endpoint protection 12.1

    Installation and Migration Documents for Symantec Endpoint Protection 12.1

    http://www.symantec.com/business/support/index?page=content&id=TECH163707&key=54619