续2
Resolved an error indicating COH32.exe has crashed
Fix ID: 2107090
Symptom: Symantec Endpoint Protection clients receive a SONAR error indicating that Symantec Endpoint Protection needs to close. coh32.exe is listed as the faulting application.
Solution: Named pipe communication in COH was enhanced to prevent this crash.
Client status on the Symantec Endpoint Protection Manager home page now matches logs and reports
Fix ID: 1925448
Symptom: Home > Status Summary and Monitors > Logs > Computer Status reports do not show the same number of clients.
Solution: SQL queries for the affected reports were modified to display the correct number of clients.
Source IP address is now correctly displayed in Monitors > Logs > Risks
Fix ID: 1966483
Symptom: The risk monitor logs show a source IP address of "0.0.0.0".
Solution: The Symantec Endpoint Protection Manager server was modified to display a blank if the IP doesn't exist, instead of 0.0.0.0. The client was updated to ensure the source computer IP is correctly transferred to the server.
Content delivery via GUP is successful if HTTPS is used for client-server communication
Fix ID: 1829698
Symptom: You configure the HTTPS protocol for client-server communication, and you have GUP configured. GUP fails to deliver the content to the clients.
Solution: GUP over HTTPS was not supported until this release. This release adds HTTPS support to GUP via the WinHTTP Microsoft API.
Symantec Endpoint Protection now sets correct PathBackup values in RasMan\PPP\EAP Keys
Fix ID: 2054817
Symptom: On a 64-bit computer, you perform an upgrade of Symantec Endpoint Protection 11.0. After the upgrade, the RasMan\PPP\EAP Keys have replaced "SysWOW64" with "System32".
Solution: The Symantec Endpoint Protection 11.0 upgrade was accessing an incorrect registry key to determine the path to rastls.dll on 64-bit computers. The upgrade was modified to use the correct registry location.
Unnecessary DNS requests from Symantec Endpoint Protection clients are no longer generated
Fix ID: 2086881
Symptom: Higher than necessary network traffic as Symantec Endpoint Protection clients send unnecessary DNS requests. This happens if duplicate DNS server entries are listed in the client profile.
Solution: Check for duplicate DNS name entries in profiles, to eliminate unnecessary requests.
Resolved memory leak during start up
Fix ID: 2107165
Symptom: On start up, approximately 800Kb of memory is allocated for the IPS engine and is not released.
Solution: Free this non-paged memory immediately after the IPS engine loads.
Scheduled scans run at the wrong time on Vista or later operating systems when users are logged off
Fix ID: 2047067
Symptom: Scheduled scans run at logon instead of scheduled time on Vista or later operating systems
Solution: Code changes to ensure the scheduled scan is executed in scenarios where the user is logged off, or where a Windows scheduled task is running at the scheduled time. This applies to Windows Vista or later operating systems.
Application name missing from exported Network Threat Protection Attacks logs
Fix ID: 2067063
Symptom: Application name is missing from exported Network Threat Protection Attacks logs.
Solution: Added the APP_NAME column when exporting the Network Threat Protection Attacks Logs.
Updated scan exclusion lists on 64bit operating systems
Fix ID: 2000574
Symptom: DHCP files, DNS files and WINS files are not added into the scan exclusion list automatically on 64bit operating systems.
Solution: Add DHCP, DNS and WINS files into the 64bit scan exclusion list automatically .
RunOnce reg key added for the Teefer2 driver during installation
Fix ID: 2043246
Symptom: When RunOnce key is not present during an installation, the Teefer2 driver may not be installed correctly.
Solution: HKLM\Software\Microsoft\CurrentVersion\RunOnce key is created during installation of the Teefer2 driver, if it is not already present.
Symantec Endpoint Protection 11.0 Client and Quarantine Server now communicate correctly on a specified port
Fix ID: 2114451 & 2100542
Symptom: Symantec Endpoint Protection 11.0 client and Quarantine Server send and receive data on an unexpected port when configured to use a specific port.
Solution: Code changes to allow the Symantec Endpoint Protection 11.0 client and Quarantine Server to listen on specified ports by adding several registry keys:
32-bit platform - Quarantine Server:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Quarantine\SendToUIPort
32-bit platform - Symantec Endpoint Protection 11.0 client:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Quarantine\Server\ListenToUIPort
64-bit platform - Quarantine Server:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Quarantine\SendToUIPort
64-bit platform - Symantec Endpoint Protection 11.0 client:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Quarantine\Server\ListenToUIPort
All clients and Quarantine Servers must have one of the above keys to ensure they all communicate on the same port.
32bit clients no longer download 64bit definitions
Fix ID: 2084734
Symptom: 32 bit Symantec Endpoint Protection client download 64bit AntiVirus definitions.
Solution: Code changes to ensure the correct definitions are downloaded for the client.
Network Threat Protection no longer causes applications to crash with an image base address of 0x10000000
Fix ID: 1915141
Symptom: Occasional application crashes with Network Threat Protection enabled.
Solution: Code changes to Network Threat Protection to obtain the image base address dynamic rather than assigning a static address.
Network Threat Protection no longer causes applications to hang
Fix ID: 2030478
Symptom: Occasional system hangs with Network Threat Protection enabled.
Solution: Code changes made to prevent the hang from occurring.
System crash (blue screen error) no longer occurs when Application and Device control is enabled
Fix ID: 2142085
Symptom: System crash (blue screen error) when Application and Device control is enabled.
Solution: Code changes made to no longer block access to the system volume.
Computer status report now shows correct totals
Fix ID: 2083627
Symptom: Symantec Endpoint Protection Manager Computer Status report (Protection Content versions) shows incorrect client totals for "Commercial Application List Versions" and "Permitted Applications List Versions".
Solution: Modified the SQL for the Protection Content Versions report to exclude the old content revisions from the database.
Resolved conflicts between FileSystem AutoProtect and the Windows indexing service
Fix ID: 1717040
Symptom: Domain controller hangs with Symantec Endpoint Protection 11.0 installed and FileSystem AutoProtect enabled.
Solution: Oplocks are now monitored when the AutoProtect driver is not running, preventing conflicts with the Windows indexing system.
Corrected the FileSystem AutoProtect exclusions for network drives
Fix ID: 2029493
Symptom: FileSystem AutoProtect exclusions do not take effect properly on shared drives. Detections that should have been excluded are detected via a UNC path or from browsing Windows Networking.
Solution: AutoProtect was modified to correctly handle exclusions on network drives.
Changes to GUP behavior to preserve shared content after the GUP is restarted
Fix ID: 2061670
Symptom: All content in folder SharedUpdates on a GUP is purged if a download is in progress and the machine is restarted or SMC is restarted.
Solution: Code changes made to preserve downloaded content after a GUP is restarted while a download is in progress.
Corrected the port number displayed in Symantec Endpoint Protection Manager for use of log forwarding
Fix ID: 2060618
Symptom: Symantec Endpoint Protection Manager's log forwarding allow TCP port 514 to be entered, but displays the default port value of 1468.
Solution: Corrected the display in Symantec Endpoint Protection Manager to show the correct report instead of the default port.
Added logging of client mode changes
Fix ID: 2100770
Symptom: When switching clients from Computer mode to User mode (and vice-versa), the event is not logged.
Solution: Added logging of events when an administrator switches the mode of clients.
Scheduled replication will now run correctly following a database restart
Fix ID: 2020597
Symptom: Scheduled replication will not run after restarting the database
Solution: Code changes to ensure that replication will start again following a database restart.
Correct memory usage reported in the Site Status report
Fix ID: 2040220
Symptom: Memory usage reported in the Site Status report is different from the memory usage shown in Windows Task Manager in virtual environments.
Solution: Display both the memory usage shown in Task Manager and the total memory used. When a user hovers over each number, the data is shown with a tooltip.
Corrected site reporting status in the Site Status report
Fix ID: 2063758
Symptom: The Monitors > Summary tab incorrectly shows a site as "good" when one of the servers is offline.
Solution: Code changes to the algorithm for determining if a server is offline. The same logic changes apply when calculating the Health Status of a site in the Site Status Report.
Clients can now be sorted correctly by free memory and disk space available
Fix ID: 2083346
Symptom: When sorting clients by Free Memory, Free Disk Space and Total Disk Space, clients are not sorted correctly.
Solution: Modifications made to string handling to return numeric values, correcting the sorting algorithm.
Dial-up modem rules are now skipped if no dial-up modem is present
Fix ID: 2069798
Symptom: A firewall rule that blocks traffic for dial up modems will be triggered even if the computer does not have a dial-up modem.
Solution: Code changes to correctly skip dial-up related rules if there is no dial-up connection.
Export of "Packet" logs from Symantec Endpoint Protection Manager now contains an "Action" field
Fix ID: 2003486
Symptom: Exports of "Packet" logs from Symantec Endpoint Protection Manager are missing the "Action" field.
Solution: Code changes made to export the "Action" field in "Packet" log exports.
Host Compliance Logs and Compliance Report on Symantec Endpoint Protection Manager now shows all data shown in the logs from the client
Fix ID: 1968807
Symptom: Host Compliance Logs and Compliance Report on Symantec Endpoint Protection Manager is different than the logs uploaded from the client.
Solution: Code changes made to correct the separators used in the log files which were preventing all data from being processed.
Computers Not Scanned report no longer contains duplicate entries
Fix ID: 1993921
Symptom: Clients are mistakenly shown multiple times in the "Computers Not Scanned" report.
Solution: SQL query was modified to report on clients based on the scan completed times, rather than scan started.
Firewall Policy rule changes are now displayed correctly
Fix ID: 2019390
Symptom: When a Firewall policy rule changes due to location change, the rule change is not shown on the client UI (View Network Activity page).
Solution: Changes to the client UI code to ensure the dialog box is closed and the rule change is displayed correctly.
English text shown in German localized version
Fix ID: 2096003
Symptom: English text appears in German Symantec Endpoint Protection Manager remote console.
Solution: The text was correctly localized.
Changes to prevent a crash with BugCheck F7
Fix ID: 2065490
Symptom: Microsoft Vista computers running Symantec Endpoint Protection 11.0 crash with BugCheck F7.
Solution: The AutoProtect kernel driver was modified to prevent a stack overflow condition.
Quarantine Server now shows the correct version number
Fix ID: 2098739
Symptom: Incorrect version number showing for the Quarantine Server within "Add or Remove Programs" control panel and "About Symantec Central Quarantine" dialog.
Solution: updated the .ism and .rc files to show the correct product version number within the "Add or Remove Programs" control panel and "About Symantec Central Quarantine" dialog.
Resolved situation where clients do not download content until a user logs in
Fix ID: 1978998
Symptom: In some cases, clients in computer mode configured to pull content from Symantec Endpoint Protection Manager, will fail to get content if no user is logged in.
Solution: Code changes to ensure computer description is valid when comparing database entries to active directory entries.
Resolved issue where client updates are reported as "In Progress" instead of "Completed"
Fix ID: 2035728
Symptom: After an Update Content command is issued, some clients report as In Progress instead of Completed in the status field.
Solution: Code change to correctly reset the uploaded flag for the command after the client update has completed successfully.
Changes to correct client search functionality
Fix ID: 2034712
Symptom: Client Search function returns incorrect results if the search involves more than 200 groups.
Solution: Code changes to fix the SQL commands used to query and group clients.
Restored ClientRemote option to select concurrent client deployments
Fix ID: 2071053
Symptom: The Deployment Number option is missing when using the client Migration & Deployment Wizard.
Solution: Code changes to the client remote tool to restore the Deployment Number option and folder page in the ClientRemote tool.
Corrected the labeling of security risks in the Symantec Endpoint Protection Manager Risk log when a threat is detected in a compressed file
Fix ID: 1928203 & 2086588
Symptom: When the Symantec Endpoint Protection client detects a security risk in a compressed file, the Risk log in Symantec Endpoint Protection Manager console displays it as "Virus found" instead of "Security risk found".
Solution: Show the alert record for a zip file as "Compressed File" instead of "Virus Found" to match the client side behavior.
Corrections to pie charts shown in Risk Reports
Fix ID: 2055022
Symptom: Risk Report pie charts are displayed incorrectly with duplicate colors appearing and inaccurate percentages shown on the chart.
Solution: Multiple code changes to correct the pie chart display.
Changes made to limit the size of the GUP list
Fix ID: 2120293
Symptom: When the GUP list contains thousands of items there may be performance problems resulting in a delayed content updates and higher than normal bandwidth usage.
Solution: Code changes to limit the size of the GUP list to 1Gb.
Cleanwipe 4.2 now removes SCS 3.1 Quarantine and SCFPolcy folder
Fix ID: 1827639
Symptom: When running in silent mode, Cleanwipe 4.2 does not remove the SCS 3.1 Quarantine or SCFPolcy folders.
Solution: Code changes to delete these folders when running in silent mode. When not run in silent mode, the MSI uninstaller will display a dialog allowing the user to chose to delete these folders.
Resolved LiveUpdate error preventing content from being downloaded
Fix ID: 2006319
Symptom: "<LUThreadProc>@@@@@@@@@ LU DEBUG ONLY- Download file failed due to wrong file size" error message appears in the sylink log and LU content is not downloaded by clients.
Solution: Code changes to resolve the edge-case scenario where the error message occurs and the content is not downloaded correctly.
Resolved issue where GUP accepts a client connection but does not deliver content
Fix ID: 2094762
Symptom: With multiple clients requesting the same content file from a GUP, in some cases a client will not receive the content if a previous attempt to download the same content failed. Restarting the GUP's smc service resolves the issue.
Solution: GUP code changes to improve error handling of content distribution logic.
Resolved issue where clients are unable to download content deltas when Symantec Endpoint Protection Manager load balancing is used
Fix ID: 2049824
Symptom: In multi-Symantec Endpoint Protection Manager environments where load balancing is used and clients are managed by GUPs, situations can occur where clients do not receive content. In these scenarios, clients contact one Symantec Endpoint Protection Manager to generate a content delta, but the GUP contacts a different Symantec Endpoint Protection Manager. The delta does not exist on the Symantec Endpoint Protection Manager contacted by the GUP, and nothing is downloaded.
Solution: Code changes to allow the GUP to contact multiple Symantec Endpoint Protection Managers if the requested content delta is not available.
Log files now respect the log limit values set in Symantec Endpoint Protection Manager
Fix ID: 2007845
Symptom: When a log file is being read by an external application, if Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager is attempting to delete the file, additional log entries are made to the log file.
Solution: Code changes made to allow for synchronization between Symantec Endpoint Protection Manager and external log reading applications. Symantec Endpoint Protection Manager will retry 30 times with an interval of 1 second if the log file is locked by another application. The settings are configurable in the conf.properties file. The following are the two settings that can be configured: scm.externallog.retrycount=30 and scm.externallog.retryinterval=1000
Resolved a system crash (blue screen error) caused by Wpsdrvnt.sys
Fix ID: 2051421
Symptom: Crash (blue screen error) caused by Wpsdrvnt.sys with BugCheck 50.
Solution: The wpsdrvnt.sys driver was modified to prevent a memory condition leading to a crash.
Resolved an issue causing network connectivity issues with Network Threat Protection enabled
Fix ID: 2085484
Symptom: A computer running Java applications with Network Threat Protection installed experiences network connectivity problems.
Solution: Code changes made to the teefer2.sys odriver to avoid this issue.
Resolved an issue where Internet Explorer 9 Beta prevents clients from downloading content from Symantec Endpoint Protection Manager
Fix ID: 2167737
Symptom: After installing Internet Explorer 9 Beta, the Symantec Endpoint Protection client is no longer able to download content from Symantec Endpoint Protection Manager.
Solution: Code changes to support API changes made by Microsoft in Internet Explorer 9 Beta.
Fixed an issue where a full scan runs instead of an active scan
Fix ID: 1991159
Symptom: When startup scans are configured to run on managed clients, a full scan is run instead of an active scan if the user logs off before the active scan finishes.
Solution: Code changes to correct the issue. When a startup scan is configured for a managed client, an active scan runs correctly.
Scheduled scans now run on Windows Server 2008 after a user has logged off
Fix ID: 2047880
Symptom: Scheduled scans do not start as scheduled when a user logs off of Windows Server 2008.
Solution: Code changes to resolve the issue.
Resolved a scenario where clients download a full.zip instead of a delta file
Fix ID: 2145102
Symptom: After a client is restarted, a full.zip file is downloaded instead of a delta file if a previous download attempt has failed.
Solution: Code changes to ensure the delta file can be downloaded after a previous failed attempt to download.
Resolved a scenario where clients download an unnecessary full.zip file
Fix ID: 2158533
Symptom: When download randomization is turned on, a full.zip file is downloaded unnecessarily after a client starts up.
Solution: Code changes to address the issue, preventing an unnecessary additional download.
Network Threat Protection now passes UDP traffic correctly on port 39999
Fix ID: 2079287
Symptom: Network Threat Protection on 64-bit operating systems does not pass UDP traffic on port 39999 correctly.
Solution: The SNAC64.exe process was interfering with traffic on this port. Symantec Endpoint Protection was modified to prevent this interference.
Corrected the time shown for "End Datetime" in exported scan logs from Symantec Endpoint Protection Manager
Fix ID: 2066917
Symptom: The time shown for "End Datetime" in Scan logs exported from Symantec Endpoint Protection Manager always contains the local time equivalent of GMT 00:00.
Solution: Code changes to prevent the scan end time from being truncated.
File access times are now correctly preserved when using Hierarchical Storage Management
Fix ID: 2028790
Symptom: In a Hierarchical Storage Management (HSM), the NoFileMod registry setting is not correctly preserving file access times.
Solution: The Common Client and Decomposer components were modified to honor the NoFileMod registry setting to prevent USN journal updates.
Resolved a UDP flood attack false positive
Fix ID: 2058022
Symptom: After upgrading to Symantec Endpoint Protection 11.0 RU6, the client detects a UDP flood attack.
Solution: The UDP flood detection thresholds were modified to reduce the occurrence of false positive flood attacks.
Removed unnecessary logon prompt when creating a report filter
Fix ID: 2112270
Symptom: In the Symantec Endpoint Manager Web interface the administrator is prompted to log on again when creating a report filter.
Solution: A p3p header was added to some .php files to avoid lost sessions using the Web interface.
Log entries for 'DBData_Event_Type_x0' are now handled correctly
Fix ID: 1987624
Symptom: After applying a GUP Policy, user will see 'DBData_Event_Type_x0' entries in the client-server activity logs.
Solution: Unique Event IDs and descriptions were defined for two client request types. These requests for updated GUP lists did not previously have descriptions, causing unknown events to be written in the log files.
Resolved issue where replication fails due to insufficient available memory
Fix ID: 2057061
Symptom: Failed replication between SQL and embedded database with error "OutOfMemoryError: GC overhead limit exceeded".
Solution: Code changes to ensure adequate memory is available before table data is retrieved.
Auto-Location Switching on Windows 7 now works correctly with Juniper VPN
Fix ID: 2023564
Symptom: Auto-Location is not effective for Juniper SSL VPN configurations on 64bit platforms.
Solution: Check the correct registry settings on 64bit platforms.
Changes to reduce unwanted AutoProtect detections while the client loads a policy
Fix ID: 1978553
Symptom: Known Security Risk Exclusion is not always honored when the client policy is being loaded, resulting in unwanted AutoProtect detections.
Solution: Code changes to ensure the policy is loaded correctly before scanning, reducing the chance of these unwanted detections.
Resolved compatibility issue with Parallels Virtuozzo Containers (PVC) application
Fix ID: 2015424
Symptom: Parallels Virtuozzo Containers (PVC) installation hangs while Symantec Endpoint Protection is running.
Solution: Code changes to handle the null pointer received during stack tracing.
Improved the console responsiveness when viewing the Admin > Servers page
Fix ID: 2072316
Symptom: The Symantec Endpoint Protection Manager console is slow in the Admin > Servers page.
Solution: Code changes to optimize the query on server side which is returning the client log data. |
发表于 2010-12-5 11:09:37
楼主
