Video Screencast Help

Latest Symantec Endpoint Protection Released - SEP 12.1 RU2 MP1

Created: 09 Apr 2013 • Updated: 06 Jun 2013 | 47 comments
Mithun Sanghavi's picture

 

Hello,

Symantec Endpoint Protection 12.1. RU2 MP1 is Released Today as on 8th April 2013.

You may find the Latest Release of Symantec Endpoint Protection 12.1.RU2 from: https://fileconnect.symantec.com/

SEP 12.1.2_MP1.JPG

 

This build's version is: 12.1.2100.2093.

Migration paths

Symantec Endpoint Protection 12.1.2100.2093 (RU2 MP1) can migrate seamlessly over the following:

  • Symantec Endpoint Protection 12.1.2015.2015 (RU2)

This Symantec Release build contains:

  • 18 top impacting fixes.
  • 25 internal defect fixes
  • Security updates for JRE
     

KnowledgeBase Articles:

Release Notes and System Requirements for all versions of Symantec Endpoint Protection and Symantec Network Access Control

http://www.symantec.com/docs/TECH163829

New fixes and features in Symantec Endpoint Protection 12.1 Release Update 2 Maintenance Patch 1

http://www.symantec.com/docs/TECH204685

Upgrading or migrating to Symantec Endpoint Protection 12.1.2100 (RU2 MP1)

http://www.symantec.com/docs/TECH204449

Symantec Endpoint Protection 12.1 RU2 MP1 Client-only patches

http://www.symantec.com/docs/TECH204859

Operating Systems:

Comments 47 CommentsJump to latest comment

San1985's picture

Hey Mithun ,

Is it possible to upgrade the SEPM and clients from 12.1 RU1 MP1 to 12.1 RU2 MP1 ?

In document only showing upgrade from 12.1 RU2 to 12.1 RU2 MP1

 

 

.Brian's picture

You need to go to RU2 first than RU2 MP1. This is only a maintenance patch.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

I agree. If you have an older client than the SEP 12.1 RU2 and want to migrate to the latest version, in that case you may have to migrate to the SEP 12.1 RU2 first and then to SEP 12.1.2 MP1

Migration paths

Symantec Endpoint Protection 12.1.2100.2093 (RU2 MP1) can migrate seamlessly over the following:

  • Symantec Endpoint Protection 12.1.2015.2015 (RU2)

Check this Article:

Upgrading or migrating to Symantec Endpoint Protection 12.1.2100 (RU2 MP1)

http://www.symantec.com/docs/TECH204449

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mithun Sanghavi's picture

Hello,

This is a Maintenance Patch to the SEP 12.1 Release Update 2. smiley

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

MP = maintenance patch. Not a full release like an RU (Release Update)

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Still has fixes just not as many compared to an RU

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

mthorpe's picture

To clarify... I will need to migrate my SEP 11 Clients to SEP 12.1 RU2 and then patch them to MP1 or does the two step method only apply to pre SEP 12.1 RU1 SEP 12 Clients?

Mithun Sanghavi's picture

Hello,

In your case, you would have to migrate in the following way:

SEP 11.x >> SEP 12.1 RU2 >> SEP 12.1 RU2 MP1

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

AshMelwani's picture

Mithun

What About Symantec Network Access Control and Integrated Enforcers has 12.1.RU2 MP1 released ?

Mithun Sanghavi's picture

Hello,

I would suggest you to check the Release Notes for SEP 12.1 RU2 MP1 as below:

Symantec™ Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control 12.1.2.1 Release Notes

http://www.symantec.com/docs/DOC6419

You could check the Symantec Network Access Control, Enforcers, and Host Integrity issues in page 11.

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

dpeters11's picture

So if you are on RU1, you have to install RU2, break the firewall, fix the firewall, then apply the patch?

I'm thinking it might be easier to wait a few months for RU3.

mthorpe's picture

.... although it's not officially supported I've successfully deployed 12.1.2 MP1 to a machine running the SEP 11 RU6 client.

I did, however, export an instalation package for 12.1.2 MP1 and deployed it via SCCM... I guessing the need to go from SEP (pre 12.1.2) to 12.1 RU2 to 12.1 RU2 MP1 would be required if I deployed it via the SEPM.

We needed to avoid 12.1 RU2 altogether due to the way it handles out of date definitions.

 

The Conquistador's picture

I've had instances of where I could not even install it, the install would start then almost finish at that point out of nowhere it would roll back. There have also been times where it would detect what is CLEARLY a Windows 7 machine as a Vista machine. I can't wait for the next version, this one has given me the most difficulty.

pandher's picture

i am thining of applying the maintenence pack on my sepm 12.1.2, i hope there are no known issues as such...

.Brian's picture

There has been one reported regarding XP clients and the firewall. Here is the thread:

https://www-secure.symantec.com/connect/forums/slo...

Only affects XP clients.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pandher's picture

yeah saw that thread, i will delay my plans. lets go to RU2 when it is released.

ShadowsPapa's picture

 

Uh.... This IS RU2 they've been talking about.........

I think 12.1.xxx.xxx.xxx.xxx.xxx RU2 is the best of the series yet.

I just hope MP1 doesn't break what has been good about RU2.   I've got one major complaint that that was tossed into the code when someone briliiantly decided we wanted reports on ALLOWED devices and not BLOCKED devices.  Thanks to that very thoughtful innovation, I have lost the ability to get and send to the boss reports on blocked devices and had to turn off all alerting on device control. Do you know how many ALLOWED USB devices there are on modern computers? Imagine getting an alert for, and a report each month on the devices that were allowed every time someone restarted a computer. WOW.
Prior to 12.x, meaning the solid version 11. series, I got an email alert ONLY when a blocked device was attempted - someone tried to use a personal thumbdrive, or some other devices not allowed. It was good - got an occasional alert, perhaps 1 or 2 a week, and a monthly report might have had say 6 to 10 total blocked devices people had illegally attempted to use.  Thanks to SEP 12, suddenly I was getting emails every hour loaded with ALLOWED devices and the reports were huge - the email was 10 meg or so in some cases. So 12 totally broke a great thing, and caused me to have to "shut it down".

Otherwise, other than that and some glitches that could happen under ANY release, 12 RU2 has been the fastest and most reliable installing upgrade ever - ever. I can push out RU2 at will, it rarely fails - only a half dozen since January and those are troubled computers anyway. It's FAST - the whole thing, from install to operations, it's faster.

I'm not sure if I should attempt MP1 as the only thing I REALLY want fixed is - PLEASE PUT DEVICE CONTROL BLOCKED DEVICE ALERTS/REPORTS BACK, and remove ALLOWED from the reports.

Or at least give us a DROP-DOWN choice when we set up a notification.

POLL for all Connect users - which is most useful:
Alerts for, and reports on BLOCKED devices
or
Alerts for and reports on ALL allowed devices (think of what you are saying before you reply.....)

.Brian's picture

An issue has been found in RU2 MP1 but only affects XP clients that have the firewall enabled.

Thread here:

https://www-secure.symantec.com/connect/forums/slo...

KB article here:

Windows File Sharing slows on Windows XP with Symantec Endpoint Protection 12.1 Release Update 2 Maintenance Pack 1 installed

Article:TECH205741  |  Created: 2013-04-30  |  Updated: 2013-04-30  |  Article URL http://www.symantec.com/docs/TECH205741

 

Workaround at this time is to either disable the firewall or remove it from the NTP component.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DCourtel's picture

Does it affect Windows 2003R2 ?

DCourtel.

End User Support Technician

Publish Third Party Applications in Wsus : http://wsuspackagepublisher.codeplex.com/

.Brian's picture

It's not specific. Just says XP/2003.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Cooperfield's picture

ShadowsPapa, 

Re Blocked devices report

The logic of  the change sounds like taking away the "Still Infected" flag from the SEPM and replacing it with a report or stream of messages announcing ALL of the computers that did NOT become Still Infected in the last few minutes. All it Not Infected?  And now you do not know what is Still Infected.

So I agree re the blocked devices report being inverted. Maybe if you post it as an Idea it would have better visibility.   [Edit]

 

SameerU's picture

Hi

Always its recomended to upgrade to latest version as it has many fixes and updates.

Regards

 

ShadowsPapa's picture

No it's not always recommended. There are many times you should not install an update or patch unless it fixes a specific problem or issue you have.

Read all of the Microsoft documents and KB articles if you don't believe me. In fact some things they just plain don't post because they want you to contact them first to see if the latest patches will actually address an issue you have - because patches and updates can introduce NEW problems.

This is a perfect example. I would strongly recommend that folks take a good long hard look at RU2 MP1 before jumping into applying it. We are not going to apply it here at this time - until or unless I find something it directly addresses - a problem we have that it solves. The reason is clear - look at the problems for anyone running XP - I need to be really sure it doesn't impact server 2003 or have other "problems" in it.

IMO This is one case Symantec needs to bite the bullet, admit a problem, release a patch for the patch BEFORE the next regular update.
The reason is sitting all around us - just look at the numbers of posts on this problem - and imagine all of that magnified because not all customers post here.
The "fix" for this fix is to disable a feature we use and need? How terrible! I could call it lame. Sell an anti-malware product, release a patch, the patch breaks a big part of the product, and the solution is to simply not use it?  If I buy a gun I want it to fire every time I pull the trigger, not every-other time. If I buy a firewall I want it to stop everything I put into it to stop, not pick and choose what it wants to block or not block.

Please don't post unhelpful things just for a connect point. There are good reasons people need to look before jumping - this is a big one. This "fix" may cause such problems that people have to disable a big part of SEP and leave themselves wide open for that attack vector. And how does the IT security staff explain to management when something gets in and takes out servers or destroys information, or leaks out client confidential information?
Like this?  'Sorry boss, it was broken so we had to turn it off. We'll have a fix in a couple of months.'
In the meantime staff is scrambling to recover - because someone in IT didn't TEST before deploying - they followed your advice of you should ALWAYS apply the latest patch?

I'm seeing a rather large pattern here and it's making it hard to trust "answers" posted - harder to get any because of the constant boiler-plate posts and unhelpful "advice". If that statement ruffles a feather or two, good. I hope so. I usually do so by accident because of my "situation" - but this time it's on purpose. Someone needs to moderate and kill posts just for points or those with bad advice.

 

Mithun Sanghavi's picture

Hello,

I completely agree with ShadowsPapa.

It is important to understand that SEP 12.1 RU2 MP1 is a maintainance patch and could be applied only over SEP 12.1 RU2.

This Symantec Release build contains:

  • 18 top impacting fixes.
  • 25 internal defect fixes
  • Security updates for JRE

Check the Latest Fixes done in the Patch from the Articles and if those fixes are really required in the environment - 

New fixes and features in Symantec Endpoint Protection 12.1 Release Update 2 Maintenance Patch 1

http://www.symantec.com/docs/TECH204685

In case the SEP 12.1 RU2 is working fine and you don't think you require the Maintainance Patch, then you may choose not to upgrade.

The next Release Update (RU) would be released in coming few months.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

AndrewIT's picture

i have this problem on every XP clients. my SEPM is on a server with win 2003 R2 SP2 -> it is affected by the problem
 

.Brian's picture

It is being tracked for next release but no date has been given yet as to when the new release is due out.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

In case if you are facing the above issue, I would request you to please collect the Full SST Logs along  with WPP debug logs from SEP Client and create a case with Symantec Technical Support.

How to collect full support logs for Symantec Support with the SymHelp utility

http://www.symantec.com/docs/TECH203029

How to enable Automatic Symantec Endpoint Protection (SEP) 12.1 Client Debugging, including WPP logs.

http://www.symantec.com/docs/TECH171176

and

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_t...

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

smiller-dri's picture

Just to be clear, anyone running Lotus Notes 8.5.2 or 8.5.3 (or probably later revisions) there is an older Symantec issue which is brought back in this update.  The 12.1.2015.2105 client from November runs perfectly in conjunction with Lotus Notes, but the 12.1.2100.2093 version has this problem, which was fixed back in early 2012.

http://www.symantec.com/business/support/index?page=content&id=TECH179128

https://www-secure.symantec.com/connect/forums/sep-121-ru1-causing-lotus-notes-crash

Mithun Sanghavi's picture

Hello,

I would suggest you to create a Case with Symantec Technical Support as we haven't received any reports on the same.

To Create a Case with Symantec Technical Support -

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_t...

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

smiller-dri's picture

An excellent idea.  So, this forum doesn't count as receiving a report?

Mithun Sanghavi's picture

Hello,

Yes, it does and I appreciate you for bringing this forward.

I checked with my Team before I wrote my statement above and then I requested you to create a case.

The reason the case is required as the Team would have to troubleshoot the issue and may be they would require certain logs to understand the root cause.

Once you have created the Case with Symantec Technical Support, please PM me your Case # .

This would assist me and my team to observe the case closely.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Gil_Saunders's picture

All,

we even cannot do an upgrade from version 12.1 RU1 MP1 to version 12.1.2 due to historical upgrades from SEP v11 on the same machine (--> pls see here: https://www-secure.symantec.com/connect/forums/when-upgrading-sepm-version-121-ru1-mp1-version-1212-following-error-appears-error-1920-servi

So, this upgrade won´t work, too. No solution until now from Symantec side ;-(

Any help is appreciated ;-)

 

BR,

Gil

 

 

JohnK's picture

Will this new version be pushed out automatically as an update to Small Business Edition 2013 (SEP.cloud)?

Mithun Sanghavi's picture

Hello JohnK,

Automatically update would not take place.

Please NOTE: SEP SBE 12.1 is different from SEP SBE 2013.

Check this Thread:

https://www-secure.symantec.com/connect/forums/convert-endpoint-protection-121-symanteccloud

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Hakeem's picture

Hi Mithun,

Is there any change in file connect site because I am not able to see new published software realase date?

Thanks

Hakeem

Mithun Sanghavi's picture

Hello,

Yes, The Symantec Fileconnect has been replaced by Symantec Flexnet Operations.

https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

The new published software release dates would not be seen.

I would suggest you to check this Article:

What are the Symantec Endpoint Protection (SEP) versions released officially?

https://www-secure.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officialy

@ShadowPapa - We at Symantec are facing mixed reaction with the change and we highly appreciate your inputs.

I would appreciate, if you would add these inputs in the IDEA's section, which would then reach the Concerned Team.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ShadowsPapa's picture

I have actually already done that. After posting this - I remembered that Symantec has a place for such thoughts and comments, so added an idea.

The dates helped a lot always as I could at a glance tell what files belonged together, and in the case of SEP and SNAC, I could tell BOTH needed to be upgraded/updated.

I also added in the suggestion that there be some sort of consistancy in the naming or rather versioning. In one place SEP is always referred to as RU this or MP that, however, it gets tricky keeping track, plus the console doesn't know RU or MP from Tuesday and Wednesday - it deals with versions. So if I want to see if there is a version later than 12.1.2015.2015 or whatever, I cannot tell this in the file downloads. Along with "this is SEP RU2 MP1" is should state "this is SEP RU2 MP1 version 12.1.2333.1234" Then without having to go to yet ANOTHER document co translate, I'd look at our SEPM console and see our version is older than the version posted on the download area. As it is now, I really don't know. Most of us wear many hats - we do more than "just SEP" so keeping track of numbers or dates can be a problem (especially when you have a disability such as ADHD where memory of long numbers is impacted severely). Putting the VERSION in the file name would help me a lot.
Consider it Symantec's contribution to those with handicaps, and being ADA compliant!!  ;-)

If I go to "connect" (or whatever it is today) and try to see if there is a SEP newer than what I have here - how do I tell?
OK, so there's a link - will I know about that link next month? Will I have to search for another document to translate before I can download - or know there is something new? I never see announcements of new versions until or unless I have a problem and come here for some help. But then it's not in my face "hey, fool, there's a new version out here!". It's buried. Subscriptions - I've signed up for every one there was for every year since they first started, and not a single one has ever worked. I have never to this day been notified via email of any new versions, patches or releases of any Symantec product.

So, please check my suggestion at https://www-secure.symantec.com/connect/ideas/put-release-dates-back-fileconnect
And consider those very busy system admins who handle multiple jobs and multiple roles, and make it easier to figure out what the score it. Also consider, some of us have some "issues" that make it more difficult to remember.

 

Mithun Sanghavi's picture

Hello,

I appreciate your inputs. To start up, added my vote.

Count my Vote in +1 smiley

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ShadowsPapa's picture

That is a major negative in the "new design". Since many products show a version number such as 12.1.2015.2015 and the file connect just shows "RU2", how the heck can you tell what's what?

Put the release date back in! That was we KNOW if something was released or is new since last visit.

No, subscriptions have never worked correctly so we can't go by or rely on emails stating "there's a new file out there". And sometimes we need to get a different version for reasons engineers don't grasp.

So, PLEASE, put the file release date back into connect. I hate the new layout. The other I could tell what I needed simply by looking at the release date. You've taken that away from us.

Also- be consistent - refer to versions OR your "RU", but don't refer to versions in one place, and the RU or MP level in another. There's no road map telling us that RUxxx is version 12.1.2.3.5 or whatever. Or make it easy like it was - put the dates back. It's really confusing when you want to make sure you have the latest SEP and SNAC, and the versions don't match, and there's no dates to go by, and the file connect says RU this and MP that, while I'm looking at our console scratching my head because the console doesn't give versions that way.

pandher's picture

I agree with shadowpapa, this is getting really confusing now. We were always the early adapters but now i will always stay atleast 1 version behind.

The Conquistador's picture

I've wised up, I started to test SEP's new version on a VM that is not in production.

.Brian's picture

Luckily, I have a test environment. So my "upgrades" start in here and run for 2-4 weeks. Was a saving grace when finding the SMB slowness bug in ru2 mp1 between the fw and xp/2003 clients.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ambesh_444's picture

Nice and helpful article Mithun.

Thumbs up for Mithun....!!!!!!!!!

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."