Video Screencast Help

Endpoint 12.1 safe to push out?

Created: 06 Jul 2011 • Updated: 08 Jul 2011 | 9 comments
This issue has been solved. See solution.

I just made new summer images for a few hundred workstations using the client for Symantec Endpoint Protection 11.0.6300.803 and I'm almost done pushing them out.  Now that 12.1 is out, I'm wondering if I should start over on my images or if I can safely upgrade the Manager to 12.1 and push the new clients out.  Normally, I'd just push the clients out from the manager but I can't figure out if it's any different this time around since this is an entirely new version.

Thanks! :-)

Comments 9 CommentsJump to latest comment

iamadmin's picture

From our perspective, we typically wait untill the first MP is released before rolling a new version out to production.

That said, here are some things to think about.

1) Wait a week and watch the forums closely before making any production jump.

2) Just because 12.1 was released, doesn't mean that you need it...RU7 is coming too.

3) The only reason I would jump right away to 12.1 is if there are features (64bit ADC) that you have been itching for and need to get implemented ASAP (us) sad.

Just my .02

Hope this helps,

-Mike

SOLUTION
Paul Murgatroyd's picture

there are lots of good things going for SEP12.1, not just 64 bit app and device control, but SONAR, Insight, all the performance improvements, etc.

As Mike says, you really have to make that decision yourself, but I can tell you that so far its been a good release - we have over 10,000 clients installed in Symantec with the SEPM running for over a month with no issues, in addition, we have thousands of clients deployed at our customer sites already with very few issues.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

iamadmin's picture

SEP 12.1 offers a variety of new features that we will all benefit from...I can say for sure that we will be upgrading sometime soon.

I just upgraded our Beta 12.1 Server to the full 12.1.671.4971 release today, and so far the only issue we've seen is with Tamper Protect not allowing the beta 12.1.601 clients to be upgraded (auto upgrade via the console) to 12.1.671.

Starts the install, asks for a reboot, reboots and then rolls back the install. Checking the event logs, they are littered with Tamper Protect events and events that the SMC service has unexpectedly stopped.

Still t-shooting that one...

-Mike

Paul Murgatroyd's picture

Mike, do you have more information on the tamper protection logs?

We have done that upgrade thousands of times here at Symantec with no issues.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

iamadmin's picture
Computer User Action Taken Object Type Event Actor Target Target Process Date and Time
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\sysfer.dll (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\sysferThunk.dll (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SysPlant.sys (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\syDvCtrl.Inf (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SyDvCtrl64.sys (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\sysfer.dll (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\sysferThunk.dll (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IDSAux.dll (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IPSFFPl.dll (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IPS\IPSBHO.dll (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\IPS\IDSSettg.dat (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SPManifests\cids.grd (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SPManifests\cids.sig (PID 0)  (PID 0) 7/6/2011 10:32
My Server Me Blocked File Open C:\WINDOWS\EXPLORER.EXE (PID 4688) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SPManifests\cids.spm (PID 0)  (PID 0) 7/6/2011 10:32
My Server SYSTEM Blocked File Open C:\WINDOWS\SYSTEM32\MSIEXEC.EXE (PID 5572) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\sysfer.dll (PID 0)  (PID 0) 7/6/2011 10:33
My Server SYSTEM Blocked File Open C:\WINDOWS\SYSTEM32\MSIEXEC.EXE (PID 5572) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\sysferThunk.dll (PID 0)  (PID 0) 7/6/2011 10:33
My Server SYSTEM Blocked File Open C:\WINDOWS\SYSTEM32\MSIEXEC.EXE (PID 5572) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IDSAux.dll (PID 0)  (PID 0) 7/6/2011 10:33
My Server SYSTEM Blocked File Open C:\WINDOWS\SYSTEM32\MSIEXEC.EXE (PID 5572) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\IPSFFPl.dll (PID 0)  (PID 0) 7/6/2011 10:33

-Mike

iamadmin's picture

It's nice of you to ask for more information Paul, but your a busy guy and I can call in a support request like everyone else...

Faulting application name: Smc.exe, version: 12.1.601.4699, time stamp: 0x4db231f1
Faulting module name: MSVCR90.dll, version: 9.0.30729.4940, time stamp: 0x4ca2e32e
Exception code: 0x40000015
Fault offset: 0x0000000000042686
Faulting process id: 0xf98
Faulting application start time: 0x01cc3bf9f579c62c
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\Smc.exe
Faulting module path: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
Report Id: a42dab5c-a7ed-11e0-a5c0-0050568900a3

and

Faulting application name: Smc.exe, version: 12.1.601.4699, time stamp: 0x4db231f1
Faulting module name: SfMan.plg, version: 12.1.601.4699, time stamp: 0x4db2320d
Exception code: 0xc0000005
Fault offset: 0x000000000000d3c2
Faulting process id: 0xe80
Faulting application start time: 0x01cc3bf12ba5c7c6
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\Smc.exe
Faulting module path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SfMan.plg
Report Id: cc935857-a7ea-11e0-a5c0-0050568900a3

-Mike

Paul Murgatroyd's picture

Hi Mike,

So I spoke to engineering.  We are aware of this issue - its as a result of the way in which the removal is called for the BETA2 product.

The best advice I can give you at the moment would be to disable tamper protection on your beta2 clients before upgrading them, then all should work well.

Hopefully you dont have too many to upgrade!

For this one you may have to manually uninstall and then install the RTM version.

Let me know if you need assistance removing the beta2 build.

thanks

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

iamadmin's picture

I didn't see anything in the release notes/upgrade documentation regarding uninstalling beta clients first...I probably just missed it.

You are correct, we have less than 20 clients connected to the beta server, so manually upgrading them will be trivial.

Have a great day Paul and thanks for being so involved in these forums, your efforts truly set Symantec apart from the competitors.

Sorry to hijack your thread Krickly...hopefully you're still getting something out of this exchange...

-Mike

Idimple's picture

Hello,.

Please check out the below link for more information on Endpoint protection 12.1

Installation and Migration Documents for Symantec Endpoint Protection 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH163707&key=54619

 

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)