Symantec Endpoint Protection 11.0 Maintenance Release 2

If an RTM or MR1 client is upgraded to MR2, will the new live update enhancments clean up the excessive disk space useage?   Also, does MR2 fix the inline client upgrade process?  My RTM clients never updated to MR2 despite the proper group client configuration.  Support said this is a know issue and would be fixed soon.

Is there any fix on the bad virus def problem creating gb's of .tmps in the VirusDefs folder until manually cought by the user to correct the issue?

Thanks for the reply!  I'm anxious to be able to upgrade our test network!

Paul,
    I am suffering here waiting to get this fixed. My drives are filling up systems crashing. Some will not update at all. I dumped Trend Micro for this product. I am thinking of going back. I may be forced too.

The 21st is a long way off down a ling dark tunnel!!

-John Hill

@The_Stranger

It's a patch for MR1 SEPM

Symantec Endpoint Protection Manager fixes

Agents do not appear in Symantec Endpoint Protection Manager
Fix ID: 1178101
Symptom: Agents do not show up correctly in Symantec Endpoint Protection Manager. If Symantec Endpoint Protection Manager is restarted, agents will show up correctly. However, after Active Directory synchronizes with Symantec Endpoint Protection Manager, the agents will display offline again. This occurs every 24 hours.
Solution: Modified the order of how objects are processed so that agents appear correctly as "online" in Symantec Endpoint Protection Manager.

Port leak on Symantec Endpoint Protection Manager
Fix ID: 1183253
Symptom: Symantec Endpoint Protection Manager becomes deaf as clients download updates, CLOSE_WAIT sockets are not closed, and the server is out of ports and becomes deaf to the console. As this continues, at some point you can no longer remote desktop to the server. When the server is full, 3500 sockets are in CLOSE_WAIT, almost all the rest are in TIME_WAIT, and there are 15 or so talking to the database and clients. As time passes, the CLOSE_WAIT sockets slowly rise.
Solution: Symantec Endpoint Protection Manager process no longer has CLOSE_WAIT states after clients download updates, preventing the leaked ports from monopolizing all the server's ports.

Symantec Endpoint Protection Manager Management Console Home Page: Virus Definitions Bar chart and IPS Signatures chart do not display
Fix ID: 1190971
Symptom: Charts on the Home Page appear blank.
Solution: Modified code to ensure that chart information is displayed as expected on the Home Page.

Group Folders are not created or take too long to create
Fix ID: 1191851, 1201662
Symptom: When you have a large number of existing groups, creating new groups fails as SemSvc.exe runs a check on all existing folders (one folder for each group). After over an hour, the new group is not created. When viewing created groups, some contain 2 files, while others contain over 20 files. In some instances, creating a group would take over an hour.
Solution: Added a condition that optimizes creation of groups, so that groups and group folders are created and created in a timely manner.

Import of policy from one Symantec Endpoint Protection Manager domain to another fails
Fix ID: 1183186
Symptom: After clicking "Import" to import a policy from one Symantec Endpoint Protection Manager domain to another, the action fails with no error message. This particularly happens when attempting to import firewall policies that use rules which apply to host groups that are not present in the new domain, or when importing policies from a migrated Symantec AntiVirus server group into a new domain.
Solution: Import action failed because new domain did not contain the same host group names. This issue is resolved by implementing the following: create host group if it doesn't exist in new domain; adding error handling messages if an error does occur, and merging host groups if user selects to overwrite existing policy for already existing groups.

To deal with the Temp folder creation problem, we've been running a  script created by my coworker on a Fedora 8 Linux box (since deleting folders from a Windows box was slow).  If you have a spare box to install Fedora on, you can use the following script.  I created a folder inside the root profile folder (since the script will have your Windows domain account and password in it) then used the script (shown below the line) along with a file called serverlist containing the list of PCs and servers names.  I created mine by running a "net view >serverlist" at a DOS prompt on my Windows box.  If the PC is offline, it will take a minute or so to timeout and continue on but at least you don't have to babysit it.  When it's done, repeat until MR2 is released.

Note: this is for Windows XP.  Windows Vista has a different path for the virus defs which is located at: C:\ProgramData\Symantec\Definitions\VirusDefs.  We don't use Vista but if you do, you'll need to replace the lines containing

/mnt/folder-name-containing-the-script/Program\ Files/Common\ Files/Symantec\ Shared/VirusDefs/tmp*.tmp

with the following path

/mnt/folder-name-containing-the-script/ProgramData/Symantec/Definitions/VirusDefs/tmp*.tmp

Good luck


________________________________________

#!/bin/bash

inputfile=serverlist
totalnum=$(cat $inputfile | wc -l)

let "current = 0"
cat $inputfile | while read servername
do
  let "current = current + 1"
  echo Processing $servername \($current of $totalnum\)
  mount -t cifs -o user=domain-name/username,pass=password,uid=503,gid=503 //${servername}/C$ /mnt

  du -m /mnt/folder-name-containing-the-script/Program\ Files/Common\ Files/Symantec\ Shared/VirusDefs/tmp*.tmp
  rm -r /mnt/folder-name-containing-the-script/Program\ Files/Common\ Files/Symantec\ Shared/VirusDefs/tmp*.tmp
  umount /mnt
done

"MR2 will provide Windows 2008 support for the SEP client only. A future maintenance release will most likely provide Windows 2008 support for the SEPM also."

This means SEP will not support a Windows Server 2008 (only) Domain without a Server running on 2003 for deployment ?

I think that this future maintenance realse will not be in year 2008...

Thanks..

Message Edited by Hurricane Andrew on 03-19-2008 06:47 AM

Logged into file connect today and it is still MR1....


Symantec Endpoint Protection 11.0 - International English  11.0.1375 MP1   International English


So is MR2 available today or not?

--t

Message Edited by Technologist on 03-21-2008 09:17 AM

I asked our BCAM this and he verified that all MR releases are cumulative thus you don't need to install previous MR versions (in this case MR1) prior to installing MR2.

Scott Klassen wrote:

"Another thing to keep in mind is that when Symantec gives a release date, a given item may take a couple of days to show up on FileConnect.  Example:  If Symantec had been able to release MR2 today, as was the originally announced date, chances are it wouldn't have been available on FileConnect until Monday.  Just something to work into the planning of maintenance time windows around Symantec releases. "

Do you realize how lame that potentially sounds? My translation:

"When Symantec gives a release date do not expect it to be available that day because they never have the file ready for their customers to download. Instead, keep checking the forums and File Connect for when it might eventually show up. Sometimes this may take days (or even over a week - yes this has happened to me). So don't plan on upgrading to the latest version on release day because the upgrade file will not be there."

lol.

--t

Message Edited by Scott Klassen on 03-21-2008 08:36 AM

Message Edited by Jason1222 on 03-21-2008 12:05 PM

the compatibility problem with vista SP1 only happened on machine with wireless card.

those desktop PCs should be good.

for wireless users, MR2 is coming, :)

thanks

FYI - Accourding to my BCAM, 4/14/08 is the new tentative release date for MR2.  It was going to be today but it's being delayed for QA purposes.

I'm running SEP RTM client on several laptops with Vista SP1 and wireless connections without any issues. Still looking forward to MR2. Avoided MR1 because of all the issues I read about here. Sounded like it would just make things worse rather than better.

Hopefully MR2 is right around the corner, but if something strange comes up in QA and it sees a significant delay I will certainly keep MR1 in mind.

@ Paul Murgatroyd,

Any update on the ETA for MR2 to be released to fileconnect?

Cheers

Ben

Message Edited by Ben Blackmore on 04-04-2008 04:31 AM

Casting my vote for Windows 2008 SEPM support... I have at least one client who has just installed Win2008, and purchased Endpoint Protection - wanting to install SEPM on it - I'm currently looking at installing VMWare and WinXP - they don't particularly want to purchase another license for Win2003 at this point in time...

Scott: I know - I was just casting my vote anyway...

To me, Symantec Endpoint Protection 11.0 Maintenance Release 2 is critically needed.

ISP236 wrote:

Are there any release notes (acutally deploying the update) MR2 coming out yet..?  Or were there any for MR 1?

 

Just want to see how this is going to work and get a handle on how we are going to deploy before the update is released.

 

Thanks.

1. Push out the install with the SEPM console. The user will get a popup telling them a new version is available, and ask if they want to upgrade. You can configure this to allow the user to postpone, but force that it has to be install by a certain time/date etc.

2. Add the new release to group policy software installs, and roll it out when machines boot up. MR1 could install over the top of the RTM without having to uninstall it first. I would expect MR2 to be the same.

3. There was an MSP patch file available for MR1, which could be applied to the RTM, and updated it, without having to perform a full re-installatation. MR2 will hopefully have a similar MSP patch, as they are much smaller in size, (12mb I think the MR1 MSP was, rather than the 118mb for the full blown MR1 install).

Ben

Message Edited by Ben Blackmore on 04-08-2008 01:30 AM

Message Edited by Paul Murgatroyd on 04-09-2008 03:16 PM

I only see Symantec Endpoint Protection 11.0 in my projects list. How do I subscribe to\add the MR2 project?