Lot of Fixed Avail
http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US
Auto-Protect and Scheduled Scan (ERASER) behave differently on risk detection
Fix ID: 2030979
Symptom: When scan actions are set to first "Clean Risk" and second "Quarantine", a scheduled scan Quarantines risks while Auto-Protect deletes them.
Solution: Actions taken by Auto-Protect are now the same as the actions taken by a manual or scheduled scan.
Files re-detected during Defwatch scan
Fix ID: 2067778
Symptom: DWHxxxx.tmp files are being re-detected when Defwatch scan is running.
Solution: Fixed some scan issues, making the scan faster. Also created a separate folder to rescan Quarantine items that can be used to create exceptions.
Client Security Alert Notifications do not contain data
Fix ID: 2100605
Symptom: Client Security Alert Notifications appear with no data.
Solution: Expected data was not returned upon a query. Fixed the query.
Cluster Server becomes non-responsive
Fix ID: 2228502
Symptom: Cluster Server becomes non-responsive when the server transitions from one node to another.
Solution: Moved the query of the mounted directory of the module out of the network traffic data checking cycle.
smc.exe crashes when large number of locations are configured
Fix ID: 2235166
Symptom: smc.exe crashes while doing autolocation switch by accessing invalid address within released object.
Solution: Fixed the problem maintaining the hash table of DNS host entries.
Database becomes corrupted
Fix ID: 2248662
Symptom: Database becomes corrupted after replication.
Solution: If an exception occurs while adding a group in the User interface, SEPM removes the group from Cache before the next save.
Cancelling sending Internet email with a large attachment file when Internet Email Auto-Protect is enabled causes the attachment file to be broken
Fix ID: 2249511
Symptom: When a user cancels sending email with Internet Email Auto-Protect enabled from Windows Mail (SMTP/POP3 mailer) while the mailer is sending the message, the message gets sent to the address although it is cancelled. If the mail has attachment files of large size, the attachment arrives broken.
Solution: Changed to correctly handle the situation when a cancel command comes in while data is being prepared.
Differences in number of scanned files between Administrator and Users
Fix ID: 2282822
Symptom: The number of files scanned as Domain Administrator and Domain User is different.
Solution: Created a new folder, DecTemp, with rights to everyone so that the compressed files can be scanned via Decomposer.
APQxxxx.tmp files are being re-detected by scheduled or manual scan.
Fix ID: 2326228
Symptom: Threats detected by Auto-Protect are not added to Quarantine, and an infected APQxxxx.TMP file is left behind.
Solution: Corrected the error handling when failure occurs.
Error handling in case of Auto-Protect detected threats
Fix ID: 2344862
Symptom: If Quarantine folder access is blocked, scan results say Quarantine Successful, and (infected) APQxxxx.TMP file is left behind.
Solution: Detect the problem, log the related information, and delete the APQxxxx.TMP file.
SEPM does not create deltas in time
Fix ID: 2379262
Symptom: SEPM cannot create deltas quickly enough to satisfy large numbers of requests. The server gets multiple requests for the same delta, causing it to spend more time handling these requests. This takes away from actually creating the delta.
Solution: Added a delta request hash table to Secars. It will hold a list of pending requests and only send new requests to SEPM.
Clients cannot connect to server after performing threat tests
Fix ID: 2380290
Symptom: Server connectivity is lost after performing tests.
Solution: Reset the blocking flag after a connection is closed and set a limitation to SEP firewall TCP and UDP session.
Live Update fails
Fix ID: 2401024
Symptom: Event 1001 & 1004 occur, and LiveUpdate fails after deleting the old data folder.
Solution: Fixed a problem involving the Windows registry caused by the Windows Installer health check and self-repair.
'Scheduled Scan when user not logged in' is performed even after Administrator disallows it
Fix ID: 2407550
Symptom: The user-defined scheduled scan when no users are logged in is performed even when it is disabled through Anti policy.
Solution: Disable the corresponding “Perform the scheduled scan even when no users are logged on” option in UI.
Scan runs twice
Fix ID: 2409368
Symptom: Schedule scan runs 3 minutes after the last missed scheduled scan completes.
Solution: Fixed an issue where incorrect information was added into the registry key.
Quarantine server fails to connect to gateway.dis.symantec.com to submit files or download new definitions
Fix ID: 2419298
Symptom: Quarantine server 3.6 does not pass credentials for firewall/proxy that is configured in quarantine server console.
Solution: Added additional code to handle authentication needed by proxy (resolves error 407).
SEP cannot control Windows Firewall
Fix ID: 2419842
Symptom: Windows Firewall is enabled if IP address is renewed/released.
Solution: Added code to detect whether SEP firewall has been enabled on Win7/2008R2 and if not will retry to enable it. Also added code to deal with a very rare case where a call failed on Win7/2008R2 if the network service is not ready and the call returns a non-failure code.
PTP is off with "Waiting for updates" status
Fix ID: 2426074
Symptom: When updating the PTP definition, RUNDLL32.EXE fails to find the "Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.dll" path.
Solution: Enhanced DIS engine to check for Short File Name to Long File Name conversion behavior setting.
Scan of USB drive does not pop up with scan window
Fix ID: 2438735
Symptom: If a USB drive is attached to the system and the file system within it is empty, the right click scan does not do anything.
Solution: Added error handling to deal with this case and show appropriate error dialog window.
Client cannot communicate with SEPM because SMC hangs
Fix ID: 2441903
Symptom: SMC hangs when receiving new AV commands, if it is processing some AV commands at the time.
Solution: Make a local copy of command list before releasing a plug-in lock. This prevents the hang.
Cisco's VPN does not work when selected
Fix ID: 2450673
Symptom: When Location Criteria > Network Connection Type is set to [Cisco VPN], Cisco's VPN does not work.
Solution: There is a known limitation where "connection type = Cisco VPN" doesn't work with Cisco AnyConnect. The customer can use "NIC description" and "DNS suffix rule" as a workaround to this limitation.
Script error message appears in Java remote console
Fix ID: 2486836
Symptom: In French language SEPM, a script error message appears in Java remote console > Monitors > Logs/Reports.
Solution: Escape all single quotes in a text message passed as an input parameter to a JavaScript function.
Location specific Liveupdate policies are not correctly set
Fix ID: 2488603
Symptom: When "Remember Last Location" is disabled, location-specific Liveupdate policies are not correctly set at boot time.
Solution: First do checking, comparing and updating of the policy hash. After that, if it is the first time, force a policy update. Otherwise, perform the update based on the return value of the initial checking.
Scheduled report of Application and Device Control shows no data
Fix ID: 2510697
Symptom: When SEPM sends the Scheduled Report for Application and Device Control, only the "Default" filter shows data. When using the "Custom" filter, the data is reported as "No Data."
Solution: An incorrect filter was used when using customized filter. Fixed it.
Installation of SEP 11 causes Lotus Notes plug-in to crash
Fix ID: 2513096
Symptom: Lotus Notes Plug-in crashes causing user-specific Notes data directories not to be created.
Solution: Some internal pointers were not correctly initialized. Fixing this resolves the issue.
SEPM "unknown exception: 0x10010000" error: com.sygate.scm.server.task.TelemetrydataTask, referencing HTTP 409 conflict
Fix ID: 2513174
Symptom: SEPM generates this error frequently: "unknown exception: 0x10010000".
Solution: Provide an exception handler for a HTTP error that was previously not handled correctly.
Windows Security Center reports that virus protection is Off
Fix ID: 2517760
Symptom: Windows Security Center reports that virus protection is off when definitions are loaded.
Solution: During the definition update, the 'Virus Protection' status is not updated. Fixed.
Java app loses connection with SEP installed
Fix ID: 2519427
Symptom: The application downloads .jar files on startup to function. Downloads are never completed.
Solution: Increased the internal buffer cache to avoid this issue.
SMC Fault : IdsTrafficPipe!ParseString
Fix ID: 2525143
Symptom: Smc.exe crashes when applying a new custom IPS library.
Solution: Changed code to safely exit the string delimiter when reaching the end of the string.
Web console does not work correctly when using SSL and Self-signed certificates
Fix ID: 2525234
Symptom: Host name is converted to IP Address in web console upon login.
Solution: Removed the code that specifically converted hostname to IP address for web console during login.
Configured scans are not printed correctly
Fix ID: 2525405
Symptom: The "doscan /list" command does not print the configured scans correctly.
Solution: Set Locale correctly and convert the Unicode scan name data to the appropriate character set.
Smc.exe takes up CPU during idle time
Fix ID: 2525510
Symptom: Very high CPU usage on any computer with many TDI connections known to wpsdrvnt.
Solution: Optimize the code to improve performance.
"Security Risk found" message is not recorded in Windows application event log
Fix ID: 2525521
Symptom: When an infected file within a zip archive is scanned and the file path length is more than 26 bytes, an event ID 51 "Security Risk Found!" is not recorded in the Windows application event log.
Solution: Fixed the parsing of the log events before it adds the entry to the event log.
User-specific notes directories are not created
Fix ID: 2526318
Symptom: Lotus Notes Plug-in crashes, causing user-specific Notes data directories not to be created.
Solution: Some Internal pointers were not properly initialized. Fixing this resolves the issue.
Unable to install SEP
Fix ID: 2527479
Symptom: Installation rolls back during the configuring services stage.
Solution: Fixed the error with buffer overrun that causes installation to be rolled back.
Client can't come back to the previous Group Update Provider (GUP) if it has already been shut down
Fix ID: 2531477
Symptom: If there are two GUPs, A and B, where A is off and B is on, clients will download from GUP B. iF B is turned off and A is turned on, the client insists on downloading from B and does not try A again.
Solution: If the end of the list is reached, reset the GUP to "NO_RESPONSE" status. Then in the next try, Sylink will iterate from the start.
Modification date of Notes document is changed while Notes Auto-Protect is enabled
Fix ID: 2534512
Symptom: When an attachment file is opened, it is scanned, even though the Notes document has not been updated or the virus definition has not been updated since the last scan for the temporary file.
Solution: Improved the bookkeeping function on when an attachment is scanned, so that the plug-in skips the file next time if it remains unchanged.
Enforcer groups become corrupted after a policy export/import, if replication is used
Fix ID: 2536571
Symptom: Enforcer groups become corrupted after policy export/import and replication, with an "unexpected exception" error. DBvalidator errors exist.
Solution: Use the existing Enforcer policy object reference when importing the policy, since the same object reference exists in the remote partner.
Error message after upgrading from SEP11
Fix ID: 2551819
Symptom: Issues when restarting the system. Error message "The Extend WG Protocol Driver service failed to start due to the following error: The system cannot find the file specified."
Solution: Fixed an issue with updating a registry entry (both 32bit and 64bit).
SEP Firewall blocks USB-over-wireless traffic
Fix ID: 2556466
Symptom: Wireless mouse interoperability problem with SEP Firewall.
Solution: Added default firewall rules to allow for client control mode and USB over IEEE802.
Sustained SMC.exe CPU utilization on virtualized Windows 2003 32-Bit Citrix XenApp terminal
Fix ID: 2559467
Symptom: Very high CPU usage on any machine with many TDI connections known to wpsdrvnt.
Solution: Better handling of how simultaneous calls are prioritized and processed.
Custom Application Control rule in place with test mode causes blue screen crash
Fix ID: 2559560
Symptom: Enabling a custom rule to block access to VPN configuration files in test mode only causes random crashes.
Solution: The process information list was damaged. The issue was resolved by adding a lock when doing process information updates.
Incorrect count of computers with out-of-date IPS and total computer count
Fix ID: 2559712
Symptom: From the Security status detail, the count of IPS out-of-date is more than the SEP endpoints that included the NTP feature.
Solution: Clients that do not have the Firewall feature are excluded.
ScanDuration DWORD value is not removed from registry when disabled through policy
Fix ID: 2561077
Symptom: Full system scans scheduled weekly with missed events, scanning limit and scan start randomization enabled fail to complete. They are logged as "scan suspended" after a few minutes of scanning
Solution: Fixed the issue that SEPM was not updating the default profile correctly