Endpoint Protection

I've seen a similar posting (https://www-secure.symantec.com/connect/forums/symantec-vulnerability-protection-add-preventing-firefox-update-download), but it has been marked as solved for the particular issue that the user was having.

But it does not address the real issue of why Symantec Vulnerability Protection is incompatible with recent versions of FireFox, causing FireFox to disable it and render it useless.

Can we get some official word on how this is being addressed and when we can look forward to it working again?

This isn't compatible with 33.0 for sure. Would seem that quick update could come down and fix this, especially that the rate Mozilla puts out updates.

For the past few months, it hasn't been compatible. FireFox 32 had issues. So no quick response from Symantec has been forthcoming...

It's only compatible thru 31 per the notes. This has been a problem for some time now though

Yes, my point exactly! One of the top browsers hasn't been compatible for many months and now for two full versions. How do we (as end users and admins for companies) find out what is being done about it?

Supported Browser versions for Browser Intrusion Prevention for Symantec Endpoint Protection 12.1.x

http://www.symantec.com/docs/TECH174537

That article lists the latest version of SEP (12.1.5) supporting up to Firefox 28, which was released in March. That is sad.

If anyone from Symantec reads this post, when will SEP's Browser Intrusion Prevention support a *current* version of Firefox.

I've tried to create a new forum post on this, and it won't publish after nearly an hour, so hopefully I can publish it here, as it's somewhat related.

No one else has posted about this yet, likely because right now USA and Europe has gone home.
Well here in Australia it's mid-Friday business, and a new CIDS (Intrusion Protection Engine) engine that's been pushed out by Symantec is causing problems!
Version 14.1.2, in my SEP RU5 Agent it reports the versions as 14.1.2.4.

Confirmed as an issue with IE 11 with SEP 12.1 versions, RU2, RU4MP1, RU5. (Granted RU2 doesn't support Browser IPS in IE 11 "officially", but it's always and still worked, but that's beside the point here)

Supported Browser versions for Browser Intrusion Prevention for Symantec Endpoint Protection 12.1.x
http://www.symantec.com/docs/TECH174537

New Features in Client Intrusion Detection System (CIDS) 14.1 (cannot find an article describing this latest CIDS release, this is the newest I found)
http://www.symantec.com/docs/TECH224237
 

I received a BCS Bulletin after the issue started mid-morning saying:

Symantec is releasing a new CIDS engine for Symantec Endpoint Protection. This is a staged rollout beginning today October 23rd, and is expected to be completed on Monday October 28th.

The test file contains version 14.1.2 and is available here:
https://fileshare.symantec.com
User Name: <removed>
Password: <removed>

Once logged in, please select the Shared Folders tab. The test file is available in the following path:
Component Files / CIDS / CIDS 14.2 BCS.ZIP

For more information about Staged Releases please see the following document:
http://www.symantec.com/business/support/index?page=content&id=TECH206118

Thank you, Symantec Endpoint Protection Engine Updates

So it almost looks like they've made available/released a test version the same time they're started rolling it out? (I'm just guessing here)

For those wondering what happens, open IE 11, don't even visit a site, just open a tab, and you get this balloon.

We have some users complaining of multiple SEP system tray shield icons appearing, where one is SEP 12.1 and the other is SEP 11, and they can launch BOTH SEP 12.1 and 11 GUIs! (I've yet to replicate this on my workstation laptop)
These users have never had SEP 11 installed, it's always as if some old code is being "activated". Still investigating this.

In the logs, under Systems Logs, it looks like this:

We've been lucky to get in touch with one of the SEP Product Managers in a nearby country to bring it to his attention as support (including BCS support) is silent so far. They too are likely confused by it all.

Will post updates as we get them.

Bump for this.

I see no problem having short delay when new version of the browser arrives, but having few months gap (with couple FF version releases) in between is not acceptable.

Even if the ESR version(s) of FF would be kept up-to-date plugin wise -> could go to customers with this information.

Anyone from Symantec care to comment on this? Why does it take so long to update the plugin compatibility and is there any "official" information about 1) current status? 2) upcoming updates from Symantec side?

I guess this would be the main reason, there is no "updates" for the addons:

http://www.symantec.com/docs/TECH224237

Can anyone confirm the IPS / IPS framework version(s) that has these changes implemented?

So no more browsers addons anymore, starting from sometime October 2014?

I didn't read it like that. Sounds like they implemented a new engine to in order to stay current with all the browser updates.

"Please be aware that this engine removes the need for Browser Helper Objects (BHO), browser plugins or add ons.  No functionality will be lost due to this change.  It simply gives customers browser independent protection and allows Symantec Endpoint Protection to tackle even more complex threats."

Just removes the BHO but nothing else is changing. I'm also expecting this to work even when new updates come out, specifically for the Mozilla FF release schedule.

Ok, After reading it again.. devil is in the detail, bit confusion with the remnants of BHO in browsers.
So good that this would then extend protection across "any browser", besides IE and FF, just universal IPS for all.

Seems it still starts BHO now disabled in IE11 (only one I've tested for now), with new installations and not showing/offering anymore in the new installations of FF post 31.x versions.

Old "already" existing installations of FF (e.g Extension was active in 30.x -> now showing disabled in 33.x that has been upgraded via Firefox upgrade) so need to clean-up the old ones from browsers and confirm to my customers this is the way it will now work in the future.
 

A few questions then:

When will the Client Intrusion Detection System (CIDS) 14.1 be rolled out officially, and how will I know that my SEPM and clients are using it?

What's the recommended way of removing the browser plug-ins remotely? I have hundreds of client with BHO plug-ins installed....

12.1.5 still installs the BHO plug-ins on a full client install. Do I remove BHO in my new client installs now, assuming that CIDs will be in place soon amd require no further installations?

Hi all,

I echo the questions from idgck. Particularly, how do I know SEPM and associated clients are using the the new CIDS?

Thanks,

CQ

Can we get an update on this from Symantec? PLEASE? Has Client Intrusion Detection System (CIDS) 14.1 been rolled out? Are we supposed to uninstall the Browser plug-ins? It sure would be nice if I had something to communicate to my 1000+ clients that have disabled plug-ins and are asking questions about them!

CIDS released v14.1.2.8 to all SEP customers today.

For Firefox, the add-on is removed automatically.

Fore Internet Explorer, the add-on will be disabled in the browser, it does not need to be removed. Re-enabling the BHO has no ill effect.

We were advised by one of the SEP product managers that the BHO is supposed to be automatically removed from IE, by SEP itself, when the new CIDS engine is installed.

Is this not what people are experiencing?

QAMikeT, thank you for your response. I can confirm that the plug-in has disappeared from FireFox on several clients that I checked.

I, too, am looking for clarification on IE and whether the plug-in gets uninstalled or simply remains disabled.

Also, how am I to modify my installation package so that I don't install outdated plug-ins? Moving forward, I don't want to install these plug-ins on a base install and then wait for SEPM to uninstall them or set them to disabled.

Finally, is there any documentation about the new CIDS and how it affects current installations? Changes to SEPM as well as clients?