Release Notes For Symantec Endpoint Protection 11-0-5

Release Notes for Symantec™
Endpoint Protection and

Symantec Network Access
Control, version 11, Release
Update 5
Revision Date 9/21/2009 7:00 P.M. PDT

Release Notes for Symantec
Endpoint Protection and
Symantec Network Access
Control, version 11, Release
Update 5
This document includes the following topics:
■ About Symantec Endpoint Protection and Symantec Network Access Control

version11.0 Release Update 5 (11.0 RU5)
■ What's new in this version
■ Documentation
■ What you need to know before you install or update your software
■ Known issues and workarounds
■ Resolved issues by category
■ Components in this release
■ Legal Notice
4 Release Notes for Symantec Endpoint Protection and Symantec Network Access Control, version 11, Release Update 5
About Symantec Endpoint Protection and Symantec Network Access Control version11.0 Release Update 5 (11.0 RU5)
About Symantec Endpoint Protection and Symantec

Network Access Control version11.0 Release Update
5 (11.0 RU5)
Version 11.0.5 is the upgrade to previous versions of the Symantec Endpoint
Protection and Symantec Network Access Control 11.0 product line. All
functionality of version 11.0 is maintained, unless otherwise noted.
What's new in this version

The current release includes the following improvements that make Symantec
Endpoint Protection and Symantec Network Access Control easier and more
efficient to use.
Table 1-1 New features in this version
Feature Benefit
Symantec Endpoint Protection Your company can now support new operating
Manager now supports the following systems.
operating systems:
■ Microsoft Windows Server 2008

Service Pack 2 (all editions except
for Itanium)
R2 (all editions except for
Itanium)
Symantec Endpoint Protection Your company can now use Symantec Endpoint
Manager can now be used with Protection Manager with a Microsoft SQL Server
Microsoft SQL Server 2008 2008 database.
The Symantec Endpoint Protection Your company can protect the computers that run
or Symantec Network Access Control these new operating systems.
client now supports:
■ Microsoft Windows 7 (all editions

except for Itanium)
R2 (all editions except for
Itanium)
■ Microsoft Windows Vista Service
Pack 2
Release Notes for Symantec Endpoint Protection and Symantec Network Access Control, version 11, Release Update 5 5
What's new in this version
Table 1-1 New features in this version (continued)
Feature Benefit
The size of the exported client You can upgrade more clients with the client
installation package has been reduced installation package in less time than before. As
soon as the client connects to a management server,
the client receives the most recent content.
The Group Update Provider includes You can configure the following features for the
new functionality Group Update Provider:
■ Limit the amount of bandwidth that the Group

Update Provider can use when the Group
Update Provider downloads content from the
management server.
■ You can define a Group Update Provider by
using rules and conditions, such as an IP address
or host name. You can configure a single Group
Update Provider in a single LiveUpdate Policy
that applies across multiple groups for multiple
clients.
■ Define clients to connect to a Group Update
Provider within the same site to improve
performance.
■ Identify which clients act as Group Update
Providers.
The client now includes a Download Users on the client can download a support tool
Support Tool command on the Help from the Support Web site that helps to diagnose
and Support menu. the common issues that they might encounter on
the client.
The Host Integrity Policy includes Symantec Network Access Control includes the
additional checks. The Enforcer following enhancements:
includes additional security
■ New Host Integrity templates support Altiris 7,
enhancements
BigFix Enterprise Suite, and new versions of
additional third-party products.
■ End users with a valid RADIUS logon but a
computer with no client installed can be blocked
from your company's network.
■ You can configure when the command-line
interface on the Enforcer times out.
Documentation
Documentation
This release includes the following sources of information for Symantec Endpoint
Protection and Symantec Network Access Control:
Documentation for Symantec Endpoint Protection

This release includes the following documentation for Symantec Endpoint
Protection:
■ Readme for Symantec Endpoint Protection and Symantec Network Access
Control
The Readme includes the latest information regarding the installation,
migration, and use of this product, and any updates or changes to the product
documentation. You should read the latest information before you install the
product.
■ Getting Started with Symantec Endpoint Protection
This guide includes an overview of the installation process.
■ Installation Guide for Symantec Endpoint Protection and Symantec Network
Access Control
This guide includes procedures to install the product.
■ Administration Guide for Symantec Endpoint Protection and Symantec Network
Access Control
This guide includes procedures to manage the product.
■ Client Guide for Symantec Endpoint Protection and Symantec Network Access
Control
This guide includes procedures for end users to manage the Symantec Endpoint
Protection client.
■ Symantec Endpoint Protection Manager Database Schema Reference
This guide includes the database schema for the product.
■ Symantec Central Quarantine Implementation Guide
This guide includes information about installing, configuring, and using the
Central Quarantine.
■ Symantec Client Firewall Policy Migration Guide
This guide includes information on how to convert policies from Symantec
Client Firewall Administrator to Symantec Protection Center.
The Documentation page of the Support site for Symantec Endpoint Protection
contains the all of the guides listed above:
Documentation for Symantec Endpoint Protection
Documentation
The Common Topics page of the Support site provides individual articles and
links that are designed to provide installation assistance, best practices, and FAQs:
Common Topics for Symantec Endpoint Protection
Documentation for Symantec Network Access Control

This release includes the following documentation for Symantec Network Access
Control:
■ Readme for Symantec Endpoint Protection and Symantec Network Access
Control
The Readme includes the latest information regarding the installation,
migration, and use of this product, and any updates or changes to the product
documentation. You should read the latest information before you install the
product.
■ Getting Started with Symantec Network Access Control
This guide includes an overview of the installation process.
■ Installation Guide for Symantec Endpoint Protection and Symantec Network
Access Control
This guide includes procedures to install the product.
■ Administration Guide for Symantec Endpoint Protection and Symantec Network
Access Control
This guide includes procedures to manage the product.
■ Client Guide for Symantec Endpoint Protection and Symantec Network Access
Control
This guide includes procedures for end users to manage the Symantec Network
Access Control client.
■ Enforcer Implementation Guide for Symantec Network Access Control
This guide includes information about installing and configuring the optional
Symantec Network Access Control Enforcer appliance, the Integrated Enforcers,
and the On-Demand Clients.
■ Symantec Endpoint Protection Manager Database Schema Reference
This guide includes the database schema for the product.
The Documentation page of the Support site for Symantec Network Access Control
contains all of the guides listed above:
Documentation for Symantec Network Access Control
links that are designed to provide installation assistance, best practices, and FAQs:
What you need to know before you install or update your software
Common Topics for Symantec Network Access Control
What you need to know before you install or update

your software
System requirements for Symantec Endpoint Protection and Symantec Network
Access Control and other material to consider before installation are located in
the Getting Started with Symantec Endpoint Protection and Getting Started with
Symantec Network Access Control documents, and in the Installation Guide. These
documents accompany the software and are also available on the Symantec Support
Web at the following locations:
Symantec Endpoint Protection documentation.
Symantec Network Access Control documentation
links that are designed to provide installation assistance, best practices, and FAQs.
Installing the product for the first time

You can use the following main steps to install the product on a computer on
which a version is not already installed.
Table 1-2 Process for installing the product
Step Action Description
Step 1 Review system and installation Confirm that your network and the computers
requirements you plan to use meet the requirements to
install and run the software.
Step 2 Plan and prepare for the Decide which type of database to use, plan your
installation deployment, and prepare client computers.
Step 3 Install Symantec Endpoint Run the installation program from the product
Protection Manager disc. The program first installs the
management server software. It then
configures the management server and creates
the database. Follow the procedure that
corresponds to the type of database you select.
Table 1-2 Process for installing the product (continued)
Step 4 Create and deploy a client After you configure the database, you are asked
installation package if you want to run the Migration and
Deployment Wizard. This wizard creates and
then pushes out a default client software
installation package.
Alternately, you can:
■ Use the Migration and Deployment Wizard

from the Start menu at any time.
■ Create and deploy client software at a later
time using the Find Unmanaged Computers
utility in the console.
Note: If this installation is an upgrade
deployment from Symantec Endpoint
Protection, there is no need to re-deploy the
client. The installation of Symantec Network
Access Control activates the Symantec
Network Access Control features on the client
without further deployment.
To view this topic with links to the procedures listed above, go to the following
URL:
http://seer.entsupport.symantec.com/docs/330754.htm
Upgrading to a new release of Symantec Endpoint Protection or

Symantec Network Access Control
You can upgrade to the latest maintenance release of Symantec Endpoint
Protection or Symantec Network Access Control. Before you install a new version
of the software, you must perform certain tasks as part of your upgrade plan to
ensure a successful upgrade.
The information in this section is specific to upgrading software in environments
where a version of Symantec Endpoint Protection or Symantec Network Access
Control 11.x is already installed.
Table 1-3 Process for upgrading to the latest maintenance release
Step 1 Back up Back up the database used by the Symantec Endpoint Protection
the Manager to ensure the integrity of your client information.
database
Step 2 Turn off Turn off replication on all sites that are configured as replication
replication partners. This avoids any attempts to update the database during the
installation.
Step 3 Stop the The Symantec Endpoint Protection Manager service must be stopped
Symantec during the installation.
Endpoint
Protection
Manager
service
Step 4 Upgrade Install the new version of the Symantec Endpoint Protection Manager
the on all sites in your network. The existing version is detected
Symantec automatically, and all settings are saved during the upgrade.
Endpoint
Protection
Manager
software
Step 5 Turn on Turn on replication when the installation is complete to restore your
replication configuration.
after the
upgrade
Step 6 Upgrade Upgrade your client software to the latest version.

Symantec
client
software
To view this topic with links to the procedures listed above, go to the following
URL:
http://seer.entsupport.symantec.com/docs/330694.htm
Symantec Endpoint Protection Manager requires TCP port 9090 by

default
Symantec Endpoint Protection Manager uses TCP 9090 to display the Symantec
Endpoint Protection Manager console. If other software is listening on this port,
Known issues and workarounds
you cannot log on to the Symantec Endpoint Protection Manager console. Note
that Symantec IM Manager uses TCP port 9090. If you are required to run Symantec
Endpoint Protection Manager console on a computer that also requires other
software that uses TCP port 9090, you can change the port for Symantec Endpoint
Protection Manager console.
To change TCP port 9090, edit the following file with WordPad (Notepad does not
correctly show the XML line feeds):
\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml
Search for port=9090 and change 9090 to a different TCP port number. Save the
file, and then restart Symantec Endpoint Protection Manager with the
Administrative Tools > Services utility. You can then log on to the Symantec
Endpoint Protection Manager console.
Be aware, however, that changing port 9090 partially disables the online Help
system. Every time you use Help, you will have to change 9090 in the URL to the
changed port number to display the Help text.
The default port for Enforcer communication with Symantec Endpoint

Protection Manager is 8014
The default port for non-encrypted communication (HTTP) with the Symantec
Endpoint Protection Manager has been changed from 80 to 8014. Encrypted
communications (HTTPS) continue to use port 443. This port setting applies to
all types of Enforcers.

The issues in this section are new for Symantec Endpoint Protection version 11,
RU5.
For a more detailed list of issues that are known but not resolved, see the
readme.html file that accompanies the release. You can also view it on the
Symantec Support site, at the following location:
http://www.symantec.com/business/support/overview.jsp?pid=54619
Upgrades, installation, uninstallation, and repair issues

This section contains information about upgrades, installation, uninstallation,
and repairs.
UPGRADES
Best Practices for upgrading
If you are running a release before RU5, a best practice is to upgrade Symantec
Endpoint Protection Manager first, before you upgrade client software. Doing so
automatically adds the latest client packages, and upgrades the management
console to the latest functionality.
Silent, forced-reboot packages deployed by "Find Unmanaged Computers"

do not restart after migration
When migrating from Symantec AntiVirus or a previous version of Symantec
Endpoint Protection by using "Find Unmanaged Computers," a silent, forced-reboot
package installs but does not automatically restart. Migrations from previous
versions of Symantec Endpoint Protection are fully protected before the restart.
Migrations from Symantec AntiVirus have antivirus protection, but firewall
technologies are not enabled until after the restart. Computers that have not
restarted appear in Symantec Endpoint Protection Manager on the home page,
by clicking a link stating the number of computers showing Restart Required.
Symantec Endpoint Protection Manager can be used to issue a restart to these
computers.
Client computers that take a long time to be automatically upgraded to

Release Update 5 may need to be restarted
Client computers that take a long time to automatically upgrade to Release Update
5 may need to be restarted. This occurs on client computers that run Windows
Vista or Windows Server 2008.
If upgrading Network Access Control-enabled Symantec Endpoint Protection

clients from MR2 to RU5, an error message appears and the installation
does not finish
If you upgrade Symantec Endpoint Protection clients that are Network Access
Control-enabled, the installation may not finish. This occurs when the client is
configured to perform 802.1x authentication. Second, this issue occurs only if the
exported client installation package is located on the network, and you launch
the installation package from the client.
The problem occurs because to upgrade a client, the installation process stops
the smc client and snac client services. If the client services are stopped, the LAN
Enforcer cannot authenticate the client computer. If the LAN Enforcer cannot
authenticate the client computer, the client computer is not allowed to access the
network and the rest of the installation files.
To work around this issue, do one of the following tasks:
■ Automatically upgrade the client.

■ Use the ClientRemote.exe tool to push the exported client installation package
to the client.
■ Copy the exported client installation package to the client and manually launch
the package on the client.
Network connectivity is sometimes lost during an upgrade

This issue occurs because a network driver must be replaced during the upgrade.
The issue disappears after you restart the computer.
Using a URL to auto-upgrade clients that run Symantec Endpoint Protection

or Symantec Network Access Control MR3, MR4, or MR4 MP1 is not
supported
If you use the URL method to auto-upgrade MR3, MR4, or MR4 MP1 clients, the
upgrade is attempted three times before it stops and fails. To work around this
issue, you can use the Symantec Endpoint Protection Manager instead of a URL
to auto-upgrade MR3, MR4, and MR4 MP1 clients.
Upgrading a Symantec Endpoint Protection client that does not contain

Proactive Threat Protection triggers a series of Windows messages
Upgrading a Symantec Endpoint Protection client that does not contain Proactive
Threat Protection causes a message that Windows is configuring SEP to appear.
After the first message, a series of other messages appear while an installation
repair replaces a missing file. Once the series of messages is finished, the
installation completes successfully.
INSTALLATION AND REPAIR

How to install Symantec Endpoint Protection Manager on a server that
runs particular programs
See the Technical Support Knowledge Base article:
Addressing Symantec Endpoint Protection compatibility issues
Authentication failure can occur on computers that run Windows 7 or Vista

when you use the Find Unmanaged Computers task
On computers that run Windows 7 or Vista, when you use the Find Unmanaged
Computers task, if you use the nonbuilt-in local administrator user's credentials
to remote push a client, and your target computers are listed on the Unknown
Computers tab, then you are not allowed to remote push the client to those
computers.
To work around this problem, you can either:
■ Turn off the Windows 7 or Vista User Account Control (UAC) and restart the
target computer.
■ Use the built-in local administrator for authentication so that you do not have
to turn off UAC.
Symantec Endpoint Protection Manager issues

This section contains information about Symantec Endpoint Protection Manager.
Cannot log on remotely to the management server console

This issue occurs only on computers that run Sun JDK 6 upgrade 4 or earlier. To
solve the issue, upgrade the JDK to version 6 update 5 or later. Version 6 update
14 is recommended. This issue is caused by a known Sun defect (id 6514454).
If the computer that logs on remotely does not have a JDK , Symantec Endpoint
Protection automatically installs the correct version of the JDK.
Logging into the Symantec Endpoint Protection Manager

console from an Internet browser fails if the name of an
administrator is added by using a double-byte character set
Do not add the name of an administrator by using double-byte characters in the
Symantec Endpoint Protection Manager. If you use double-byte characters, the
administrator can no longer log into the Symantec Endpoint Protection Manager
console with an Internet browser. The attempt to log into the Symantec Endpoint
Protection Manager console fails. However, the administrator can still log into
the Symantec Endpoint Protection Manager Java console directly rather than
using an Internet browser.
Using localhost in a URL is not recognized as an available

address on computers that have IPv6 installed
Tomcat does not recognize the localhost loopback IP address in IPv6. This problem
occurs on computers that run Windows 2008, Windows Vista, and Windows 7. To
work around this issue, use the IP address 127.0.0.1 in the URL instead of localhost.
For example, when you use http://localhost:9090/servlet/ConsoleServlet?
ActionType=ConfigServer&action=CleanGroupPolicy to delete policy data in the
Symantec Endpoint Protection Manager database, you should use 127.0.0.1 in the
URL instead of localhost.
The Symantec Endpoint Protection Manager console crashes

when you type in simplified Chinese characters
On Windows 2008 computers, a Java Development Kit (JDK) issue causes the
Symantec Endpoint Protection Manager console to crash when you type simplified
Chinese characters in a field. On 64-bit versions, this problem occurs when you
type any number of characters. On 32-bit versions, it occurs only after you type
26 characters in a field. This problem occurs with Java Development Kit 1.6 and
later, and may occur with earlier versions.
Reporting
This section contains material that is related to monitoring and reporting issues.
Reporting components do not start if you specify an IP address

for the Symantec Web server in the IIS on Windows 2008 R2
Reporting components fail to work on Windows 2008 R2 computers that use a
specific an IP address for the Symantec Web server in the IIS. To work around
this issue, you can do either of the following:
■ Set your Internet Explorer Internet zone security level down to a level below
High.
■ Add the host IP address to the Trusted sites list.
Symantec Endpoint Protection Manager policy issues

This section includes information about working with policies in Symantec
Endpoint Protection and Symantec Network Access Control.
LIVEUPDATE POLICIES
This section includes the known issues information related to LiveUpdate policies.
Disk full message erroneously appears when it downloads

LiveUpdate updates
If your network environment already supports the proxy servers that are compliant
with the HTTP 1.1 protocol or later, you can disregard this entry. After you have
tried to download LiveUpdate for the first time, the following message may appear:
LU1863: Insufficient free disk space. There is not enough free disk
space for LiveUpdate to operate properly. Please free up disk space

on your computer and run LiveUpdate again.
You may have insufficient disk space. However, it is much more probable that
this message appears in error because the proxy server is unable to send the
correct Contents-Length header field. This error message may appear on Symantec
Endpoint Protection Manager, a Symantec Endpoint Protection client, or a
Symantec Network Access Control client. You may want to verify that the disk
drive to which you downloaded LiveUpdate has sufficient disk space. If you verified
that the disk drive has sufficient space, then most likely a proxy server caused
the problem. If a proxy server receives an HTTP reply that does not include a
Content-Length header field, then the above-listed message erroneously appears.
The erroneous message appears on the computer on which the LiveUpdate has
been downloaded.
The proxy servers that are compliant with HTTP 1.1 protocols automatically
include Content-Length header-entity fields. The proxy servers that are compliant
with HTTP 1.0 protocols do not automatically include Content-Length
header-entity fields. You may want to ensure that the proxy servers in your
network are compliant with the HTTP 1.1. protocol.
See the documentation that accompanies the proxy server for more information
on how to make a proxy server compliant with HTTP 1.1 protocols.
NETWORK THREAT PROTECTION POLICIES

This section includes the known issues information related to Network Threat
Protection policies.
Application and Device Control does not function when Network

Threat Protection is disabled
An Application and Device Control Policy does not function when a user or an
administrator disables Network Threat Protection. The policies that the
administrator implements are not enforced. This issue occurs only in Symantec
Endpoint Protection. The administrator can prevent the user from disabling
Network Threat Protection by choosing the appropriate policy for both mixed and
for server control. The administrator should not set client computers to client
control.
HOST INTEGRITY POLICIES

This section includes information about policies, such as Host Integrity policies,
that are available only with Symantec Network Access Control. These issues apply
only to environments where Symantec Network Access Control is installed.
For the on-demand client, custom Host Integrity rules that point to registry
values do not work properly
Custom Host Integrity rules for registry values do not work correctly. This is
because of the transient nature of user sessions.
Host compliance log displays the message: Process not running Signature
out of date
From the Symantec Endpoint Protection Manager console, check the Host
Compliance Logs. When the Host Integrity Check fails, the event is logged as
"Event Type: Host Integrity failed." The Reason column always displays the
message, "Process is not running Signature is out of date." This error message
appears on any Symantec Endpoint Protection Manager server operating system.
Host Integrity policies might not correctly detect the anti-spyware status
of Norton Internet Security 2009 on Windows Vista computers
On Windows Vista computers, Host Integrity checking cannot detect the
anti-spyware status of Norton Internet Security 2009 versions prior to 16.2 if the
anti-spyware feature is disabled. To avoid this issue, make sure that Windows
Vista client computers are running Norton Internet Security 2009 version 16.2
or later.
Client issues
This section contains information about Symantec Endpoint Protection clients
and Symantec Network Access Control clients.
Compatibility issues with MS Verifier on Windows 7 against

Symantec Endpoint Protection drivers. Running Verifier may
result in failures and BSODs.
We recommend against running MS Verifier on Windows 7. If the user's computer
crashes, shows a BSOD, or has another failure, the solution is to restart the
computer.
The Network Access Control-enabled Symantec Endpoint

Protection client on Microsoft Vista does not allow access to
a remote server
If the Symantec Endpoint Protection client with Network Access Control is
installed, the client does not allow the client access to a remote network server.
Therefore, if you have Symantec Endpoint Protection clients with Network Access
Control that run on Microsoft Vista, you must create a firewall rule on the
Symantec Endpoint Protection Manager that allows access to remote servers.
To create the rule

1 In the Symantec Endpoint Protection Manager console, click Policies.
2 Under View Policies, click Firewall.
3 Choose the Firewall policy you want to edit.
4 In the Tasks pane, click Edit the Policy.
5 On the Firewall Policy page, click Rules.
6 Click Add Rule.
7 On the Add Firewall Rule Wizard page, click Next.
8 In the Select Rule Type pane, click Network Service and then click Next.
9 In the SpecifyTrustedNetworkServices pane, beside NetworkNeighborhood
Browsing, click the Enabled check box and then click Finish.
10 On the Firewall Policy page, click OK.
The SMC service cannot start if the COM+ service is not running
If the COM+ service has stopped for any reason, after you install the Symantec
Endpoint Protection client software, the SMC service cannot start. To work around
this issue, you can do one of the following:
■ Manually start the COM+ service, then start the System Event Notification
Services (SENS), then start the SMC service.
■ Manually start the COM+ service, and then restart the computer.
Symantec Endpoint Protection client issues

This section includes information specific to Symantec Endpoint Protection clients.
Network Threat Protection "Block Microsoft Windows

Networking traffic while the screen saver runs" client option
blocks all network traffic
If a user enables the Network Threat Protection Block Microsoft Windows
Networking traffic while the screen saver runs option on a client, the firewall
blocks all network traffic when the screen saver is activated. It does not block
only the network browsing and sharing traffic.
Symantec Network Access Control client issues

This section includes information specific to Symantec Network Access Control
clients, including the On-Demand clients.
Authentication requests are blocked for 20 minutes

After failing to authenticate from a computer running Windows, further
authentication requests from the switch might be blocked for a minimum of 20
minutes. This issue is due to a hard-coded Windows 20-minute blocking period
that prevents the network from being overloaded with potentially unsuccessful
authentication requests. During this blocking period, the system does not respond
to EAPOL-Identity messages from the switch. This blocking period applies to
Windows Vista, Windows Server 2008, and Windows XP. If the re-authentication
period in the switch is set to less than 20 minutes, Windows still blocks
authentication requests for 20 minutes. If the re-authentication period in the
switch is set to more than 20 minutes, Windows blocked authentication requests
for the amount of time that is set in the switch. To change the hard-coded value
in Windows, see Microsoft KB957931 (http://support.microsoft.com/kb/957931).
Client cannot download a roaming profile when it uses 802.1x

authentication
In clients with on operating system older than Microsoft Vista, the client cannot
download a roaming profile when it uses 802.1x authentication. This issue can be
resolved by upgrading to Vista or later. For details, see this Microsoft article:
http://support.microsoft.com/Default.aspx?kbid=935638
Profile status check fails and the client computer is moved to

the quarantine VLAN
A client computer running Symantec Endpoint Protection client and configured
to authenticate using 802.1x and Protected Extensible Authentication Protocol
(PEAP) and then moved to an on-demand environment where the On-Demand
Client is downloaded and installed, might pass the Host Integrity check but fail
the profile status check and be moved to the quarantine VLAN instead of the
production VLAN
This issue affects computers that run Windows XP and Vista. No solution currently
exists for this issue.
Transparent mode dot1x authentication does not work with

the Microsoft supplicant on Windows 7
Third-party supplicants are not supported in transparent mode.
The Windows On-Demand client does not install correctly on

Windows 7 with IE8 + JRE
This issue occurs because of a conflict between UAC and the logon privilege of
the user. The workaround is to run Internet Explorer as Administrator, if UAC is
turned on. The alternative is to turn off UAC.
Upgrading from SSEP 5.1 MRx clients to Symantec Endpoint

Protection 11 RUx clients can result in all network traffic
getting blocked
This issue occurs because of a change in drivers. The solution is to restart the
client computer.
Symantec Network Access Control does not support the use

of a Network Address Translation (NAT)-enabled router to
connect through a VPN
If you must use a NAT-enabled router, you can use the following workaround:
■ On the VPN server, use NAT to send all the packets that are destined for the
agent's IP address to the router IP address.
■ On the router, enable the DMZ feature and specify the DMZ server IP address
as the agent's IP address.
Enforcer issues
This section includes information about Enforcer features, which are only available
in Symantec Network Access Control.
Servers that the Gateway Enforcer connects to must reside on

an internal network
Because external networks are considered unsecure, any server that the Gateway
Enforcer connects to must reside on an internal network. Only the Enforcer
Services and the On-Demand delivery services can communicate with hosts on
external networks. Other user mode applications, such as SNMP client, NTP client,
and SSH server must use the Enforcer Gateway's forwarding support module to
communicate with hosts on an external network.
The Allow Legacy Client option is not supported for the

Symantec Network Access Control Integrated Enforcer
The Allow Legacy Client option is no longer supported for the Integrated Enforcer.
To view this option
1 In the console, on the Admin page, click Servers.
2 On the Servers page, select an Enforcer, and then click Edit Group Properties.
3 In the Edit Group Properties dialog box, click the Advanced tab.
Symantec Network Access Control Enforcer support for Dell

appliance models
The Symantec Network Access Control Enforcer now supports the following Dell
appliance models:
■ PowerEdge 850
■ PowerEdge 860
■ PowerEdge R200
Juniper Odyssey 4.6 no longer supported

The Symantec Network Access Control Enforcer no longer supports the Juniper
Odyssey 4.6 client supplicant for 802.1x authentication.
DHCP Enforcer authentication can time out when wireless

access points are used on the Enforcer's external side
If you need to use wireless access points external to the DHCP Enforcer, we
recommend that you set both the Authentication timeout period and the DHCP
timeout period to more than 10 seconds. Increasing the timeout periods helps to
avoid repeated agent timeouts and reattempts at authentication.
The Enforcer profile is not downloaded when the profile of

trusted MAC addresses is very large
We support up to 256 trusted MAC addresses on the DHCP Enforcer. If there is a
large number of trusted MAC addresses in the profile, downloading that profile
causes the NIC to go down and up, thus stopping downloading.
The first 802.1x authentication sometimes fails when the client

wakes up from sleep or hibernation
This situation is a driver issue that is resolved at the next authentication attempt.
It will be fixed in a future release.
Connecting two active Gateway Enforcers into a failover

environment causes an ARP storm
If two Gateway Enforcers are in active mode, connecting them to construct a
failover environment causes a 0.5 ~ 9 second ARP storm. (The default duration is
one second, as determined by the failover sensitive-level configured from the
Enforcer command line.) Once the failover begins to work, the ARP storm
disappears. To prevent this issue, connect the two Gateway Enforcers into a
failover environment when one of the Enforcers is on standby mode.
The command-line interface (CLI) to the Enforcer is not

available when the Enforcer service is stopped
The solution is to restart the Enforcer service.
The ipconfig command shows incorrect subnet mask

(255.255.255.255)
When you use the Enforcer with Windows XP or Windows Server 2003 (including
RTM, Service Pack 1, and Service Pack 2 on x86 and x64 platforms), you might
encounter problems with the Microsoft DHCP Client. When the client updates its
IP address, you might lose connection or the ipconfig command might show the
incorrect subnet mask.
You may also see the incorrect subnet mask in the command prompt if the client's
IP address changes from a quarantine IP address to a normal IP address. The client
still uses the correct subnet mask. This issue occurs on client computers that run
Microsoft Windows 2000, and occurs even if the client passes the Host Integrity
check. The client still works correctly.
To fix the problem on Windows XP or Windows Server 2003, you should apply
the Microsoft Hot Fix (Microsoft KB927288). The Hot Fix has been updated since
its original release, so make sure to download and apply the most up-to-date
version for your computer platform. Because Microsoft no longer supports
Windows 2000, there is no patch for this issue on Windows 2000.
Cisco supplicant versions 5.0 and 5.1 do not perform dot1x

authentication with a Symantec Endpoint Protection client in
third-party supplicant mode
If you install a Cisco supplicant 5.0 or 5.1 on a client computer and then install
an exported Symantec Endpoint Protection client that is configured for third-party
supplicants, the Cisco supplicant does not perform dot1x authentication and does
not pass a Host Integrity check.
Cannot upgrade the Enforcer appliance to RU 5; fresh install

is required
Due to the kernel upgrade present in RU 5, upgrading from earlier versions is not
supported. Users should do a fresh install from the product disc. Note that this
will require reconfiguration of settings.
The IP address can not automatically switch to a quarantine

IP address when using a DHCP Enforcer secure mask with the
Macintosh OS
When using Macintosh OS 10.5 or 10.6 with a DHCP Enforcer secure mask, failed
Host Integrity passes do not automatically switch from normal to quarantine IP
addresses. To work around this issue, double-click iprenew to get the correct IP
address.
Symantec AntiVirus for Linux issues

This section contains information about Symantec AntiVirus for Linux.
Symantec AntiVirus for Linux installation on Red Hat Linux 5.2

may display a warning message
If you install Symantec AntiVirus for Linux on Red Hat Linux 5.2 without using
the command line for installation, you may see a warning message that states
that the installer is not a known application. You may safely ignore this message.
Click Ignore, and the installation should succeed without problems.
Symantec AntiVirus for Linux Implementation Guide - change

in LiveUpdate behavior
In the Symantec AntiVirus for Linux Implementation Guide section titled "About
the Java LiveUpdate configuration file," the definition of the working directory
in the first row of the table is out of date. The local package directory is no longer
removed when Java LiveUpdate exits.
Symantec AntiVirus for Linux Implementation Guide - GRC.dat

file value change
In the Symantec AntiVirus for Linux Implementation Guide chapter called
"Configuring Symantec AntiVirus for Linux," in the section titled "Deploying
GRC.DAT files," the value \VirusProtect6\ProductControl\CheckGRCNow should
be \VirusProtect6\ProductControl\ProcessGRCNow.
Documentation issues
This section includes information about product documentation.
Installation Guide - System requirements are incorrect for

32-bit systems
In the sections System requirements for the Symantec Endpoint Protection client
software and System requirements for the Symantec Network Access Control client
software, the amount of memory for 32-bit systems should be "256 MB RAM
minimum (1 GB recommended) for most systems."
Installation Guide - System requirements are missing for the

Symantec AntiVirus client for Linux
In the section About the Symantec AntiVirus client for Linux, the following
information should be included.
The following operating systems are supported:
■ Red Hat Enterprise Linux 3.x, 4.x, 5.x
■ SUSE Linux Enterprise (server/desktop) 9.x, 10.x
■ Novell Open Enterprise Server (OES/OES2)
■ Ubuntu 7.x, 8.x • Debian 4.x
■ VMWare ESX 2.5.x, 3.x
System requirements: Windows 2008 R2 is supported on 64-bit

systems only
The Installation Guide and Getting Started Guide both mistakenly say that Windows
2008 R2 is supported on both 32-bit and 64-bit systems. This information is
incorrect. Only 64-bit computers are supported with Windows 2008 R2.
Console context-sensitive Help - Registry key help topics in

Group Update Provider and Location Awareness lack some
information
The help should include the following definitions:
■ Registry key
The key is similar to a folder or path. For example:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint
Protection\AV\Storages\SymProtect
■ Registry key name
The name of the item in the registry key. For example: ServiceStatus
■ Registry value
The value of the registry key name. For example: 0x00000000
The default HTTP port number for the "Symantec NAC

Integrated Enforcer for Microsoft Network Access Protection"
appears in the Help as port 80
This information is not correct. The correct port number for HTTP access is 8014.
The Help screen for "Logging settings" for the

Gateway/DHCP/LAN Enforcer shows the wrong value for the
log file size range
The correct size range for the log file is 64 KB to 2 GB, with a default value of 512
KB.
Enforcer Implementation Guide: Advanced Local-auth command

is incorrect
The correct entry should read:
Local-auth
where
Disable: Verify the Agent with the Policy Manager and block the Agent
if unable to connect to a Policy Manager (default)
The default setting for client authentication is disable.

Enable: Disable verification of the Agent and perform Host Integrity
validation only
Resolved issues by category
Enforcer Implementation Guide and Help mistakenly refer to

an On-Demand client for Linux
This information is not correct. An On-Demand client for Linux does not exist at
this time.

This section describes the new features and fixes included in Release Update 5
(RU5) of Symantec Endpoint Protection 11.0 (also known as version 11.0.5xxx).
Symantec Endpoint Protection RU5 (11.0.5xxx) provides customer fixes since the
release of MR4 MP2 (11.0.4.4200).
Note: For instructions on how to obtain software updates, please see the following
article:
Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or
Symantec Network Access Control 11.x.
Symantec Endpoint Protection Antivirus and Antispyware

This section describes the customer fixes for Antivirus and Antispyware since
the release of MR4 MP2 (11.0.4.4200).
Under the guest account, Symantec Endpoint Protection clients

report multiple warnings
Fix ID 1128048
■ Symptom: Under the guest account, Symantec Endpoint Protection clients
report that Antivirus and Antispyware Protection does not function correctly.
■ Solution: Corrected status query to accommodate guest (minimal) privileges.
Updated hardware key due to MAC address change causes

Symantec Endpoint Protection client re-registration with
Symantec Endpoint Protection Manager
Fix ID 1397560
■ Symptom: Multiple entries for Symantec Endpoint Protection clients on the
console, duplicate hardware keys for different clients, and multiple clients
that share the same hardware key.
■ Solution: The algorithm to create the hardware key was changed so the
hardware key should not change with minor hardware changes, such as the
disabling of NICs.
Smcgui.exe crashes for a Restricted user

Fix ID 1528962
■ Symptom: Smcgui.exe crashes when logging on as a Restricted user.
■ Solution: Improved object handling.
Location awareness only works when the Primary DNS suffix

matches the condition
Fix ID 1529689
■ Symptom: On Windows 2000, Location Awareness fails to switch when
configured on a specified network interface.
■ Solution: Change to Location Awareness.
TPM Device not displayed in the Symantec Endpoint Protection

Manager
Fix ID 1536046
■ Symptom: The Symantec Endpoint Protection client was not able to correctly
identify the TPM chip vendor.
■ Solution: Changed the client to handle failures better when attempting to
retrieve the TPM chip vendor information.
Decomposer version is blank in the Symantec Endpoint

Protection client user interface
Fix ID 1540746
■ Symptom: Under Help and Support, the Decomposer version is blank.
■ Solution: Corrected the location to retrieve the Decomposer version.
Unable to disable the "Threats were detected while you were

logged out" message
Fix ID 1542336
■ Symptom: With all notifications disabled, if a virus is discovered as part of a

scheduled scan while the user is logged out, the user is notified that threats
were discovered when the user logs in.
■ Solution: Added an option to toggle the client-side notification of the message.
Smcgui.exe unexpectedly takes foreground focus

Fix ID 1558158
■ Symptom: On Windows XP embedded computers, Smcgui.exe unexpectedly
takes foreground focus.
■ Solution: Changed Smcgui.exe to not take foreground focus in invisible mode.
The Symantec Endpoint Protection client fails heartbeat with

Error Code=87;AH or Error Code=0;AH
Fix ID 1603851
■ Symptom: With a large number of IP addresses configured on the Symantec
Endpoint Protection client, the registration information exceeds size limitations
and the client is not able to register with the server.
■ Solution: Set a limit of 16 IP addresses on the client.
64-bit Symantec Endpoint Protection clients are not passing

Host Integrity check
Fix ID 1651293
■ Symptom: 64-bit Symantec Endpoint Protection clients connecting through
Juniper VPN are blocked by the Juniper Host Checker because the Juniper Host
Checker does not recognize that the client successfully passed the Host
Integrity check.
■ Solution: Corrected the location where Host Integrity results are read.
Scheduled LiveUpdate does not run at random times as

expected
Fix ID 1651364
■ Symptom: Schedule LiveUpdate does not run at random times as expected.
■ Solution: Fixed algorithm to randomize the start times.
Scheduled LiveUpdate still launches LuAll.exe although the

Use a LiveUpdate Server option is unchecked
Fix ID 1652473
■ Symptom: After migration, LiveUpdate still uses LuAll.exe to download content
from an internal or external LU server, regardless of whether the Use a
LiveUpdate Server option is checked.
■ Solution: Scheduled LiveUpdate settings are cleared and the Symantec Endpoint
Protection client uses the LiveUpdate policy from the Symantec Endpoint
Protection Manager.
Log forwarding settings for Scan Aborted, Scan Started, and

Scan Stopped do not work properly
Fix ID 1664764
■ Symptom: Regardless of the log forwarding setting in Symantec Endpoint
Protection Manager, the Symantec Endpoint Protection clients always forward
the Scan aborted, Scan started, and Scan stopped logs.
■ Solution: Corrected the log forwarding to not always forward Scan logs.
Eraser Engine displays Version 0.0

Fix ID 1668299
■ Symptom: The Protection Content Versions report and Help show clients'
Eraser Engine version as 0.0.
■ Solution: Removed the dependency on Proactive Threat Protection content to
be present while Eraser Engine version is calculated.
LiveUpdate tries to contact external LiveUpdate Servers despite

policy setting
Fix ID 1678207
■ Symptom: The Use a LiveUpdate Server setting is not honored, which causes
Symantec Endpoint Protection clients to download content from external
LiveUpdate servers.
■ Solution: The Use a LiveUpdate Server setting is checked before attempting
to download content.
A Group Update Provider leaves TCP connections in the

CLOSE_WAIT state, preventing Symantec Endpoint Protection
clients from updating
Fix ID 1679515
■ Symptom: With limited concurrent download connections configured, TCP
connections can be exhausted if Symantec Endpoint Protection clients do not
terminate sessions cleanly.
■ Solution: Architectural changes were made to the Group Update Provider to
handle clients that do not terminate sessions cleanly.
Remediation options for Email Auto-Protect are grayed out in

the Symantec Endpoint Protection client
Fix ID 1704540
■ Symptom: The Remediation options for Email Auto-Protect are visible and
grayed out on the Symantec Endpoint Protection client, but do not appear in
the Symantec Endpoint Protection Manager.
■ Solution: The Remediation options for Email Auto-Protect are not configurable
and have been removed.
Smcgui.exe crashes on Windows 2000 when users are logged

in as Guest account
Fix ID 1729073
■ Symptom: Smcgui.exe crash on Windows 2000 when logged in as Guest account.
■ Solution: Enhanced error handling in Smcgui.exe on Windows 2000.
Location awareness switches based on "Primary DNS Suffix"

provided by domain controller
Fix ID 1732720
■ Symptom: Location awareness switches based on the Primary DNS Suffix
provided by the domain controller.
■ Solution: Location awareness switching by DNS Suffix will only switch through
the Connection-specific DNS suffix provided by DHCP.
SMC using entire CPU core and Symantec Endpoint

Protection-Symantec Endpoint Protection Manager
communication fails after migrating or installing the Symantec
Endpoint Protection client
Fix ID 174134
■ Symptom: After upgrading a Symantec Endpoint Protection client,
communication with the Symantec Endpoint Protection Manager fails because
the default gateway is not in the same subnet.
■ Solution: Enhanced the process to find the best route to the server after the
gateway IP address changes.
Symantec Endpoint Protection client user interface has

inconsistent behavior when restoring items displayed in
Quarantine
Fix ID 1783193
■ Symptom: The Restore and Delete buttons remain grayed out in the client
View Quarantine windows when certain items are selected but are available
in right-click context menu.
■ Solution: Fixed to have consistent behavior when viewing in Quarantine view
and right-click context menu.
Symantec Endpoint Protection clients cannot update antivirus

definitions from the Symantec Endpoint Protection Manager
Fix ID 1543985
■ Symptom: Symantec Endpoint Protection clients cannot update antivirus
definitions from the Symantec Endpoint Protection Manager.
■ Solution: Added a dependency relationship for SMC service and System Event
Notification service at startup.
MSI Repair function reverts the Symantec Endpoint Protection

Manager/IIS port to 8014 from non-default
Fix ID 1601640
■ Symptom: MSI repair causes the Symantec Web server port to revert to the
default value.
■ Solution: Added a custom Web site port setting to the conf.properties file
during a repair install.
Symantec Endpoint Protection client upgrade warnings are

inconsistent
Fix ID 1638457
■ Symptom: Symantec Endpoint Protection client upgrade warnings on 64-bit
upgrades are inconsistent with 32-bit upgrade warnings.
■ Solution: Changed the 64-bit upgrade warnings to be consistent with the 32-bit
upgrade warnings.
Symantec Endpoint Protection Manager Home page shows the

virus definition date as 1/1/1970
Fix ID 1391394
■ Symptom: On a clean Symantec Endpoint Protection Manager installation
before running LiveUpdate, the Symantec Endpoint Protection client virus
definition date shows as 1/1/1970 on console Home page.
■ Solution: The client virus definition date is properly initialized.
RTVScan.exe does not release memory until after the scan

completes
Fix ID 1427192
■ Symptom: When very large containers are scanned, memory continues to grow
until the scan completes.
■ Solution: Memory usage is reduced by not storing unnecessary data during
the scan.
Outlook Auto-Protect has problems with attachments

containing non-ASCII letters in the file name
Fix ID 1529690
■ Symptom: Attachments with non-ASCII characters cannot be opened.
■ Solution: Added functionality to retrieve the UNICODE file name attribute to
correctly create the target file name.
Microsoft Word files are deleted as soon as they are opened

on a local partition
Fix ID 1536936
■ Symptom: Microsoft Word files are deleted as soon as they are opened on a
local partition.
■ Solution: Auto-Protect was modified to do non-buffered I/O on NTFS file

system.
Crash occurs during process termination with bug check 8E

Fix ID 1545269
■ Symptom: System crashes during process termination with bug check 8E.
■ Solution: Auto-Protect was changed to better handle scans during process
termination.
An application fault occurs in RTVScan.exe due to corrupted

data in the registry
Fix ID 1592186
■ Symptom: An application fault in RTVScan.exe occurs when it attempts to
read an unexpected date value in the registry for a scheduled scan.
■ Solution: Checks were added to validate the date value.
Administrator scheduled scans are not running at specified

times
Fix ID 1594128
■ Symptom: With missed events disabled, scheduled scans are not correctly
flagged as missed events.
■ Solution: Enhanced missed event detection to account for the user environment
when detecting missed events.
Users suddenly cannot access shared files with Auto-Protect

enabled
Fix ID 1594214
■ Symptom: Users suddenly cannot access shared files with Auto-Protect enabled.
■ Solution: Enhanced Auto-Protect to better handle client file accesses to a
server.
Symantec Endpoint Protection crashes in RTVscan when

performing multi-threaded scan
Fix ID: 1639778
■ Symptom: An application crash occurs in RTVscan when run with

multi-threaded or hyper-threaded options enabled.
■ Solution: Additional checks were added to prevent an application crash.
Symantec Endpoint Protection does not detect eicar.com when

it is downloaded using Google Chrome
Fix ID 1673766
■ Symptom: Using Chrome, threats are downloaded without detections while
using selected file extension settings in Auto-Protect.
■ Solution: Added the .TMP and .PART extensions (for Firefox) to the default
extension list for Auto-Protect.
Auto-Protect does not detect threats that are copied to a

network share or a mapped network drive on Windows 2003
or 2008 Server
Fix ID 1675715
■ Symptom: Auto-Protect does not detect threats that are copied to a network
share or a mapped network drive on Windows 2003 or 2008 Server.
■ Solution: Enhanced Auto-Protect to better handle client file accesses to a
network share or a mapped network drive.
Crash on Vista with bug check 7f

Fix ID 1738584
■ Symptom: Crash on Vista with bug check 7f.
■ Solution: On Vista, enhanced Auto-Protect to better handle situations of low
kernel stack memory.
Coh32.exe has an application error with the message “The

instruction at “0x044be849” referenced memory at
“0x000000000”
Fix ID 1744359
■ Symptom: On Windows 2000, when running a process from a mapped drive,
the Windows system cannot determine the mapped drive and causes a crash
in COH32.
■ Solution: Additional checks were added to better handle this situation.
Symantec Endpoint Protection Email Auto-Protect does not

work properly when using Secure POP3 (POP3S) port 995
Fix ID 1509203
■ Symptom: Symantec Endpoint Protection Email Auto-Protect does not work
properly when using POP3S port 995. The Symantec Endpoint Protection email
proxy modifies SSL v2 Client Hello, preventing POP3S SSL mail connections
in some cases.
■ Solution: Fixed the email proxy to not modify SSL v2 Client Hello.
Symantec Endpoint Protection Firewall

This section describes the customer fixes for the firewall since the release of MR4
MP2 (11.0.4.4200)
Firewall does not block traffic to or from Juniper SA Network

Connect virtual NIC
Fix ID 1262087
■ Symptom: Juniper SA Network Connect virtual NIC does not specify a media
type, causing Teefer2 to not bind to the adapter.
■ Solution: Added Juniper SA Network Connect virtual NIC media type to Teefer2.
With NICs that use a TCP offload engine, Symantec Endpoint

Protection with Network Threat Protection enabled causes
networking problems, such as connection failures and
performance degradation
Fix ID 1389258
■ Symptom: Teefer2 causes packet loss with TCP/UDP checksum offload by not
preserving checksum data.
■ Solution: Teefer2 corrected to preserve checksum data.
DNS resolution fails while connected via Microsoft VPN

Fix ID 1442277
■ Symptom: Teefer2 causes packet loss with TCP/UDP checksum offload by not
preserving checksum data.
■ Solution: Teefer2 corrected to preserve checksum data.
System crashes with STOP 7E during Symantec Endpoint

Protection client installation
Fix ID 1532340
■ Symptom: When Teefer2 is loaded, it accesses a list of system modules. When
these system modules are changed while Teefer2 is processing them, the system
crashes.
■ Solution: Improved handling of the system data.
Last Download Time shows an erroneous date

Fix ID 1538048
■ Symptom: The "Last Download Time" that is uploaded from the Symantec
Endpoint Protection client side is incorrect.
■ Solution: The client's Last Download Time is properly initialized.
Firewall rule unable to block application with use of DNS Host

or DNS Domain types in Host Groups
Fix ID 1540750
■ Symptom: When configuring the Host Group to use a DNS host name or DNS
domain, the rule does not block traffic.
■ Solution: Additional checks were added to identify the correct IP address to
use when sending RDNS packets.
Crash in sysplant.sys caused by stale data

Fix ID 1541319
■ Symptom: A crash occurs when Sysplant attempts to access stale internal data.
■ Solution: Fixed Sysplant to properly identify and not store stale internal data.
Disabling the Browse files and printer on the network option

through Network Threat Protection has no effect
Fix ID 1543964
■ Symptom: When a user disables Browse files and printer on the network and
Share my files and printers with others on the network under Network Threat
Protection options, the user is still able to access and share folders.
■ Solution: A missing default file rule was added to the policy file.
With a dial-up adapter, firewall rules are not applied while

using Internet Explorer
Fix ID 1544028
■ Symptom: With a dial-up adapter, network traffic is tunneled through WANARP
instead of the correct application, Internet Explorer.
■ Solution: Fixed to identify the correct application.
The Symantec Endpoint Protection client is unable to maintain

a network connection through the 802.1x enforcement after
the Cisco VPN client 3.6.6 dials up
Fix ID 1544442
■ Symptom: With Cisco VPN clients, EAP packets are being blocked by Network
Threat Protection.
■ Solution: Modified Network Threat Protection to only block EAP packages
when 802.1x authentication mode is set to a 3rd party supplicant.
Sysplant prevents Cygwin compiler from building code

Fix ID 1556624
■ Symptom: Cygwin cannot compile source code if Symantec Endpoint Protection
is installed with Application and Device Control enabled.
■ Solution: Resolved a conflict between the Symantec Endpoint Protection client
and Cygwin.
Clients report Denial of Service attack (IP Fragmentation

overlap) when no overlap is occurring
Fix ID 1586674
■ Symptom: When connected over a VPN, a false positive Denial of Service
detection (IP fragmentation overlap) causes the Web site to be blocked for 10
minutes.
■ Solution: Corrected how the last IP fragmentation packet is identified to
properly calculate the packet length.
Host integrity configuration file is corrupted on Vista

Fix ID 1587248
■ Symptom: On Vista, Application Device Control causes Host Integrity checks

to fail with errors in the security log, indicating that the Host Integrity
configuration file is corrupt.
■ Solution: Application Device Control was corrected to allow Host Integrity
checks to succeed.
Sysplant causing CosmoCall Agent software to crash

Fix ID 1592206
■ Symptom: With Application and Device Control installed, CosmoCall Universe
4.5 software does not launch and returns the error message “CosmoCall
Universe 4.5 has encountered a problem and needs to close."
■ Solution: Corrected compatibility issue with CosmoCall Universe.
On Vista, application and device control is not able to log DLL

injection attempts to IExplorer.exe
Fix ID 1653904
■ Symptom: A client with an Application and Device Control policy to block DLL
injections blocks successfully but without displaying a notification or adding
an entry to the logs.
■ Solution: Both a notification and log entry are successfully created.
System Lockdown exclusions are not honored, which causes

strange characters in file path
Fix ID 1677455
■ Symptom: System Lockdown exclusions are not honored, which causes strange
characters to appear in file paths, as seen in "Unapproved Applications Only"
logs.
■ Solution: Changed how the file path is obtained to avoid strange characters.
Symantec Endpoint Protection detects Jolt2 DoS attack when

Altiris agent sends large amounts of ICMP packets to the Altiris
server
Fix ID 1677459
■ Symptom: Symantec Endpoint Protection detects Jolt2 DoS attack when the
Altiris agent sends large amounts of ICMP packets to the Altiris server.
■ Solution: Symantec Endpoint Protection clients will not detect Jolt2 DoS attack
with systems patched with the corresponding Microsoft update.
A crash caused by sysplant.sys, bug check 1000008E occurs

Fix ID 1723596
■ Symptom: A crash caused by sysplant.sys, bug check 1000008E occurs.
■ Solution: Enhanced Sysplant to better handle exceptions.
Symantec Endpoint Protection Manager

This section describes the customer fixes for Symantec Endpoint Protection
Manager since the release of MR4 MP2 (11.0.4.4200).
The Symantec Endpoint Protection Manager cannot use registry

key (default) as a file path in a Host Integrity check
Fix ID 1543123
■ Symptom: The user interface does not allow the use of the registry key (default)
as a file path for a Host Integrity check.
■ Solution: Removed restriction to not allow the use of registry key (default).
Policy settings never update after creating a new management

server list using specific Japanese strings
Fix ID 1739908
■ Symptom: Policy settings never update after creating a new management
server list using specific Japanese strings.
■ Solution: Enhanced Enforcer parser.
Home, Monitors, and Reports pages are blank on the remote

console after updating Java to version 1.6 Update 11
Fix ID 1473464
■ Symptom: When using a remote console, some Symantec Endpoint Protection
Manager pages are blank after updating to Java 1.6 update 11.
■ Solution: Upgraded the version of Java Desktop Integration Components (JDIC).
Windows 2008 is identified as Vista in scm-server logs

Fix ID 1503238
■ Symptom: Windows 2008 is identified as Vista in server logs.

■ Solution: Updated the Java version.
Replication error - violation of PRIMARY KEY constraint

'PK_SEM_COMPUTER' occurs
Fix ID 1534861
■ Symptom: Replication fails with the error Violation of PRIMARY KEY constraint
'PK_SEM_COMPUTER'.
■ Solution: Synchronize replication merging process, so that only one replication
merging process is run at a time.
User Account Control prompt on Windows 2008 Server or Vista

when using a remote console does not reflect the status of
UAC
Fix ID 1536901
■ Symptom: When opening the remote console for Symantec Endpoint Protection
Manager on Windows 2008 Server or Vista, the user is prompted to disable
UAC when UAC is already disabled.
■ Solution: The user prompt was changed.
IPS Exclusions do not work for DNS host and DNS Domain used
with Host Groups
Fix ID 1538126
■ Symptom: After creating Host Groups with DNS host and DNS domain, selecting
the associated Host Groups to create IPS Host Exclusions does not work.
■ Solution: Defining the host by MAC address, DNS host, and DNS domain is not
supported. A warning message was added to warn the user.
Saved filter converting commas to "*2C"

Fix ID 1538175
■ Symptom: In reporting saved filters, commas are converted to *2C.
■ Solution: When loading saved filters from the database, commas are no longer
converted.
Replication occurs over a proxy server, if a LiveUpdate proxy

is defined
Fix ID 1538199
■ Symptom: If a LiveUpdate proxy is defined, replication is attempted over the
proxy server and fails.
■ Solution: Use connection-wise proxy setting instead of setting system property.
New Software Package notification email contains multiple

redundant lines
Fix ID 1539834
■ Symptom: When a user creates notifications for new software downloads, the
email contains duplicate descriptions over a period of time.
■ Solution: SQL query corrected and updated email format to now include time,
download description, and which server downloaded the content.
A broken link appears in the dbvalidator.log

Fix ID 1543995
■ Symptom: A broken link appears in the dbvalidator.log.
■ Solution: Added a verification to check whether the policy is in use.
Requested to change Administrator's password at Reporting

logon when set to never expire
Fix ID 1545139
■ Symptom: Although the Symantec Endpoint Protection Manager
Administrator's password is set as 'Password never expires', the user is
requested to change the password after 60 days.
■ Solution: Corrected the configuration to not request password change when
set to never expire.
Negative number appears in Detection Action Summary report

Fix ID 1555834
■ Symptom: The Detection Action Summary report displays negative numbers
due to mismatched database records.
■ Solution: Corrected the data parsing to avoid mismatched database records.
A French Localized Symantec Endpoint Protection Manager

cannot create scheduled reports due to incorrect date format
Fix ID 1587237
■ Symptom: On French localized Symantec Endpoint Protection Managers,
scheduled reports cannot be created due to an incorrect date format.
■ Solution: Specified the date format before saving the scheduled report to the
database.
Sorting by date in Client Status page generates scrambled

results
Fix ID 1587874
■ Symptom: When trying to apply a filter/sort based on "Last Update Time,"
dates are not sorted correctly.
■ Solution: Changed the data type to date comparison sorting.
The Symantec Endpoint Protection Manager client table Sort

button stops working and does not toggle
Fix ID 1587920
■ Symptom: The Sort button stops working randomly when attempting to sort
elements on the Symantec Endpoint Protection Manager Clients tab.
■ Solution: Avoid multiple mouse listeners for the same table header.
The Search Client option allows limited administrators to run

commands on computers in groups with no access rights
Fix ID 1589447
■ Symptom: The Search Client option shows computers in groups that limited
administrators do not have permissions to access.
■ Solution: Only show the allowed groups to limited administrators.
Duplicate client records in the database point to groups that

no longer exist, causing communication failures
Fix ID 1589472
■ Symptom: Duplicate client records in the database point to groups that no
longer exist, causing communication failures.
■ Solution: During replication, clients without a valid group ID are cleaned.
Default size of the Symantec Endpoint Protection Manager

user interface does not allow all filters to be seen or selected
when adding a Scheduled Report
Fix ID 1592013
■ Symptom: Not all filters are visible when creating Scheduled Reports.
■ Solution: Added a scrollbar to the filter selection when the number of filters
is greater than 7.
System Administrator Scheduled Reports inappropriately

visible across Symantec Endpoint Protection Manager Domains
Fix ID 1592959
■ Symptom: System administrator permissions are retained for Domain
administrators, which makes previously created reports accessible.
■ Solution: System administrator permissions are not longer retained after
logging off the Symantec Endpoint Protection Manager domain.
Learned applications paths are incorrect

Fix ID 1593025
■ Symptom: The use of a backslash '\' instead of a forward slash '/' in learned
application paths causes firewall rules to function incorrectly.
■ Solution: During profile compilation, incorrect path separation characters are
corrected.
Replication fails when the password for the Symantec Endpoint

Protection Manager account used for replication contains the
% character
Fix ID 1593159
■ Symptom: Cannot authenticate with special characters in the Symantec
Endpoint Protection Manager account password, causing replication failures.
■ Solution: Corrected to allow authentication to succeed with the use of special
characters.
Improper end time in exported scan logs

Fix ID 1593319
■ Symptom: The Symantec Endpoint Protection Manager console correctly

displays the start and end time but the end time is incorrectly shown in
exported logs.
■ Solution: Avoided trimming the end date data after it is retrieved from the
database.
Symantec Endpoint Protection Manager reports show file paths

with a forward slash when it should be a back-slash
Fix ID 1595804
■ Symptom: Symantec Endpoint Protection Manager reports show file paths
with a forward slash when it should be a backslash.
■ Solution: Corrected Symantec Endpoint Protection Manager reports to show
backslashes.
Notification batch script does not finish successfully

Fix ID 1595961
■ Symptom: When configuring a notification to run a batch script, the script is
executed but does not complete successfully.
■ Solution: Allowed the server task to wait for the batch script to complete before
termination.
Data truncation errors appear in the logs

Fix ID 1597067
■ Symptom: Data truncation errors appear and error logs are created in the
antivirus log directory.
■ Solution: Added more error checking to check the log session GUID for validity.
Replication fails with "Duplication of Primary key"

Fix ID 1597521
■ Symptom: Replication fails with "Duplication of Primary key".
■ Solution: Duplicate data with the same key values are only included once.
Scheduled reports return a list of report recipients with extra

space
Fix ID 1597537
■ Symptom: While editing the recipient list for scheduled reports, the error
message "Invalid characters have been removed from the list of emails." appears
even though no changes are made.
■ Solution: The email recipient list is saved without additional spaces.
"No entries" in Monitors > logs "Computer status" on Embedded

Replication Partner (with SQL)
Fix ID 1597713
■ Symptom: No date is shown for Computer status logs when related data is
available in database.
■ Solution: When the date is unavailable from the client, the server timestamp
is used as the client's last check-in time.
Unmanaged Detector does not acknowledge excluded

computers and IP phones
Fix ID 1600943
■ Symptom: IP address ranges that should be excluded appear in the results of
unmanaged computers notifications.
■ Solution: Corrected data retrieval from the database to filter excluded IP ranges.
Host compliance log details are truncated when a Host Integrity

policy has a large number of requirements
Fix ID 1601779
■ Symptom: With a SQL database, host compliance log details are truncated
when a Host Integrity policy has a large number of requirements.
■ Solution: Host compliance log details are no longer truncated.
A Limited Administrator account is able to create packages,

upgrade groups, and view reports for groups that have been
blocked
Fix ID 1631487
■ Symptom: A Limited Administrator account is able to create packages, upgrade
groups, and view reports for groups that have been blocked.
■ Solution: Fixed various user interfaces in the console to limit administrator
access.
64-bit Windows XP in exported Computer Status Export logs

is incorrect
Fix ID 1633311
■ Symptom: In the Computer Status Log, Symantec Endpoint Protection clients
running 64-bit Windows XP show as "Other".
■ Solution: Added Windows XP Professional x64 Edition in the logs.
The raw data dump from the External Logging options does
not contain column header identifiers
Fix ID 1633619
■ Symptom: The raw data dump from the External Logging options does not
contain column header identifiers.
■ Solution: Added header information on all logs created by the External Logging
feature.
Clients are not deleted from historical data and skew reports
Fix ID 1639520
■ Symptom: Legacy clients and servers no longer on the network still show in
the Security Status report with out-of-date definitions.
■ Solution: Added additional checks for legacy clients and servers with improper
status updates.
LiveUpdate errors are listed as warnings instead of error

Fix ID 1652423
■ Symptom: In the Symantec Endpoint Protection Manager logs, LiveUpdate
errors are listed as warnings instead of errors.
■ Solution: Changed LiveUpdate errors from warning to error.
Single client does not get sent the commands from Symantec
Endpoint Protection Manager
Fix ID 1654964
■ Symptom: In the Symantec Endpoint Protection Manager, a command issued
to a single client with a hardware key starting with 00 is not run by the client.
■ Solution: A hardware key starting with 00 is no longer identified as an
unavailable client.
Behavior of outbreak notifications is inconsistent

Fix ID 1656397
■ Symptom: Overlapping single risk and outbreak conditions do not trigger
outbreak notifications when expected.
■ Solution: Algorithm changed to better detect overlapping risks or outbreaks.
With Simplified Chinese, garbage characters appear in attack

logs
Fix ID 1664719
■ Symptom: With Simplified Chinese, garbage characters appear in Symantec
Endpoint Protection Manager Network Threat Protection logs.
■ Solution: Added UTF-8 encoding for SQL Server 2000.
Changes to the maximum number of clients displayed per page

in the default view are not preserved in other views
Fix ID 1665823
■ Symptom: Changes to the maximum number of clients displayed per page in
the default view is not preserved in other views.
■ Solution: Synchronize the settings when saving display filters for each view.
Duplicate Centralized Exceptions policies appear when adding

exceptions via risk logs
Fix ID 1669897
■ Symptom: Duplicate Centralized Exceptions policies appear when adding
exceptions via risk logs.
■ Solution: To avoid duplicates, only the shared Centralized Exception policies
are displayed.
Event times are shown as "1970/01/01 08:00:00" [TimeZone:+8]

in notification email
Fix ID 1672629
■ Symptom: Email alerts for event notifications show as "1970/01/01..." even
though the Symantec Endpoint Protection Manager console shows the correct
event time.
■ Solution: Corrected the date and time format conversion for email notifications.
The Symantec Endpoint Protection Manager quits when

displaying a large log of unapproved applications
Fix ID 1673860
■ Symptom: The Symantec Endpoint Protection Manager quits due to a Java
heap space error when viewing Unapproved Applications Only on the System
lockdown page that exceed 290K records.
■ Solution: Unapproved Applications Only logs are limited to displaying the last
20,000 records. Users can still view all the logs from the Application and Device
Control Logs report.
Symantec Endpoint Protection Manager client status "Last

Check-in" date/time is calculated inconsistently
Fix ID 1673951
■ Symptom: In the Symantec Endpoint Protection Manager, client "Last Check-in"
date/time shows as Symantec Endpoint Protection Manager date/time until
the client checks in as part of the regular heartbeat.
■ Solution: When the date is unavailable from the client, the server timestamp
is used as the client's last check-in time.
Client status is displayed incorrectly in the Symantec Endpoint

Protection Manager console
Fix ID 1677244
■ Symptom: Client status is displayed incorrectly on the Home page Status
Summary, but correctly on the Clients tab.
■ Solution: Corrected the query to retrieve client status from the database.
Moving users between OUs within Active Directory is not

correctly reflected on the Symantec Endpoint Protection
Manager interface
Fix ID 1678457
■ Symptom: Users created with display names greater than 64 characters are
truncated, causing updates to fail.
■ Solution: Limit the display name to 64 characters.
The Symantec Endpoint Protection Manager no longer accepts

RISK logs from legacy Symantec AntiVirus servers after
migration
Fix ID 1679706
■ Symptom: The Symantec Endpoint Protection Manager no longer accepts RISK
logs from legacy Symantec AntiVirus servers after migrating to Symantec
Endpoint Protection Manager 11.0 MR4 MP2.
■ Solution: Fixed agent log collection.
The number of clients in an email notification and the

corresponding report do not match
Fix ID 1701459
■ Symptom: The number of clients in an email notification and the corresponding
report do not match.
■ Solution: Synchronized email notification and the corresponding report.
Long policy description entries cause events to be dropped

Fix ID 1710139
■ Symptom: Long policy description entries cause events to be dropped.
■ Solution: Set a limit of 256 characters for policy description field.
The Symantec Endpoint Protection Manager is slow to apply

policy changes after importing 10,000 OUs
Fix ID 1714092
■ Symptom: The Symantec Endpoint Protection Manager experiences sluggish
performance when importing large numbers of OUs.
■ Solution: Enhanced the performance of Active Directory synchronization.
Initial replication fails with the notification “The transaction

log for database ‘sem5’ is full”
Fix ID 1714303
■ Symptom: Initial replication fails with the notification “The transaction log
for database ‘sem5’ is full”.
■ Solution: Increased the max database transaction log size based on the company
size selected during the Symantec Endpoint Protection Manager Installation
Wizard.
Bad CurrentSequenceNum registry value contributing to

.dat.err file build up on MR4 MP2 Symantec Endpoint
Protection Manager
Fix ID 1716657
■ Symptom: Truncation errors cause the accumulation of .dat.err files in the
agentinfo folder.
■ Solution: Fixed the truncation errors.
Virus alerts emails do not contain the file and file patch that
was infected
Fix ID 1719962
■ Symptom: Virus alerts emails do not contain the file and file patch that was
infected.
■ Solution: Added information about the file and file path to virus alerts email.
The description field on the client properties in the Symantec

Endpoint Protection Manager containing “\r\n” causes data
truncation error when replicating
Fix ID 1720809
■ Symptom: The description field on the client properties in the Symantec
Endpoint Protection Manager containing “\r\n” causes data truncation error
when replicating.
■ Solution: Multi-line descriptions are completely read by the Symantec Endpoint
Protection Manager.
Duplicate clients in the Symantec Endpoint Protection Manager

Fix ID 1722503
■ Symptom: After importing Active Directory OUs, duplicate clients appear in
the Symantec Endpoint Protection Manager.
■ Solution: Deleted duplicate clients during replication.
Symantec Endpoint Protection Manager “Single Risk”

notifications do not send email for Proactive Threat Protection
risk detection of BloodHound.SONAR.1
Fix ID 1723779
■ Symptom: Symantec Endpoint Protection Manager “Single Risk” notifications
do not send email for Proactive Threat Protection risk detection of
BloodHound.SONAR.1.
■ Solution: If you use non-defaults in a Antivirus and Antispyware Policy for
TruScan Proactive Threat Scans (that is, not Log-Only), a potential risk is
considered as a Security Risk in order to trigger the single risk notification.
SystemBiosVersion registry value results in a Symantec

Endpoint Protection Manager error “An invalid XML character”
Fix ID 1725075
■ Symptom: An invalid XML character in the SystemBiosVersion registry value
causes the client to fail to register with Symantec Endpoint Protection Manager.
■ Solution: Invalid characters are removed.
When the maximum number of clients displayed per page is

set to over 1,000, only 1,000 clients are displayed
Fix ID 1732819
■ Symptom: When the maximum number of clients displayed per page is set to
over 1,000, only 1,000 clients are displayed.
■ Solution: Limited the maximum number of clients to display to 1000 clients.
Client search by IP address only returns the first IP address

even though the computer has more than one
Fix ID 1733240
■ Symptom: Client search by IP address only returns the first IP address even
though the computer has more than one.
■ Solution: Changed to allow multiple IP address client searches.
“Unable to communicate with Reporting component” when

you log onto the Symantec Endpoint Protection Manager
remote console under certain conditions
Fix ID 1740140
■ Symptom: With two Symantec Endpoint Protection Manager consoles set up

up to use different IIS ports, remote console login does not work on the second
Symantec Endpoint Protection Manager and returns the error “Unable to
communicate with Reporting component”.
■ Solution: During remote logon, the corresponding IP address and IIS port are
correctly obtained.
Symantec Endpoint Protection Manager Home Page “Security

Status – Attention Needed” lists old data in details
Fix ID 1745613
■ Symptom: Symantec Endpoint Protection Manager Home Page “Security Status
– Attention Needed” lists old data in details.
■ Solution: The algorithm to create the hardware key was changed such that the
hardware key should not change with minor hardware changes, such as
disabling of NICs.
Symantec Endpoint Protection Manager Active Directory sync

at root OU produces duplicate clients. AD sync at sub OUs
produces no duplication
Fix ID 1745722
■ Symptom: Symantec Endpoint Protection Manager Active Directory
synchronization at root OU produces duplicate clients caused by a carriage
return in the computer description.
■ Solution: Removed unnecessary carriage return from computer description.
Java –1 errors when installing Symantec Endpoint Protection

Manager to remote database using Windows Authentication
Fix ID 1764453
■ Symptom: After Symantec Endpoint Protection Manager installation using
Windows Authentication, the Semsrv process does not stay started, causing
console login to fail with Java –1 error.
■ Solution: Removed database instance name from domain name, so that the IIS
anonymous account can be configured properly.
Symantec Network Access Control

This section describes the customer fixes for Symantec Network Access Control
since the release of MR4 MP2 (11.0.4.4200).
Client peer–to–peer authentication blocks other clients’ access

to its share folder
Fix ID 1483035
■ Symptom: Configuring the peer’s address was not using the correct IP address.
■ Solution: Corrected to use the client’s IP address.
SNAC.EXE and Services.exe take up to 40% of CPU

Fix ID 1519912
■ Symptom: After boot up, SNAC.exe and Services.exe are consuming up to 40%
of the CPU.
■ Solution: Corrected NAP service monitoring.
IP is not released when On–Demand client is exited

Fix ID 1557687
■ Symptom: After the On–Demand client is exited, the client does not release
the production IP.
■ Solution: Before exiting, the client sends a notification to all plug–ins.
User is unable to connect to the network via VPN when using

the Gateway Enforcer On–Demand plug–in
Fix ID 1638565
■ Symptom: User is unable to connect to the network with Jiangnan VPN via the
Gateway Enforcer.
■ Solution: Added support for Jiangnan VPN.
Client has delayed access to network resources during the

boot up sequence
Fix ID 1640120
■ Symptom: A client has a quarantine IP address for about 1 minute even if Host
Integrity check passes.
■ Solution: Use WGX to receive and send heartbeat to Gateway and DHCP
Enforcer when Windows networking system is not ready.
DHCP Appliance does not supply secure mask 255.255.255.255

Fix ID 1586761
■ Symptom: The Enforcer Appliance does not replace the subnet mask given out
by the Microsoft DHCP server with a 32-bit mask.
■ Solution: Added a CLI command to enable secure–netmask in DHCP Enforcer.
Users taking considerable amount of time to switch from

Quarantine to Production scope
Fix ID 1587480
■ Symptom: After being placed into the Quarantine DHCP scope, users are taking
a considerable amount of time to be correctly switched into the Production
scope.
■ Solution: DHCP status is updated when authentication status changes.
The Gateway Enforcer switches continuously switches between

standby and active
Fix ID 1592129
■ Symptom: The Gateway Enforcer continuously switches between standby and
active due to failed ARP loop detection.
■ Solution: Enhanced ARP loop detection on the Gateway Enforcer.
The Enforcer loses trunking function after self reboot

Fix ID 1600101
■ Symptom: The Enforcer loses the trunking function after a self reboot.
■ Solution: Trunking status is set to enable when failopen is enabled after a
reboot.
Running the Symantec Network Access Control On–Demand

Client and Checkpoint VPN causes a blue screen
Fix ID 1708592
■ Symptom: Running the Symantec Network Access Control On–Demand Client
and Checkpoint VPN causes a blue screen.
■ Solution: Fixed compatibility issue with CheckPoint VPN.
Guest Access does not work when using MAB & Transparent
mode
Fix ID 1511304
Components in this release
■ Symptom: When in transparent mode with MAB enabled, guests are not allowed
on the production network.
■ Solution: Detect if radius server is valid. If the radius server is invalid, Enforcer
responds to the switches MAB request.
RADIUS server rejects the user before PEAP authentication

Fix ID 1630710
■ Symptom: RADIUS server rejects the user before PEAP authentication.
■ Solution: LAN Enforcer continues to PEAP authentication to mimic a RADIUS
server.
LAN Enforcer does not communicate with Great Bay scanning

device correctly
Fix ID 1740074
■ Symptom: After deleting client MAC addresses from the Great Bay device, the
client cannot authenticate using MAB (Dot1x).
■ Solution: Detect if radius server is valid. If the radius server is invalid, Enforcer
responds to the switches MAB request.
Unable to connect to wireless, no Symantec Network Access

Control, over PEAP authentication
Fix ID 1788308
■ Symptom: With Symantec Network Access Control in transparent mode over
PEAP authentication, a client is unable to connect to wireless.
■ Solution: Fixed to not handle PEAP packets when Symantec Network Access
Control is set to transparent mode.
Components in this release

Table 1-4 lists the components in this release.
Table 1-4 Symantec Endpoint Protection components and their version
Component Version
Symantec Endpoint Protection 11.0.5002
Symantec Network Access Control 11.0.5002

Legal Notice
Table 1-4 Symantec Endpoint Protection components and their version

(continued)
Component Version
AutoProtect 10.3.0.15
Avengine 20081.1.1
Behavior Blocking 3.5.0.015
ccEraser 2007.0.1.6
COH 6.1.9.44
Common Client 106.5.0.10
DecABI 1.2.5.130
DefUtils 4.1.1
ECOM 81.3.0.13
VxMS (MS Light) 5.2.0.4
LiveUpdate 3.3.0.92
LiveUpdateAdmin 2.2.1.16
Microdefs 2.7.0.13
QServer 3.6.20
WpsHelper 12.0.1.41
SyKnAppS 3.0.3.3
SymEvent 12.8.0.11
SymNetDrv 7.2.5.9
Teefer2 11.0.5
Legal Notice
The software described in this book is furnished under a license agreement and
may be used only in accordance with the terms of the agreement.
Documentation version 11.00.05.00.00
Copyright © 2009 Symantec Corporation. All rights reserved.
Legal Notice
Symantec, the Symantec Logo, and LiveUpdate are trademarks or registered

trademarks of Symantec Corporation or its affiliates in the U.S. and other
countries. Other names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is
required to provide attribution to the third party (“Third Party Programs”). Some
of the Third Party Programs are available under open source or free software
licenses. The License Agreement accompanying the Software does not alter any
rights or obligations you may have under those open source or free software
licenses. Please see the Third Party Legal Notice Appendix to this Documentation
or TPIP ReadMe File accompanying this Symantec product for more information
on the Third Party Programs.
The product described in this document is distributed under licenses restricting
its use, copying, distribution, and decompilation/reverse engineering. No part of
this document may be reproduced in any form by any means without prior written
authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY
IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT
THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC
CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE
OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS
DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer
software as defined in FAR 12.212 and subject to restricted rights as defined in
FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and
DFARS 227.7202, "Rights in Commercial Computer Software or Commercial
Computer Software Documentation", as applicable, and any successor regulations.
Any use, modification, reproduction release, performance, display or disclosure
of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Legal Notice

Release Notes For Symantec Endpoint Protection 11-0-5

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Release Notes For Symantec Endpoint Protection 11-0-5

Загружено:

Авторское право:

Доступные форматы

Release Notes for Symantec™

Endpoint Protection and

Revision Date 9/21/2009 7:00 P.M. PDT

■ About Symantec Endpoint Protection and Symantec Network Access Control

■ What's new in this version

■ Known issues and workarounds

■ Resolved issues by category

■ Components in this release

About Symantec Endpoint Protection and Symantec

What's new in this version

Table 1-1 New features in this version

■ Microsoft Windows Server 2008

■ Microsoft Windows 7 (all editions

Table 1-1 New features in this version (continued)

■ Limit the amount of bandwidth that the Group

Documentation for Symantec Endpoint Protection

Documentation for Symantec Network Access Control

Common Topics for Symantec Network Access Control

What you need to know before you install or update

Installing the product for the first time

Table 1-2 Process for installing the product

Step Action Description

Table 1-2 Process for installing the product (continued)

Step Action Description

Alternately, you can:

■ Use the Migration and Deployment Wizard

Upgrading to a new release of Symantec Endpoint Protection or

Table 1-3 Process for upgrading to the latest maintenance release

Step Action Description

Step 6 Upgrade Upgrade your client software to the latest version.

Symantec Endpoint Protection Manager requires TCP port 9090 by

The default port for Enforcer communication with Symantec Endpoint

Known issues and workarounds

Upgrades, installation, uninstallation, and repair issues

Silent, forced-reboot packages deployed by "Find Unmanaged Computers"

Client computers that take a long time to be automatically upgraded to

If upgrading Network Access Control-enabled Symantec Endpoint Protection

■ Automatically upgrade the client.

Network connectivity is sometimes lost during an upgrade

Using a URL to auto-upgrade clients that run Symantec Endpoint Protection

Upgrading a Symantec Endpoint Protection client that does not contain

INSTALLATION AND REPAIR

Authentication failure can occur on computers that run Windows 7 or Vista

Symantec Endpoint Protection Manager issues

Cannot log on remotely to the management server console

Logging into the Symantec Endpoint Protection Manager

Using localhost in a URL is not recognized as an available

The Symantec Endpoint Protection Manager console crashes

Reporting components do not start if you specify an IP address

Symantec Endpoint Protection Manager policy issues

Disk full message erroneously appears when it downloads

space for LiveUpdate to operate properly. Please free up disk space

on your computer and run LiveUpdate again.

NETWORK THREAT PROTECTION POLICIES

Application and Device Control does not function when Network

HOST INTEGRITY POLICIES

Compatibility issues with MS Verifier on Windows 7 against

The Network Access Control-enabled Symantec Endpoint

To create the rule

Symantec Endpoint Protection client issues

Network Threat Protection "Block Microsoft Windows

Symantec Network Access Control client issues