Endpoint Protection

 View Only
  • 1.  SEP 12 not compatible with SED/PGP

    Posted Oct 19, 2015 01:10 PM

    Hello,

    We have a plan to upgrade our old PC farm to Windows 7. Our testing machine has installed Windows 7 SP1 (32-bit) and also installed Symantec Endpoint Protection 12.1.5 and also a simple .bat file that generate EICAR file automatically. They operated very smoothly and also could detect the EICAR file generated by a .bat file without any problem. However, when we tried to install Symantec Encryption Desktop 10.1 on top of the installation and invoked the .bat file to generate the EICAR file, the EICAR file could not be detected and seems that the SEP stopped operating.

    Having checked with Process Explorer, it shows the System (PID = 4) process applies a file handle on it and cannot unlock the file anymore and The eicar file itself has been cleaned (byte = 0 bytes). From that moment on, SEP seems not detecting any EICAR files or risks. PGP shredder on desktop also cannot be opened.

    I think it is a very serious failure of SEP when SEP got installed together with SED/PGP. And we tried the latest SEP version of 12.1.6 and also SED/PGP 10.1.3. The issue still persists. Can anyone help me?



  • 2.  RE: SEP 12 not compatible with SED/PGP

    Posted Oct 19, 2015 01:40 PM

    Can't say I've seen this. Have you contacted support directly? I would suggest that...



  • 3.  RE: SEP 12 not compatible with SED/PGP

    Broadcom Employee
    Posted Oct 22, 2015 09:29 AM

    Hi,

    Thank you for posting your query on Symantec community.

    10.1.3 is very old version. 10.3.2 is the latest version & has many improvments over 10.1.3

    I will suggest to use the latest version & there shouldn't be any incompatibility as well.

    Also go through this article: The antivirus test file eicar.com can be executed with File System Auto-Protect enabled



  • 4.  RE: SEP 12 not compatible with SED/PGP

    Posted Oct 23, 2015 07:39 AM

    Hi,


    Here is our latest observation and the way to reproduce the problem in exact way. We have created a brand new VM and got the following installed:
    Windows 7 SP1 Enterprise
    Symantec Endpoint Protection 12.1.6
    Symantec Encryption Desktop 10.3.2
    A bat file which generates a eicar text file


    After the computer startup, we have discovered that SED/PGP pgpfsd.exe (File Sharing Daemon) will also be activated. If a virus is being detected (say eicar.com generated by my .bat file) in the computer desktop, SEP will get it cleaned resulting in an empty file. However, we don't know why pgpfsd.exe will also get access to that file at the same time, resulting in an orphaned file handle left in NT Kernel (PID = 4). The Detection Results window did not displayed also. After that, the system become very unstable and SEP will not respond to eicar.bat files and the system cannot be shut down normally because of that outstanding file handle still remains.


    After a restart, if we kill the pgpfsd.exe process through the task manager before invoking my .bat file, the issue will be disappeared and SEP will detect the eicar file generated and show the Detection Results window. We tried to generate eicar files many times and got no errors after that..
    So, we think that there is an issue relating to pgpfsd.exe file. And since we have created the environment from scratch other than the said programs, it clearly showed that there is incompatibility or even security risks with the latest Endpoint Protection and Encryption Desktop. If any Symantec staff sees this post, please try to reproduce the steps and get it fix. We have used Symantec products for many years and trusted its Anti Virus. And we are so surprised that Symantec's own products Encryption Desktop will kill its Endpoint Protection accuracy and credibility.

     



  • 5.  RE: SEP 12 not compatible with SED/PGP

    Posted Oct 23, 2015 03:31 PM

    Honestly, call support and get a case open so they can start RCA.