详细更新日志
Behavior and user interface changes
Quarantine shows date added to quarantine rather than date of the file
Fix ID: 1810671
Symptom: Quarantine shows the date added to Quarantine, rather than date of the file.
Solution: A new column was added to the Quarantine view to display the date of the file.
The display behavior for the number of clients changed in Symantec Endpoint Protection 11 RU5
Fix ID: 1862215
Symptom: The Symantec Endpoint Protection Manager console is only able to display 1000 clients.
Solution: The console now displays up to 5000 clients.
Risk event compression causes duplicate entries in Symantec Endpoint Protection Manager external logging
Fix ID: 1917948
Symptom: Compressed alert logs are sent out again following 'Summarized data'.
Solution: Compressed alert logs are filtered. Only the summary alert will be sent out.
Notification emails from RU5 Manager on Windows 2008 contain an unexpected character
Fix ID: 1919303
Symptom: The email address contains an additional "$" character.
Solution: The default address is now SPC_Server@<domain> if the email address is not configured. Othwewise, it will use the email address specified.
Clients with more than one IP address show up in search clients result when they should not
Fix ID: 1919650
Symptom: When using special conditions like IP address "<>", ">=" or "<=", clients with more than one IP address show up in search client result when they should not.
Solution: The console was updated to correctly display clients with multiple IP addresses.
Cannot set scan type "console" as notification condition
Fix ID: 1920126
Symptom: Cannot set scan type "console" as notification condition.
Solution: "Console" and "System" are not valid scan types, and were removed from the Scan Type dropdown menu.
Unable to run reports on group names that contain SQL reserved keywords like UPDATE, INSERT and SELECT
Fix ID: 1939212
Symptom: Unable to run reports on Symantec Endpoint Protection Manager group names that contain SQL reserved keywords like UPDATE, INSERT and SELECT.
Solution: Updated Manager to allow reporting on group names that contain SQL reserved keywords.
Client status shows out of date definitions after disabling the warning in Symantec Endpoint Protection Manager
Fix ID: 1939776
Symptom: Symantec Endpoint Protection client status shows out of date definitions after disabling the warning in Symantec Endpoint Protection Manager.
Solution: The client status showing that definitions are outdated or is running without definitions is by design. The user interface was updated so that administrators can configure a checkbox (to enable notification) for when definitions are outdated by X number of days, or when Symantec Endpoint Protection is running without definitions.
Symantec Endpoint Protection Manager report drop-down menus disappear unexpectedly and intermittently
Fix ID: 1952244
Symptom: Symantec Endpoint Protection Manager report drop-down menus disappear unexpectedly and intermittently.
Solution: The report was updated to display the drop-down menus correctly.
Unable to uncheck "Check floppies for boot viruses when accessed"
Fix ID: 1952358
Symptom: Upon unchecking "Check floppies for boot viruses when accessed" in Symantec Endpoint Protection Manager, and saving the change, the checkbox is checked again after reopening the policy.
Solution: Symantec Endpoint Protection Manager was updated to resolve the logic behind the checkbox.
Full Scan does not scan mapped network drives
Fix ID: 2009958
Symptom: Symantec Endpoint Protection only scans drives that are physically connected to a computer.
Solution: The behavior is as designed. The interface was updated and the option "A password may be required to scan a network drive" from the "What to scan" tab was removed from a Full Scan.
Windows Firewall is always disabled by SMC service
Fix ID: 1992008
Symptom: The Windows Firewall is disabled even though a policy is in place that dictates it to be enabled.
Solution: If Symantec Endpoint Protection Firewall is disabled in a location, the Windows Firewall will be turned on. If Symantec Endpoint Protection Firewall is enabled in a location, the Windows Firewall will be turned off.
Client and manager fixes
Exported scan logs show incorrect status information
Fix ID: 1098879
Symptom: Exported scan logs show incorrect status information.
Solution: The Symantec Endpoint Protection client was updated so the status column is properly exported.
Incorrect translation for Previous and Next buttons in Chinese Simplified
Fix ID: 1137601
Symptom: Incorrect translation for Previous and Next buttons in Chinese Simplified.
Solution: Symantec Endpoint Protection Manager was updated to accommodate correct translation.
Moving firewall rules up or down in Symantec Endpoint Protection Manager via right-click on the rule name leads to warning that rule name is already in use
Fix ID: 1509921
Symptom: The message "Rule name is already used" appears when moving firewall rules up and down in Symantec Endpoint Protection Manager.
Solution: A check was added to ensure that the rule name cell comes out of edit mode before a popup is shown.
Location Awareness fails to recognize wireless connection at 130Mbit speed
Fix ID: 1519915
Symptom: When network speed is a criterion for location switching, the location does not switch correctly if the speed is 130Mbit.
Solution: The client was modified to enhance the way wireless interfaces are enumerated.
AntiVirus events that trigger a Firewall auto-block have no description
Fix ID: 1534459
Symptom: AntiVirus events that trigger a Firewall auto-block have no description.
Solution: A default description "Auto-Block event" was added to Firewall auto-block events.
A large number of .tmp files builds up in the XFER folder
Fix ID: 1675729
Symptom: Many files build up in the XFER folder on a Symantec Endpoint Protection client.
Solution: The Symantec Endpoint Protection client was modified to enhance extraction and clean up of XFER files.
Weekly scheduled scan is partially migrated when migrating Symantec AntiVirus to Symantec Endpoint Protection using the "Migration and Deployment wizard"
Fix ID: 1763113
Symptom: After a migration from Symantec AntiVirus to Symantec Endpoint Protection, the Security Risks Action pane is not shown for the scheduled scan, file system Auto-Protect, Outlook or Lotus Notes Auto-Protect.
Solution: A security risks action default configuration template is used when no action is configured for either Weekly scheduled scan, file-system Auto-Protect, email, Outlook or Lotus Notes Auto-Protect.
Virus definitions revert to older date/revision
Fix ID: 1826779
Symptom: Virus definitions may unexpectedly revert to an older date/revision due to invalid entries in the usage.dat file.
Solution: The Symantec Endpoint Protection client was modified to prevent invalid entries in the usage.dat file.
Centralized Exception for "Bloodhound.ExcelMacro" does not prevent detections
Fix ID: 1876577
Symptom: Bloodhound.ExcelMacro can be selected from a known list within the Exception Policy.
Solution: All risks of type 0 through 3, including Bloodhound.ExcelMacro, are now excluded from the known list.
Error "The Extend WG Protocol Driver service failed to start due to the following error:" is displayed in event viewer
Fix ID: 1887681
Symptom: After migrating SPA 5.1 to Symantec Endpoint Protection, you see the following error in the event viewer after a restart of the operating system: "The Extend WG Protocol Driver service failed to start due to the following error: The system cannot find the file specified."
Solution: The Symantec Endpoint Protection client installer was updated to resolve the error message.
Multiple event reinsertions to Symantec Endpoint Protection Manager database
Fix ID: 1907365
Symptom: A client may forward the same local events (scans, virus detections, definition updates, etc.) to the Symantec Endpoint Protection Manager server again, resulting in two or more copies of the same event in the database. These events have the exact same date/time as the original events, but because they are forwarded at a different time, the Database Insert timestamp is different. These duplicate events skew the presentation of logs and reports in the Console, and may cause unnecessary alerts and notifications.
Solution: Resolved the internal bookkeeping errors that caused clients to forward the same events to Symantec Endpoint Protection Manager repeatedly.
Access to files located on a network share is significantly slower when Application and Device Control is enabled
Fix ID: 1908362
Symptom: Access to files located on a network share is significantly slower when Application and Device Control is enabled.
Solution: The Application and Device Control cache was redesigned to improve performance.
Citrix causes SMC start failure
Fix ID: 1914056
Symptom: SMC and COM+ Event System services do not start when Symantec Endpoint Protection is installed with Citrix PVS Device software.
Solution: The Symantec Endpoint Protection client was modified to allow SMC to start when installed with Citrix.
Client displays Host Integrity details when it is in Quarantine
Fix ID: 1925059
Symptom: Client displays Host Integrity details when it is in Quarantine.
Solution: The server console was updated to properly show host integrity details.
DWHxxxx.tmp files are scanned and re-detected when new definitions arrive or during a scheduled scan
Fix ID: 1925607
Symptom: DWHxxxx.tmp files are scanned and re-detected when new definitions arrive or during a scheduled scan.
Solution: After extracting a quarantined item to a temp file, the file is deleted immediately after it is processed.
If Client Log settings expire after 0 days then .dat files build up under \data\inbox\log\system
Fix ID: 1926606
Symptom: If Client Log settings expire after 0 days then .dat files build up under \data\inbox\log\system.
Solution: Symantec Endpoint Protection Manager was modified to delete .dat files immediately if the client log settings are set to expire after 0 days.
Query failed when running a comprehensive risk reports for the past 24 hours
Fix ID: 1926711
Symptom: The comprehensive risk reports for the past 24 hours times out and displays a message: "Error Query failed: query could not be processed."
Solution: The report now uses a stored procedure along with temporary tables that are used to store interim results.
Scheduled scans run at unexpected times
Fix ID: 1931199
Symptom: Scheduled scans run at unexpected times.
Solution: If a scan is updated, the LastStart value is set to the next immediate run time after the Created time.
The Symantec Endpoint Protection client packet log shows incorrect information for the packet type
Fix ID: 1933067
Symptom: The Symantec Endpoint Protection client packet log shows incorrect information for the packet type.
Solution: The Symantec Endpoint Protection client was updated to correct the type in the packet log output.
The embedded database cannot handle Tab characters in the Description field of an Application and Device Control policy
Fix ID: 1934825
Symptom: The Symantec Endpoint Protection client fails to parse information when a Tab is encountered.
Solution: Tab characters are removed from the description field.
Symantec Endpoint Protection Manager always sets the external log priority to Informational
Fix ID: 1939492
Symptom: Symantec Endpoint Protection Manager logs all events to syslog server as "Informational".
Solution: Symantec Endpoint Protection Manager was updated so that the appropriate log priority is retained when using external logging.
Packet Log details show incorrect source and destination port information
Fix ID: 1939648
Symptom: Packet Log details show incorrect source and destination port information.
Solution: The Symantec Endpoint Protection client logging now correctly converts network byte order to native.
Reformatted or re-imaged clients that are part of an Organizational Unit (Active Directory) do not re-register to the same entry
Fix ID: 1941406
Symptom: Clients that are part of an organizational unit re-register to an incorrect group.
Solution: When using computer mode, clients now re-register properly and use the same group.
Unable to create a database with a database name that starts with a number
Fix ID: 1945683
Symptom: Unable to create a database with a database name that starts with a number.
Solution: The Symantec Endpoint Protection Manager installer was updated to allow a database name that starts with a number.
Computer stops responding with third party application called CWAT installed
Fix ID: 1947914
Symptom: The computer may stop responding when the third party application CWAT is installed.
Solution: The SymEvent driver was update to prevent the problem.
Symantec Endpoint Protection Clients download full definitions from Symantec Endpoint Protection Manager or GUP rather than deltas
Fix ID: 1950212
Symptom: Clients download full definitions from Symantec Endpoint Protection Manager or GUP due to the server generating 0-byte deltas.
Solution: The Symantec Endpoint Protection Manager definition delta generation was made more robust to ensure deltas are generated properly for distribution to clients and GUPs.
Client does not use single GUP when GUP bypass timeout is configured
Fix ID: 1951175
Symptom: The Symantec Endpoint Protection client does not use "single GUP" when GUP bypass timeout is configured.
Solution: The method in which a GUP is contacted, and the LiveUpdate files are downloaded, was modified to resolve this issue.
Replication failure due to Primary Key Violation
Fix ID: 1958237
Symptom: The Symantec Endpoint Protection Manager logs display an error "java.sql.BatchUpdateException: Violation of PRIMARY KEY constraint 'PK_SEM_COMPUTER'. Cannot insert duplicate key in object 'dbo.SEM_COMPUTER'".
Solution: If the insert statement batch fails, Symantec Endpoint Protection Manager now catches the primary key violation exception and executes the statements one by one to make sure all data is inserted or updated to the database.
Under certain conditions, Symantec Endpoint Protection or Symantec Protection Agent will confuse a packet to VPN server as a packet to Symantec Endpoint Protection Manager
Fix ID: 1960378
Symptom: The Symantec Endpoint Protection client may show the IP address of the VPN server as the management server.
Solution: The Symantec Endpoint Protection client was updated to only treat packets from Symantec Endpoint Protection processes as traffic to Symantec Endpoint Protection Manager.
A user can save a default filter to the database, but the default filter value is empty when re-opening the command status details
Fix ID: 1965510
Symptom: A user can save a default filter to the database, but the default filter value is empty when re-opening the command status details.
Solution: Symantec Endpoint Protection Manager was updated to properly save and display the filter
Firewall rule using the IBM Mobility 6.1.1 VPN adapter selected cannot be saved
Fix ID: 1973279
Symptom: Firewall rule using the IBM Mobility 6.1.1 VPN adapter selected cannot be saved.
Solution: The Symantec Endpoint Protection client was modified to use the NIC name as the network connection name if it is empty.
Proactive Threat Protection (PTP) definitions fail to update, and PTP does not start
Fix ID: 1974386
Symptom: After upgrading Symantec AntiVirus 10.1 MR7 to Symantec Endpoint Protection 11, clients may not update PTP definitions.
Solution: Symantec Endpoint Protection Manager was updated to make startup registration more robust.
When extracting ZIP files across a share with Network Threat Protection installed, a hang may occur
Fix ID: 1980383
Symptom: When extracting ZIP files across a share with Network Threat Protection installed, a hang may occur.
Solution: Network Threat Protection was updated to resolve the hang.
Automatic upgrade to RU6 does not maintain existing configuration for install features
Fix ID: 1984339
Symptom: Automatic upgrade to RU6 does not maintain existing configuration for install features.
Solution: Symantec Endpoint Protection Manager was modified to skip rebuilding of the features when a package is imported from the Symantec Endpoint Protection folder.
Data mismatch between drilled down reports for "Still infected" and Quick Reports/Comprehensive Risk Report
Fix ID: 1990019
Symptom: Data mismatch between drilled down reports for "Still infected" and Quick Reports/Comprehensive Risk Report.
Solution: SQL queries in Symantec Endpoint Protection Manager were updated to provide a better match between reports.
Reports are not sent at expected frequency when configured for once a month
Fix ID: 1996289
Symptom: Scheduled reports are generated and sent every 30 days rather than once a month.
Solution: Symantec Endpoint Protection Manager monthly reports were updated to generated the same numeric day that the report was generated unless the numeric day does not exist this month, in which case the report is sent on the last day of this month.
LiveUpdate default retry interval does not work after installing Symantec Endpoint Protection Manager
Fix ID: 1999871
Symptom: LiveUpdate default retry interval does not work after installing Symantec Endpoint Protection Manager.
Solution: Symantec Endpoint Protection Manager was updated to properly set the defaults upon a fresh install.
Unable to apply Windows XP Service Pack 3 to SP2 machine with Proactive Threat Protection installed
Fix ID: 2000953
Symptom: Service Pack 3 logs show errors that a number of files are in use by another application. The issue does not occur when Proactive Threat Protection is not installed.
Solution: Proactive Threat Protection was updated to allow SP3 to be installed.
Server does not receive scan logs from a computer in user-control mode that does not have a user logged in
Fix ID: 2003472
Symptom: Symantec Endpoint Protection Manager does not receive scan logs from a computer in user-control mode that does not have a user logged in.
Solution: The Symantec Endpoint Protection client was modified to cache the last user name and logon domain. If no user is logged in, then this information is used to respond to the registration request.
Faulting application COH32.exe, version 6.1.9.44, faulting module COH32.exe, version 6.1.9.44
Fix ID: 2005974
Symptom: After migrating from Symantec Endpoint Protection 11 MR5 to Symantec Endpoint Protection 11 RU6, you may encounter SONAR errors popup every hour.
Solution: Proactive Threat Protection was update to prevent the crash and SONAR pop-up.
System hangs when migrating from Symantec AntiVirus MR5 to Symantec AntiVirus MR5 PP1
Fix ID: 2008535
Symptom: System hangs when migrating from Symantec AntiVirus (Symantec AntiVirus) MR5 to Symantec AntiVirus MR5 PP1.
Solution: Although this defect was not reported on Symantec Endpoint Protection, the product was updated to build in additional check during installation when rtvscan.exe is shutting down.
Registry key migration from Symantec AntiVirus 10.x to Symantec Endpoint Protection 11.x does not work
Fix ID: 2008749
Symptom: After upgrading from Symantec AntiVirus to Symantec Endpoint Protection, multithreaded scan specific registry settings are not properly migrated.
Solution: The Symantec Endpoint Protection installer was updated to ensure a proper migration from Symantec AntiVirus 10.x to Symantec Endpoint Protection 11.
Symantec Endpoint Protection Manager Home page "Attention needed" details do not match client properties
Fix ID: 2009806
Symptom: On the Symantec Endpoint Protection Manager home page, "More Details, IPS Failures" does not match client properties.
Solution: A SQL query for IPS Failures was updated to that Symantec Endpoint Protection Manager shows the latest IPS version.
Blue screen error referencing sysplant.sys
Fix ID: 2017143
Symptom: Computer experiences blue screen error referencing sysplant.sys.
Solution: Application and Device Control was updated to prevent the crash.
LiveUpdate hangs intermittently on Symantec Endpoint Protection Manager after post-session processing
Fix ID: 2029668
Symptom: LiveUpdate hangs intermittently on Symantec Endpoint Protection Manager after post-session processing.
Solution: Symantec Endpoint Protection Manager LiveUpdate was updated to ensure proper freeing of resources.
Client search function returns more results than expected
Fix ID: 2030356
Symptom: Client search function returns more results than expected.
Solution: A SQL query in Symantec Endpoint Protection Manager was updated to display the proper client search results.
Symantec Endpoint Protection Manager is unable to export a client install package after migrating from Symantec Endpoint Protection 11 RU5 to Symantec Endpoint Protection 11 RU6a
Fix ID: 2031097
Symptom: Symantec Endpoint Protection Manager is unable to export a client install package after migrating from Symantec Endpoint Protection 11 RU5 to Symantec Endpoint Protection 11 RU6a.
Solution: Symantec Endpoint Protection Manager was updated to allow the client install to be exported after migration.
Install packages created by limited administrator install clients register into the default group rather than specified group
Fix ID: 2031339
Symptom: Install packages created by limited administrator install clients register into the default group rather than specified group.
Solution: Symantec Endpoint Protection Manager was updated so that exported packages contain the preferred group information.
Client search function does not work when search involves more than 200 groups
Fix ID: 2034712
Symptom: Client search function does not work when search involves more than 200 groups.
Solution: A SQL query was updated to display the proper client search results.
An unexpected UDP flood attack is reported after upgrading to RU6
Fix ID: 2038207
Symptom: An unexpected UDP flood attack is reported after upgrading to RU6, and blocks what appears to be a legitimate internal DNS server.
Solution: Symantec Endpoint Protection client was updated to verify that the DNS response packet comes from a valid DNS server.
After migrating Symantec Endpoint Protection Manager to RU6, Application and Device Control is enabled on legacy clients
Fix ID: 2039298
Symptom: Application and Device Control is enabled on legacy clients unexpectedly after migration to RU6.
Solution: Symantec Endpoint Protection was updated on both client and Symantec Endpoint Protection Manager side to ensure that both legacy clients and Symantec Endpoint Protection clients receive proper settings so that Application and Device Control is not inadvertently enabled.
Network Access Control Client Enforcement Agent fixes
RSH connections fail on 64-bit windows
Fix ID: 1927256
Symptom: On 64-bit Windows, RSH connections from 32-bit applications fail due to incompatibility with Symantec Network Access Control 64-bit network provider.
Solution: The Symantec Network Access Control network provider was corrected to be compatible with 32-bit applications on a 64-bit operating system.
Enforcer changes
Connection dropped due to un-required DHCP renew
Fix ID: 2028160
Symptom: With 802.1x enabled, the client sends an attempt to re-authenticate after a successful windows dot1x authentication, resulting in a DHCP release/renew attempt.
Solution: The VLAN change detection was improved to avoid dot1x re-authentication.
Symantec Network Access Control client randomly disconnects with UID INVALID on Enforcer
Fix ID: 2068439
Symptom: Enforcer receives two Radius authentication packets in a single authentication session.
Solution: Symantec Network Access Control was updated to decode only the first request when the Enforcer encounters multiple authentication packets in a single session.
Gateway Enforcer NIC will randomly go down for 30 seconds
Fix ID: 2029614
Symptom: On Gateway Enforcer with fail open enabled, the NIC driver is periodically queried for the product ID. The return value is not always valid, causing the NIC to go down.
Solution: The unnecessary query to NIC driver for product ID was removed. Gateway Enforcer was changed to obtain and validate product ID only during startup.
Syslog shows incorrect Host Integrity status
Fix ID: 1987889
Symptom: "Permit access" is not displayed in syslog even though Host Integrity passes.
Solution: Corrected how client and Enforcer types are differentiated when displaying logs.
MAB request from 3COM switch is not supported
Fix ID: 1967503
Symptom: The MAC address bypass feature of the LAN Enforcer does not work with 3COM switch.
Solution: Added support for 3COM switch with MAB enabled.
Symantec Endpoint Protection for Macintosh
Managed clients fail to display management information after a period of time
Fix ID: 2075100
Symptom: Managed Symantec Endpoint Protection for Macintosh clients stop displaying management information after event rewrites the SymantecRegistry.xml file to zero-byte size.
Solution: Added functionality to remediate the SymantecRegistry.xml when the file is corrupt or missing.
Components included in this version
Windows components
Component Version
Symantec Endpoint Protection 11.0.6100
Symantec Network Access Control 11.0.6100
Auto-Protect 10.3.3.4
Avengine 20101.1.0.89
Behavior Blocking 3.5.1.4
ccEraser 2007.0.1.6
COH 6.1.11.13
Common Client 106.5.2.003
DecABI 1.2.5.130
Defutils 4.1.3.2
ECOM 61.3.0.17
VxMS (MS Light) 5.2.0.4
LiveUpdate 3.3.0.96
LiveUpdateAdmin 2.2.2.9
Microdefs 2.7.0.13
QServer 3.6.43
WpsHelper 12.1.0.20
SyKnAppS 3.0.3.3
SymEvent 12.8.3.23
SymNetDrv 7.2.5.9
Teefer2 11.0.5708.18
|
[复制链接]
发表于 2010-8-21 10:30:29
楼主
