Академический Документы
Профессиональный Документы
Культура Документы
■ Documentation
■ What you need to know before you install or update your software
■ Legal Notice
4 Release Notes for Symantec Endpoint Protection and Symantec Network Access Control, version 11, Release Update 5
About Symantec Endpoint Protection and Symantec Network Access Control version11.0 Release Update 5 (11.0 RU5)
Feature Benefit
Symantec Endpoint Protection Your company can now support new operating
Manager now supports the following systems.
operating systems:
Symantec Endpoint Protection Your company can now use Symantec Endpoint
Manager can now be used with Protection Manager with a Microsoft SQL Server
Microsoft SQL Server 2008 2008 database.
The Symantec Endpoint Protection Your company can protect the computers that run
or Symantec Network Access Control these new operating systems.
client now supports:
Feature Benefit
The size of the exported client You can upgrade more clients with the client
installation package has been reduced installation package in less time than before. As
soon as the client connects to a management server,
the client receives the most recent content.
The Group Update Provider includes You can configure the following features for the
new functionality Group Update Provider:
The client now includes a Download Users on the client can download a support tool
Support Tool command on the Help from the Support Web site that helps to diagnose
and Support menu. the common issues that they might encounter on
the client.
The Host Integrity Policy includes Symantec Network Access Control includes the
additional checks. The Enforcer following enhancements:
includes additional security
■ New Host Integrity templates support Altiris 7,
enhancements
BigFix Enterprise Suite, and new versions of
additional third-party products.
■ End users with a valid RADIUS logon but a
computer with no client installed can be blocked
from your company's network.
■ You can configure when the command-line
interface on the Enforcer times out.
6 Release Notes for Symantec Endpoint Protection and Symantec Network Access Control, version 11, Release Update 5
Documentation
Documentation
This release includes the following sources of information for Symantec Endpoint
Protection and Symantec Network Access Control:
The Common Topics page of the Support site provides individual articles and
links that are designed to provide installation assistance, best practices, and FAQs:
Common Topics for Symantec Endpoint Protection
Step 1 Review system and installation Confirm that your network and the computers
requirements you plan to use meet the requirements to
install and run the software.
Step 2 Plan and prepare for the Decide which type of database to use, plan your
installation deployment, and prepare client computers.
Step 3 Install Symantec Endpoint Run the installation program from the product
Protection Manager disc. The program first installs the
management server software. It then
configures the management server and creates
the database. Follow the procedure that
corresponds to the type of database you select.
Release Notes for Symantec Endpoint Protection and Symantec Network Access Control, version 11, Release Update 5 9
What you need to know before you install or update your software
Step 4 Create and deploy a client After you configure the database, you are asked
installation package if you want to run the Migration and
Deployment Wizard. This wizard creates and
then pushes out a default client software
installation package.
To view this topic with links to the procedures listed above, go to the following
URL:
http://seer.entsupport.symantec.com/docs/330754.htm
Step 1 Back up Back up the database used by the Symantec Endpoint Protection
the Manager to ensure the integrity of your client information.
database
Step 2 Turn off Turn off replication on all sites that are configured as replication
replication partners. This avoids any attempts to update the database during the
installation.
Step 3 Stop the The Symantec Endpoint Protection Manager service must be stopped
Symantec during the installation.
Endpoint
Protection
Manager
service
Step 4 Upgrade Install the new version of the Symantec Endpoint Protection Manager
the on all sites in your network. The existing version is detected
Symantec automatically, and all settings are saved during the upgrade.
Endpoint
Protection
Manager
software
Step 5 Turn on Turn on replication when the installation is complete to restore your
replication configuration.
after the
upgrade
To view this topic with links to the procedures listed above, go to the following
URL:
http://seer.entsupport.symantec.com/docs/330694.htm
you cannot log on to the Symantec Endpoint Protection Manager console. Note
that Symantec IM Manager uses TCP port 9090. If you are required to run Symantec
Endpoint Protection Manager console on a computer that also requires other
software that uses TCP port 9090, you can change the port for Symantec Endpoint
Protection Manager console.
To change TCP port 9090, edit the following file with WordPad (Notepad does not
correctly show the XML line feeds):
\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml
Search for port=9090 and change 9090 to a different TCP port number. Save the
file, and then restart Symantec Endpoint Protection Manager with the
Administrative Tools > Services utility. You can then log on to the Symantec
Endpoint Protection Manager console.
Be aware, however, that changing port 9090 partially disables the online Help
system. Every time you use Help, you will have to change 9090 in the URL to the
changed port number to display the Help text.
UPGRADES
Best Practices for upgrading
If you are running a release before RU5, a best practice is to upgrade Symantec
Endpoint Protection Manager first, before you upgrade client software. Doing so
automatically adds the latest client packages, and upgrades the management
console to the latest functionality.
■ Turn off the Windows 7 or Vista User Account Control (UAC) and restart the
target computer.
■ Use the built-in local administrator for authentication so that you do not have
to turn off UAC.
Reporting
This section contains material that is related to monitoring and reporting issues.
LIVEUPDATE POLICIES
This section includes the known issues information related to LiveUpdate policies.
LU1863: Insufficient free disk space. There is not enough free disk
You may have insufficient disk space. However, it is much more probable that
this message appears in error because the proxy server is unable to send the
correct Contents-Length header field. This error message may appear on Symantec
Endpoint Protection Manager, a Symantec Endpoint Protection client, or a
Symantec Network Access Control client. You may want to verify that the disk
drive to which you downloaded LiveUpdate has sufficient disk space. If you verified
that the disk drive has sufficient space, then most likely a proxy server caused
the problem. If a proxy server receives an HTTP reply that does not include a
Content-Length header field, then the above-listed message erroneously appears.
The erroneous message appears on the computer on which the LiveUpdate has
been downloaded.
The proxy servers that are compliant with HTTP 1.1 protocols automatically
include Content-Length header-entity fields. The proxy servers that are compliant
with HTTP 1.0 protocols do not automatically include Content-Length
header-entity fields. You may want to ensure that the proxy servers in your
network are compliant with the HTTP 1.1. protocol.
See the documentation that accompanies the proxy server for more information
on how to make a proxy server compliant with HTTP 1.1 protocols.
For the on-demand client, custom Host Integrity rules that point to registry
values do not work properly
Custom Host Integrity rules for registry values do not work correctly. This is
because of the transient nature of user sessions.
Host compliance log displays the message: Process not running Signature
out of date
From the Symantec Endpoint Protection Manager console, check the Host
Compliance Logs. When the Host Integrity Check fails, the event is logged as
"Event Type: Host Integrity failed." The Reason column always displays the
message, "Process is not running Signature is out of date." This error message
appears on any Symantec Endpoint Protection Manager server operating system.
Host Integrity policies might not correctly detect the anti-spyware status
of Norton Internet Security 2009 on Windows Vista computers
On Windows Vista computers, Host Integrity checking cannot detect the
anti-spyware status of Norton Internet Security 2009 versions prior to 16.2 if the
anti-spyware feature is disabled. To avoid this issue, make sure that Windows
Vista client computers are running Norton Internet Security 2009 version 16.2
or later.
Client issues
This section contains information about Symantec Endpoint Protection clients
and Symantec Network Access Control clients.
The SMC service cannot start if the COM+ service is not running
If the COM+ service has stopped for any reason, after you install the Symantec
Endpoint Protection client software, the SMC service cannot start. To work around
this issue, you can do one of the following:
■ Manually start the COM+ service, then start the System Event Notification
Services (SENS), then start the SMC service.
■ Manually start the COM+ service, and then restart the computer.
Enforcer issues
This section includes information about Enforcer features, which are only available
in Symantec Network Access Control.
Documentation issues
This section includes information about product documentation.
where
Disable: Verify the Agent with the Policy Manager and block the Agent
if unable to connect to a Policy Manager (default)
Note: For instructions on how to obtain software updates, please see the following
article:
Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or
Symantec Network Access Control 11.x.
■ Solution: The algorithm to create the hardware key was changed so the
hardware key should not change with minor hardware changes, such as the
disabling of NICs.
■ Solution: Symantec Endpoint Protection clients will not detect Jolt2 DoS attack
with systems patched with the corresponding Microsoft update.
IPS Exclusions do not work for DNS host and DNS Domain used
with Host Groups
Fix ID 1538126
■ Symptom: After creating Host Groups with DNS host and DNS domain, selecting
the associated Host Groups to create IPS Host Exclusions does not work.
■ Solution: Defining the host by MAC address, DNS host, and DNS domain is not
supported. A warning message was added to warn the user.
■ Symptom: While editing the recipient list for scheduled reports, the error
message "Invalid characters have been removed from the list of emails." appears
even though no changes are made.
■ Solution: The email recipient list is saved without additional spaces.
The raw data dump from the External Logging options does
not contain column header identifiers
Fix ID 1633619
■ Symptom: The raw data dump from the External Logging options does not
contain column header identifiers.
■ Solution: Added header information on all logs created by the External Logging
feature.
Clients are not deleted from historical data and skew reports
Fix ID 1639520
■ Symptom: Legacy clients and servers no longer on the network still show in
the Security Status report with out-of-date definitions.
■ Solution: Added additional checks for legacy clients and servers with improper
status updates.
Single client does not get sent the commands from Symantec
Endpoint Protection Manager
Fix ID 1654964
■ Symptom: In the Symantec Endpoint Protection Manager, a command issued
to a single client with a hardware key starting with 00 is not run by the client.
■ Solution: A hardware key starting with 00 is no longer identified as an
unavailable client.
Release Notes for Symantec Endpoint Protection and Symantec Network Access Control, version 11, Release Update 5 47
Resolved issues by category
■ Solution: Increased the max database transaction log size based on the company
size selected during the Symantec Endpoint Protection Manager Installation
Wizard.
Virus alerts emails do not contain the file and file patch that
was infected
Fix ID 1719962
■ Symptom: Virus alerts emails do not contain the file and file patch that was
infected.
■ Solution: Added information about the file and file path to virus alerts email.
■ Symptom: The Enforcer Appliance does not replace the subnet mask given out
by the Microsoft DHCP server with a 32-bit mask.
■ Solution: Added a CLI command to enable secure–netmask in DHCP Enforcer.
Guest Access does not work when using MAB & Transparent
mode
Fix ID 1511304
Release Notes for Symantec Endpoint Protection and Symantec Network Access Control, version 11, Release Update 5 55
Components in this release
■ Symptom: When in transparent mode with MAB enabled, guests are not allowed
on the production network.
■ Solution: Detect if radius server is valid. If the radius server is invalid, Enforcer
responds to the switches MAB request.
Component Version
Component Version
AutoProtect 10.3.0.15
Avengine 20081.1.1
ccEraser 2007.0.1.6
COH 6.1.9.44
DecABI 1.2.5.130
DefUtils 4.1.1
ECOM 81.3.0.13
LiveUpdate 3.3.0.92
LiveUpdateAdmin 2.2.1.16
Microdefs 2.7.0.13
QServer 3.6.20
WpsHelper 12.0.1.41
SyKnAppS 3.0.3.3
SymEvent 12.8.0.11
SymNetDrv 7.2.5.9
Teefer2 11.0.5
Legal Notice
The software described in this book is furnished under a license agreement and
may be used only in accordance with the terms of the agreement.
Documentation version 11.00.05.00.00
Copyright © 2009 Symantec Corporation. All rights reserved.
Release Notes for Symantec Endpoint Protection and Symantec Network Access Control, version 11, Release Update 5 57
Legal Notice