具体更新内容
Release Update 7 Maintenance Patch 1 (RU7 MP1)
What's new in this release
The current release includes the following improvements that make Symantec Endpoint Protection and Symantec Network Access Control easier and more efficient to use:
Administrator-defined scan extensions increased to 12 characters
Fix ID: 2337151
Previous behavior: The Symantec Endpoint Protection Manager administrator could not add more than four characters when specifying file extensions to scan during an administrator-defined scan.
Enhancement: The file extension limit was increased from 4 to 12 characters.
Quarantine dialog allows full path entry
Fix ID: 2362970
Previous behavior: In Symantec Endpoint Protection 11.0 RU6 MP1 or earlier, the Quarantine dialog allowed the user to enter or browse to a file path. In RU6 MP2 and later, this dialog was modified to show folders only. The user would like to return to the original file path behavior.
Solution: A flag to a Microsoft API was added to allow the user to browse to a full file path in the quarantine dialog.
Top impacting problems resolved in RU7 MP1
SMC.exe handle count on a GUP computer increases over time
Fix ID: 2399799
Symptom: On a client configured as a GUP, the handle count of SMC.exe increases over time, and eventually the computer becomes unresponsive.
Solution: SMC.exe was modified to prevent the handle leak.
Perl application in Cygwin terminates with fatal error "couldn't allocate heap"
Fix ID: 2241805
Symptom: CygWin terminates with fatal error "couldn't allocate heap" when running a Perl script with an active Application and Device Control policy.
Solution: The Application and Device Control driver (sysplant.sys) memory allocation routine was modified to prevent this crash.
SMC.exe process terminates unexpectedly
Fix ID: 2326986
Symptom: The SMC.exe process terminates unexpectedly when retrieving the system default proxy configuration. This occurs when the user selects "Update Policy" from the tray icon.
Solution: SMC.exe was modified to process the proxy name and bypass settings correctly when the fields are empty.
Domain controller becomes unresponsive after installation of Symantec Endpoint Protection 11.0 RU6 MP3
Fix ID: 2393251
Symptom: A domain controller may become unresponsive to RPC, authentications, replication, and file sharing after installation of Symantec Endpoint Protection 11.0 RU6-MP3. The server still answers to ping.
Solution: The AutoProtect driver (srtsp.sys) was modified to prevent a condition where calling into the mount manager could cause a deadlock.
Ports are abandoned in the CLOSE_WAIT state by GUP-to-Manager communication
Fix ID: 2413202
Symptom: Computers acting as static GUPs show a progressive performance degradation over time until they become unresponsive to network communications. The computer must be restarted to restore network connectivity.
Solution: SMC was modified to prevent the connection leak.
Symantec Endpoint Protection clients cycle through Management Server lists continuously (two solutions)
Fix ID: 2493886
Symptom: Symantec Endpoint Protection clients continually cycle through the Management Server Lists. The client will connect to one Symantec Endpoint Protection Manager, then another, and repeat.
Solution: The profile time is now converted to GMT to resolve a scenario where the profile does not match.
Fix ID: 2566167
Symptom: Symantec Endpoint Protection clients continually cycle through the Management Server Lists. The client will connect to one Symantec Endpoint Protection Manager, then another, and repeat. This occurs when clients are configured to download content from an internal LiveUpdate Administrator and the LUA policy contains a password to access the server.
Solution: Symantec Endpoint Protection was modified to ensure the encrypted password remains static when the policy is recompiled.
Computer status log shows virus definitions as "none"
Fix ID: 2023152
Symptom: When the client starts, SMC sends virus definition date information as "0" to the Symantec Endpoint Protection Manager. The computer status log in Symantec Endpoint Protection Manager shows a virus definition date as "none." The clients have the correct definitions. A workaround is to manually "Update Policy" or wait until the next heartbeat.
Solution: SMC was modified to send the correct virus definition data to the server on startup.
IPS status and numbers are incorrect in reporting
Fix ID: 2240928/2376877
Symptom: In some areas of Symantec Endpoint Protection Manager reporting, IPS signature data is inconsistent or incorrect. Affected areas include:
Home > Security Status > More Details > Intrusion Prevention Signature Update Failures
Reports > Quick Reports, where Report type = "Computer Status" and Select a report = "Intrusion Prevention Signature Distribution"
Solution: The Symantec Endpoint Protection Manager queries were modified to show the correct IPS client data.
Symantec Endpoint Protection client connects to Symantec LiveUpdate server despite being configured to use an internal LiveUpdate Administrator
Fix ID: 2267387
Symptom: On a managed Symantec Endpoint Protection client, if the local LiveUpdate settings file is corrupted, Symantec Endpoint Protection will revert to the default settings and connect to the Symantec LiveUpdate server.
Solution: To ensure the LUA server is always used, liveupdt.hst is be kept in the LiveUpdate Install folder. As a backup measure, a last known good settings file (Settings.LastGood.LiveUpdate) is created. This file is used when the original settings file is missing or zero byte.
All resolved problems in RU7 MP1
COH32.exe consumes high CPU and high memory
Fix ID: 2247120
Symptom: The process COH32.exe consumes high CPU and 500 MB+ of memory every hour. By default, COH (part of Proactive Threat Protection) scans every hour and some CPU and memory usage is normal. In some environments the COH process may consume excessively high CPU and memory.
Solution: COH32.exe was modified prevent a scenario where the scanner incorrectly identified too many processes to scan.
GUP hangs frequently, requiring a restart once every 24 hours
Fix ID: 2395985
Symptom: The SMC.exe process of a GUP computer may hang or crash unexpectedly
Solution: SMC.exe was modified to prevent a condition where one thread could delete the Sylink configuration data while another thread still needed it.
SERVER_CLIENT_LOG EVENT_ID 23 & 24 are not translated for external logging file scm_agent_act.tmp
Fix ID: 2351718
Symptom: In the Schema Reference Guide, SERVER_CLIENT_LOG EVENT_ID numbers 23 and 24 are not translated for the external logging file scm_agent_act.tmp.
Solution: For reference, the following text was added to the readme.html:
Event ID 23 = Client has downloaded globalindex.dax
Event ID 24 = Client has downloaded GUP list
Data is missing in the "Infected Only" compliance report
Fix ID: 2295643
Symptom: No information is displayed for some clients in the "Infected Only" compliance report. This report can be reached via Monitors > Logs > Computer Status > Filter for "infected only."
Solution: Compressed file containers (.zip, .rar, etc.) are now excluded from the "infected only" report. Only infected file(s) from inside the container will be shown in the report.
Symantec Endpoint Protection Manager email notifications are sent repeatedly for old events
Fix ID: 2233045
Symptom: Multiple outbreak email notifications are sent during the damper period
Solution: SQL queries were modified to prevent notifications during the damper period.
Symantec Network Access Control agent receives the message "Policy manager failed to verify client's UID"
Fix ID: 2310003
Symptom: A Symantec Network Access Control agent may become rejected during a VPN session with the Gateway Enforcer. The message "Policy manager failed to verify client's UID" appears in the compliance reports. The message "Get UID verify failed from Server <ID> for client <ID>" appears in the kernel logs.
Solution: The Symantec Network Access Control agent was modified to update the hash information with Symantec Endpoint Protection Manager if the hardware request was not completed successfully.
Client installations with AntiVirus only attempt to load the IPS library file sdi.dat and the SMC.exe process may crash
Fix ID: 2379995
Symptom: Installations that do not have NTP/IPS installed are still attempting to load the IPS library file "sdi.dat." If the IPS policy file is invalid the SMC.exe process may terminate unexpectedly.
Solution: SMC.exe was modified to only load the IPS policy when NTP is installed.
The client takes one hour or more to process a policy containing a large number of host entries
Fix ID: 2252732
Symptom: A policy contains a large number (10,000+) of host entries. It takes the client 1 hour or more to process the policy file.
Solution: An algorithm was optimized to allow the client to process the policy more quickly.
Ping response times are slow on Windows 2000
Fix ID: 1939651
Symptom: Ping response times are slow on a Windows 2000 computer running Symantec Endpoint Protection 11.0
Solution: The process ID of incoming ICMP packets is set to "System" to allow the client firewall to process them more quickly.
Auto-exclusions for Exchange 2010 are lost after installing Symantec Mail Security for Microsoft Exchange
Fix ID: 2330319
Symptom: Symantec Endpoint Protection 11.0 is installed on a server and correctly auto-excludes the Microsoft Exchange directories. When Symantec Mail Security for Microsoft Exchange is installed, the auto-exclusions are lost.
Solution: Additional methods of detecting Microsoft Exchange were added to the Symantec Endpoint Protection client to allow it to find Exchange and create the auto-exclusions.
Commands run by the limited admin on a Read-only group cannot be processed
Fix ID: 2399598
Symptom: A command is run by a limited admin on a Read-only group. There is no error message and the clients do not process the request.
Solution: The message "User has insufficient rights to execute the command" will be displayed when the limited admin does not have access to run the command.
SMC.exe process consumes 25% CPU usage on Windows 2008 R2 terminal server when idle
Fix ID: 2350900
Symptom: The SMC.exe process consumes 25% or more CPU on a Windows 2008 R2 terminal server, even when sessions are idle.
Solution: The SMC.exe process was modified to improve performance on terminal servers.
SMC.exe fails to start when the policy file (serdef.dat) is corrupt
Fix ID: 2351705
Symptom: SMC.exe will fail to start when the policy file (serdef.dat) is corrupt.
Solution: SMC.exe will now use the backup.dat and server.dat instead of serdef.dat, if serdef.dat cannot be loaded.
Extra bracket "]" character in the Symantec Endpoint Protection Manager firewall rule when the protocol direction is outgoing
Fix ID: 2413452
Symptom: When new firewall policy rules are being created in Symantec Endpoint Protection Manager, there is a circumstance where an extra "]" appears in the entry in the "Content" column.
Solution: The extra character was removed.
Unapproved Application List does not populate correctly when a large number of records are present
Fix ID: 2273709
Symptom: The Unapproved Application List cannot be viewed if there are more than 20,000 entries.
Solution: The Symantec Endpoint Protection Manager console logic was fixed to handle lists greater than 20,000 entries.
Risk "Event End Date Time is earlier than the "Event Date Time" on an external log server
Fix ID: 2392324
Symptom: The Symantec Endpoint Protection Manager inadvertently sends duplicate compressed logs entries to an external log server. This results in events with end date time earlier than the date time.
Solution: Symantec Endpoint Protection Manager was modified to get the latest site state from the database before updating the external log server.
Network Threat Full Report for past three month or past one year cannot be generated
Fix ID: 2366417
Symptom: The Network Threat Full Report for the past three month or past one year cannot be generated. The report may reply with the message "The server received an invalid response from another server while attempting to fulfill the request" or "The page cannot be displayed."
Solution: A PHP file was optimized to allow the reports to run correctly.
Symantec Endpoint Protection Manager sends old entries to external log server
Fix ID: 2392317/2366479
Symptom: The Symantec Endpoint Protection Manager sends old entries to external log server. This results in duplicate log entries on the external log server.
Solution: Symantec Endpoint Protection Manager now properly tracks when logs are sent to the external log server to resolve this issue.
Scheduled or on-demand scan detects threat in Recycle Bin and nothing is logged in Application Event Log
Fix ID: 2380072
Symptom: When a scheduled or manual scan detects an infected file inside of a compressed file in a Recycle Bin, no event ID 51 is entered in the application log. If an infected file is detected on another drive an event ID 51 is logged; however, the file found in the Recycle bin is not listed in the event. The compressed file is deleted/quarantined as it should be, and the Symantec Endpoint Protection client logs all locations, but no event ID 51 is entered in the Windows Application Event log.
Solution: The Symantec Endpoint Protection client was modified to record logs directly when handling the anomaly log.
Client logs are not generated for external logging and are not sent to syslog server
Fix ID: 2390237
Symptom: In some scenarios, client logs are not generated for external logging and are not sent to the syslog server. This occurs in a replication scenario when a site is re-installed with the same name.
Solution: The external logging USN cache is now cleared when a site is added to a replication scenario.
Duplicate clients appear in Symantec Endpoint Protection Manager reports
Fix ID: 2436309
Symptom: An Active Directory-synced Symantec Endpoint Protection client that changes its Hardware ID no longer generates multiple SEM_CLIENT entries in the database. However, the leftover entries in the SEM_AGENT and SEM_COMPUTER tables affect Reporting and result in inflated client counts.
Solution: The Symantec Endpoint Protection Manager logic was fixed to re-use the computer ID when it is merged. In addition, all orphaned entries from the SEM_COMPUTER and SEM_AGENT tables are removed to avoid reporting conflicts.
Deleted groups are displayed in group selection drop down of Symantec Endpoint Protection Manager reports
Fix ID: 2033337
Symptom: Symantec Endpoint Protection Manager report filters show groups that have been deleted.
Solution: Symantec Endpoint Protection Manager now uses the deleted flag to restrict the group drop-down list to existing groups only.
GUP stops serving clients after the SMC service is restarted
Fix ID: 2349534
Symptom: When the SMC service is restarted, the client cannot open port 2967 and GUP stops delivering definitions to clients.
Solution: SMC was modified to prevent a condition where GUP would attempt to start before fully initialized.
GUP appears to fail content update and orphan a number of small files in SharedUpdates
Fix ID: 2371443
Symptom: GUP appears to fail content update and orphan a number of small files in SharedUpdates. These files contain only header information.
Solution: SMC was modified to prevent a condition where GUP state files are left on disk.
Symantec Endpoint Protection Manager services terminate unexpectedly and fail to start again. This may occur after migration to Symantec Endpoint Protection 11.0 RU7.
Fix ID: 2511715/2437330
Symptom: Symantec Endpoint Protection Manager services terminate unexpectedly and fail to start again. This may occur during or after migration to Symantec Endpoint Protection 11.0 RU7. The following message may appear in the Symantec Endpoint Protection Manager log:
SEVERE: Unexpected server error. in: com.sygate.scm.server.servlet.StartupServlet com.sygate.scm.server.metadata.MetadataException: Numeric overflow in conversion of value 2,147,485,326 to type INTEGER.
Solution: Symantec Endpoint Protection Manager was modified to resolve an integer overflow condition.
Symantec Endpoint Protection client with Internet Email AutoProtect cannot access port 465 on an SMTP server using SSL
Fix ID: 2329505
Symptom: A Symantec Endpoint Protection client with Internet Email AutoProtect enabled cannot connect to port 465 on the SMTP server with SSL enabled. The connection fails and times out.
Solution: A component of Internet Email AutoProtect (ccEmlPxy) was modified to allow use of port 465 for email submissions via SMTP tunneled over an initial SSL connection.
Scheduled scan terminates unexpectedly and may leave temporary scan data on the hard drive
Fix ID: 2315341
Symptom: A scheduled scan terminates unexpectedly and may leave temporary scan data on the hard drive. Over time this could consume all space on the drive.
Solution: A scanning component (ccScan) was modified to properly handle alternate data streams on stealthed files when the file cannot be accessed, there is a sharing violation, or the file is locked.
Auto-location switching does not work properly after upgrade to Symantec Endpoint Protection 11.0 RU6 MP2
Fix ID: 2317185
Symptom: After upgrade to Symantec Endpoint Protection 11.0 RU6 MP2 or later, auto-location switching does not work properly. The Symantec Endpoint Protection client does not switch to new locations as expected.
Solution: The Symantec Endpoint Protection client was modified to properly switch locations when the Wireless Zero Configuration Service (WZCSVC) service is stopped.
Limited admin can view data from a client group for which he does not have access
Fix ID: 2269664
Symptom: A limited admin can view unmanaged detector data from a client group where the admin has no access.
Solution: SQL queries were modified to enforce group access in Reporting Security Status 'More Details' and 'Find Unmanaged Computers'.
Event log error 11706, 1001, and 1004 after uninstallation of Symantec Endpoint Protection client from a Symantec Endpoint Protection Manager
Fix ID: 2173616
Symptom: The Symantec Endpoint Protection client software has been installed alongside Symantec Endpoint Protection Manager on the same computer. When the Symantec Endpoint Protection client is uninstalled, Symantec Endpoint Protection Manager's MSI resiliency detects a change and logs an error. Event log errors may include:
Event Type: Warning
Event Source: MsiInstaller
Event ID: 11706
No valid source could be found for product Symantec Endpoint Protection Manager.
Try the installation again using a valid copy of the installation package
'Symantec Endpoint Protection Manager.msi'
Event Type: Warning
Event Source: MsiInstaller
Event ID: 1001
Detection of product '{EAD22945-6D46-4073-8353-803523E9936B}, feature 'Bin' failed during request for component '{40B71840-0B33-42C7-A11D-EBDD5F3ACB63}'
Event Type: Warning
Event Source: MsiInstaller
Event ID: 1004
Detection of product '{EAD22945-6D46-4073-8353-803523E9936B}', feature 'Bin', component '{711CBE62-401D-47AC-8919-4C0029EC66DD}' failed. The resource 'C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\temp\UploadTemp\' does not exist.
Solution: The Symantec Endpoint Protection uninstaller was modified to keep a LiveUpdate registry key that is common to Symantec Endpoint Protection Manager, if the registry key is in use.
Symantec Endpoint Protection Manager web console does not allow a client install package to be fully configured
Fix ID: 2322366
Symptom: When logged into the Symantec Endpoint Protection Manager web console, edit the Client Install Package Properties. For "Client Features" the only option is "All features of Symantec Endpoint Protection." It is not possible to select other features.
Solution: The Symantec Endpoint Protection Manager web console was modified to allow the administrator to select other feature sets.
SymcorpUI.exe terminates unexpectedly
Fix ID: 2310799
Symptom: SymcorpUI.exe terminates unexpectedly with exception 0xc0000005.
Solution: SymcorpUI.exe was modified to prevent this crash.
Unmanaged client cannot perform a scheduled LiveUpdate on Windows 2000
Fix ID: 2329484
Symptom: An unmanaged client cannot perform a scheduled LiveUpdate on Windows 2000. Manually launching LiveUpdate is successful.
Solution: Symantec Endpoint Protection was modified to correctly handle a user token on Windows 2000.
Pressing Ctrl+Alt+Del causes blue screen error
Fix ID: 1848861
Symptom: Pressing Ctrl+Alt+Del causes a blue screen error with stop code 50.
Solution: The AutoProtect driver (srtsp.sys) was modified to prevent a condition where a scan could occur before the system volume was ready.
Custom scan cannot process files and folders
Fix ID: 2406379
Symptom: A custom scan may be unable to scan files and folders through a junction point on an NTFS volume.
Solution: A scanning component (ccScan) was modified to strip a trailing backslash from a junction point before a scan.
Manual scan terminates unexpectedly on Windows XP 64-bit
Fix ID: 2054028
Symptom: A manual scan does not complete and terminates unexpectedly on Windows XP SP2 64-bit.
Solution: Rtvscan was modified to prevent a crash during scanning on this operating system.
Installation of Symantec Endpoint Protection client causes Windows Defender to be set to "Manual" instead of "Disabled" on Windows 7
Fix ID: 2414274
Symptom: On Windows 7, Windows Defender service gets stopped and the service is set to Manual instead of "Disabled" after installing Symantec Endpoint Protection 11.0 RU6 MP3. On Windows XP and Windows Vista, the Windows Defender service is set to "Disabled" during the installation of the Symantec Endpoint Protection client.
Solution: The Symantec Endpoint Protection client installer was modified to properly set the Windows Defender status on Windows 7.
Symantec Endpoint Protection client content updates results in high I/O on SAN in a virtualized environment
Fix ID: 2399592
Symptom: The Storage Area Network (SAN) encounters high I/O utilization in a virtualized environment when clients download content.
Solution: The Symantec Endpoint Protection client was modified to prevent a scenario where the download randomization setting was ignored.
Client running Nortel VPN client freezes after establishing VPN tunnel
Fix ID: 2378999
Symptom: Client computers running the Nortel VPN client may freeze within 20 minutes of establishing a VPN tunnel. This issue occurs when Network Threat Protection is installed.
Solution: The Symantec Endpoint Protection firewall was modified to prevent a deadlock when querying process information.
Traffic log shows thousands of "Allow" entries for the rule "Allows NetBIOS UDP protocols in LAN subnet"
Fix ID: 2403041
Symptom: With Symantec Endpoint Protection in client control mode, the traffic log shows thousands of "Allow" entries for the rule "Allows NetBIOS UDP protocols in LAN subnet."
Solution: Default logging of the "Allows NetBIOS UDP protocols in LAN subnet" rule is now disabled in unmanaged or client control mode.
IPS exclusion by IP range does not work properly if remote IP is on the boundary of the range
Fix ID: 2336330
Symptom: Excluding IPS hosts by IP range does not work properly if the remote IP is on the boundary of the exclusion range. The remote IP is not excluded.
Solution: The IP range check was modified to properly exclude hosts.
SecurityNotifyTask hangs when multiple notifications are sent simultaneously
Fix ID: 2343856
Symptom: The SecurityNotifyTask hangs when multiple notifications are sent simultaneously from a batch file. The SecurityNotifyTask-0.log file no longer shows new entries.
Solution: Input and error streams are now merged and the combined stream is used to determine if the batch file is still running.
Computer status log data cannot be exported to CSV format if a field contains a comma
Fix ID: 2398707/2412310
Symptom: If data within a particular column of the computer status log contains a comma, and such report is exported to CSV, the columns for that row are disturbed when viewed in Excel.
Solution: All data in Computer Status Logs are now exported in double quotes.
Host Integrity Failed report shows client data that is out of the specified date range
Fix ID: 2353594
Symptom: The Host Integrity Failed report shows older client data that is out of range of the report.
Solution: A SQL query was modified to ensure Host Integrity data falls within the specified range.
W3WP service (w3wp.exe) terminates unexpectedly
Fix ID: 2226770
Symptom: The W3WP service (w3wp.exe) terminates unexpectedly due to secars.dll. This issue occurs when a tech extension directory does not exist.
Solution: Secars.dll was modified to prevent this crash.
After logging out of the Symantec Endpoint Protection Manager web console, admin accounts still show online and Java.exe memory usage does not decrease
Fix ID: 2217355
Symptom: After logging out of the Symantec Endpoint Protection Manager web console, administrator accounts continue to show online. Java.exe (JVM/AjaxSwing) memory usage does not decrease as expected.
Solution: The AjaxSwing default configuration (default.properties) was changed to resolve this issue, as follows:
router.clientsPerJVM=1
router.retireJVMAfterClients=1
Symantec Endpoint Protection Manager Monitors "last update time" does not reflect the current system time
Fix ID: 2418608
Symptom: The "last update time" on the Symantec Endpoint Protection Manager Monitors page is ahead by one hour if the time zone has a daylight savings setting but the setting has been disabled
Solution: Symantec Endpoint Protection Manager now handles the date and time when transferring from local (both regular and DST) time to GMT time. The logic was corrected to check for DST time.
Symantec Endpoint Protection scan report shows incorrect data
Fix ID: 2405910
Symptom: The Symantec Endpoint Protection scan report shows more clients when compared to a raw query (select * from sem5.sem5.scans).
Solution: The SQL query used in the report was corrected to accurately show the client data.
Client fails to communicate with Symantec Endpoint Protection Manager if the client has a large number of network interface cards or loopback adapters
Fix ID: 2218255
Symptom: With a large number of network interface cards or loopback adapters, the client fails to communicate with Symantec Endpoint Protection Manager because the HWID key fails to generate.
Solution: The client was corrected to account for a large number of NICs or loopback adapters.
Symantec Endpoint Protection Manager 'Policy edited' event fails to record individual 'Edit Location' events when multiple locations are edited
Fix ID: 2321593
Symptom: When multiple locations are edited in a Symantec Endpoint Protection Manager policy, the 'Policy edited' log event fails to record the individual 'Edit Location' events.
Solution: An Edit Location event is now logged when enabling/disabling the location or setting the location as default.
Replication fails after migrating to Symantec Endpoint Protection Manager 11.0 RU7
Fix ID: 2556217
Symptom: Replication fails after migrating Symantec Endpoint Protection Manager to 11.0 RU7.
Solution: The Symantec Endpoint Protection Manager migration wizard was modified to use the correct body encoding for URI during a fresh install or database schema upgrade.
Weekly reports in Symantec Endpoint Protection Manager are blank from one site
Fix ID: 2404695
Symptom: Weekly reports in Symantec Endpoint Protection Manager are blank from one site
Solution: Symantec Endpoint Protection Manager reporting was modified to correctly handle data inconsistency between replicated sites
C++ runtime error and DCOM encountered on Windows 2008 R2 server
Fix ID: 2347138
Symptom: After installing Symantec Endpoint Protection 11.0 on a Windows 2008 R2 server, the user encounters an error:
Microsoft Visual C++ Runtime Library
R6025 - pure virtual call
In addition, the System event log contains the following DCOM errors:
Source: Microsoft-Windows-DistributedCOM
Event ID: 10010
Level: Error
Description: The server {EE68EAFC-BF28-4017-8A92-D17DACF0B459} did not register with DCOM within the required timeout.
Source: Microsoft-Windows-DistributedCOM
Event ID: 10000
Level: Error
Description: Unable to start a DCOM Server: {EE68EAFC-BF28-4017-8A92-D17DACF0B459}. The error: "5" Happened while starting this command: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe {EE68EAFC-BF28-4017-8A92-D17DACF0B459} -Embedding
Solution: The ProtectionUtilSurrogate.exe process was corrected to wait until the process exits.
.DAT files accumulate in Inbox and are processed slower after moving from SQL 2005 to SQL 2008
Fix ID: 2428767
Symptom: After moving from SQL 2005 to SQL 2008, .DAT files accumulate in the Inbox and are processed more slowly.
Solution: The parameter "-C 65001" is now disabled for SQL Server 2008. This ensures that Symantec Endpoint Protection Manager will use BCP to insert logs.
SMC.exe process terminates unexpectedly
Fix ID: 2231076
Symptom: The SMC.exe process terminates unexpectedly in TfMan.dll when disconnecting from a VPN.
Solution: The Symantec Endpoint Protection firewall rule manager (TfMan.dll) was modified to resolve this crash.
Traffic logs are truncated on disk when opened in the Symantec Endpoint Protection UI
Fix ID: 2349055
Symptom: When a traffic log grows to the maximum size (specified by policy), viewing the traffic log in the Symantec Endpoint Protection UI incorrectly truncates the file on disk.
Solution: Corrected an issue in the Symantec Endpoint Protection log processor to prevent logs from being written while the log is loading into the UI.
Symantec Endpoint Protection Manager help file documentation (Glossary) for the Mac Centralized Exceptions pre-defined variables is incorrect
Fix ID: 2115714
Symptom: Prefix variables for centralized exceptions for Macs do not appear in the glossary.
Solution: The following entry was added to the readme file:
Prefix variables for centralized exceptions for Macs do not appear in the glossary
If you add a centralized exception for a security risk file or folder for Mac, the glossary for the prefix variables incorrectly displays an explanation of the prefix variables for Windows exceptions. The prefix variables for Mac exceptions are None, Home, Application, Library. The prefix variables are the top-level folders. You can specify sub-folders or specific files in the File or folder text box.
|
发表于 2011-10-21 22:46:09
楼主
发表于 2011-10-22 00:32:46
