Вы находитесь на странице: 1из 56

Release Notes for Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network

Access Control, version 12.1 Release Update 1


Updated: Tuesday, October 25, 2011

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011
This document includes the following topics:

About Symantec Endpoint Protection version 12.1 Release Update 1 What's new in version 12.1 Release Update 1 What's new in version 12.1 Where to get more information

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 About Symantec Endpoint Protection version 12.1 Release Update 1

Planning the installation Upgrading to a new release of Symantec Endpoint Protection Upgrading your Symantec Endpoint Protection installation to include Symantec Network Access Control Known issues and workarounds Resolved issues in this release Legal Notice

About Symantec Endpoint Protection version 12.1 Release Update 1


This release adds new platform support, new features, and defect fixes. Release Update 1 is the upgrade for the Symantec Endpoint Protection and Symantec Network Access Control 12.1 product line. All functionality of version 12.1 is maintained, unless otherwise noted. See What's new in version 12.1 Release Update 1 on page 4. See What's new in version 12.1 on page 5.

What's new in version 12.1 Release Update 1


Table 1-1 displays the new features in Release Update 1. Table 1-1 Feature
FIPS 140-2 level 1 compliance

New features in version 12.1 Release Update 1

Description
You can deploy Symantec Endpoint Protection with a FIPS-compliant configuration to protect its server-to-server communication and console-to-server communication.

Support for additional Symantec Endpoint Protection Manager supports Windows Small Business Server 2003. operating systems The Symantec Endpoint Protection client now supports the following operating systems:

Windows Small Business Server 2003 Windows Embedded Standard 7 Windows XP Embedded SP3 and later

The Symantec Endpoint Protection Mac client and the Symantec Network Access Control On-Demand client for Mac now support Mac OS 10.7 Lion.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 What's new in version 12.1

Table 1-1 Feature


Support for updated legacy and migrated clients Better security and performance

New features in version 12.1 Release Update 1 (continued)

Description
Symantec AntiVirus for Linux 1.0 is updated to Maintenance Release 12 (version 1.0.12). The legacy Symantec Endpoint Protection client is updated to 11.0 Release Update 7 (version 11.0.7000). Release Update 1 includes the following enhancements: The Firewall policy provides better support for mobile broadband adapters. The firewall is compatible with NDIS6 interfaces on Windows Vista and later. Browser intrusion prevention in the Intrusion Prevention policy is compatible with Firefox 5, Firefox 6, and Firefox 7. You can specify exceptions for a manual scan, Auto-Protect scan, or both.

See What's new in version 12.1 on page 5.

What's new in version 12.1


The current release includes the following improvements that make the product easier and more efficient to use. Table 1-2 displays the new features in version 12.1.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 What's new in version 12.1

Table 1-2 Feature Description

New features in version 12.1

Better security against The most significant improvements in the 12.1 release include the following policy features malware to provide better protection on the client computers.

The Virus and Spyware Protection policy detects threats more accurately while it reduces false positives and improves scan performance with the following technologies: SONAR replaces the TruScan technology to identify malicious behavior of unknown threats using heuristics and reputation data. While TruScan runs on a schedule, SONAR runs at all times.

Auto-Protect provides additional protection with Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals. Download Insight uses reputation information from Symantec Insight to make decisions about files. Insight lets scans skip Symantec and Community Trusted files, which improves scan performance. Insight Lookup detects the application files that might not typically be detected as risks and sends information from the files to Symantec for evaluation. If Symantec determines that the application files are risks, the client computer then handles the files as risks. Insight Lookup makes malware detection faster and more accurate.

The Firewall policy includes firewall rules to block IPv6-based traffic. The Intrusion Prevention policy includes browser intrusion prevention, which uses IPS signatures to detect the attacks that are directed at browser vulnerabilities.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 What's new in version 12.1

Table 1-2 Feature


Faster and more flexible management

New features in version 12.1 (continued)

Description
Symantec Endpoint Protection Manager helps you manage the client computers more easily with the following new features:

Centralized licensing lets you purchase, activate, and manage product licenses from the management console. Symantec Endpoint Protection Manager registers with Protection Center version 2. Protection Center lets you centralize data and integrate management of Symantec security products into a single environment. You can configure some of the settings Protection Center uses to work with Symantec Endpoint Protection Manager. The Symantec Endpoint Protection Manager logon screen enables you to have your forgotten password emailed to you.

Symantec Endpoint Protection Manager includes an option to let any of the administrators in a site reset their forgotten password. You can configure when and how Symantec Endpoint Protection Manager restarts the client computer, so that the restart does not interfere with the user's activity.

The Monitors page includes a set of preconfigured email notifications that inform you of the most frequently used events. The events include when new client software is available, when a policy changes, license renewal messages, and when the management server locates unprotected computers. The notifications are enabled by default and support the BlackBerry, iPhone, and Android. The Home page displays the high-level reports that you can click, which makes the Home page simpler and easier to read. The Home page also displays a link to notifications about log events that you have not yet read.

Improved status reporting automatically resets the Still Infected Status for a client computer once the computer is no longer infected. You can now configure Linux clients to send log events to Symantec Endpoint Protection Manager.

Better server and client performance

To increase the speed between the management server and the management console, database, and the client computers:

The management server performs automatic database cleanup tasks to improve the server-client responsiveness and scalability. Virus and spyware scans use Insight to let scans skip safe files and focus on files at risk. Scans that use Insight are faster and more accurate, and reduce scan overhead by up to 70 percent. LiveUpdate can run when the client computer is idle, has outdated content, or has been disconnected, which uses less memory.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 What's new in version 12.1

Table 1-2 Feature


Support for virtual environments

New features in version 12.1 (continued)

Description
Enhanced to help protect your virtual infrastructure, Symantec Endpoint Protection includes the following new features:

The Shared Insight Cache Server lets clients share scan results so that identical files only need to be scanned once across all the client computers. Shared Insight Cache can reduce the effect of full scans by up to 80%. The Virtual Image Exception tool reduces the effect of scanning every single file in a trusted base image. Instead of continually scanning system files for viruses, the Virtual Image Exception tool lets you white list files from your baseline image on virtual machines.

Symantec Endpoint Protection Manager uses hypervisor detection to automatically detect which clients run on a virtual platform. You can create policies for groups of clients on virtual platforms. The Symantec offline image scanner can scan offline VMware .vmdk files to ensure that there are no threats in the image.

Support for Mac clients

In Symantec Endpoint Protection, you can configure the policies for Mac clients based on a location as well as a group. In Symantec Endpoint Protection Small Business Edition, you can now deploy and manage Mac clients in Symantec Endpoint Protection Manager.

Improved installation You can install the product faster and easier than before with the following new installation process features:

The Symantec Endpoint Protection Manager installation wizard lets you import a previously saved recovery file that includes client-server connection information. The recovery file enables the management server to reinstall existing backed-up certificates and to automatically restore the communication to the existing clients.

The management server Web service uses Apache instead of IIS. You do not need to install IIS first, as you did in previous versions. The Client Deployment Wizard quickly locates unprotected computers on which you need to install the client software. The wizard also provides an email deployment link so that users can download the client software by using the Web. The wizard makes client software faster and easier to deploy.

You can upgrade to the current version of the product while the legacy clients stay connected and protected. A new quick report for deployment shows which computers have successfully installed the client software.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 What's new in version 12.1

Table 1-2 Feature Description

New features in version 12.1 (continued)

Support for additional Symantec Endpoint Protection Manager and the Symantec Endpoint Protection client now operating systems and support the following additional virtual platforms: virtual platforms VMware Workstation 7.0 or later

VMware ESXi 4.0.x or later VMware ESX 4.0.x or later VMware Server 2.0.1 Citrix XenServer 5.1 or later

Symantec Endpoint Protection Manager now supports the following Web browsers:

Internet Explorer 7.0, 8.0, 9.0 Firefox 3.6, 4.0

The Symantec AntiVirus for Linux client now supports the following additional operating systems:

RedHat Enterprise Linux 6.x

SUSE Linux Enterprise Server and Enterprise Desktop 11.x (includes support for OES 2) Ubuntu 11.x

Fedora 14.x, 15.x Debian 6.x For information about using the Symantec AntiVirus client on Linux, see the Symantec AntiVirus for Linux Client Guide.

10

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 What's new in version 12.1

Table 1-2 Feature


Better Enforcer management in Symantec Endpoint Protection Manager

New features in version 12.1 (continued)

Description
You can manage the Enforcers more easily by configuring the following Enforcer settings in Symantec Endpoint Protection Manager:

Ability for the clients in an Enforcer group to synchronize their system time constantly by using the Network Time Protocol server. You can more easily update the list of MAC addresses with the following improvements: For the DHCP Integrated Enforcer, you can import a text file that contains the MAC address exceptions that define trusted hosts. For the LAN Enforcer, you can add, edit, and delete the MAC addresses that the Host Integrity checks ignore by using the following features: MAC Authentication Bypass (MAP) bypasses the Host Integrity check for non-802.1x clients or the devices that do not have the Symantec Network Access Control client installed. Ignore Symantec NAC Client Check bypasses the Host Integrity check for 802.1x supplicants that do not have the Symantec Network Access Control client installed. You can add individual MAC addresses or use wildcards to represent vendor MAC strings. You can also import the MAC addresses from a text file. You can add MAC addresses with or without an associated VLAN, which allows multiple VLANs to be supported.

New Network Access Control features in Symantec Endpoint Protection Manager

Symantec Endpoint Protection Manager includes the following additional functionality for Symantec Network Access Control:

Enforcer management server lists can include management servers from replication partners. Enforcers can connect to any management server at any site partner or replication partner. The Compliance logs for the Symantec Network Access Control client provide additional information about log events and Host Integrity check results. You can now see which requirement caused a Host Integrity check on a client computer to fail. LiveUpdate downloads Host Integrity templates to management servers. Therefore, client computers can get the Host Integrity policies that include updated Host Integrity templates. Enforcer groups support limited administrator accounts and administrator accounts as well as system administrator accounts. For a large company with multiple sites and domains, you probably need multiple administrators, some of whom have more access rights than others.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Where to get more information

11

Table 1-2 Feature Description

New features in version 12.1 (continued)

New Enforcer features Symantec Network Access Control includes the following new features:

64-bit support for the Integrated Enforcers.

Support for the Network Policy Server (NPS) with the Microsoft Windows Server 2008 (Longhorn) implementation of a RADIUS server and proxy. The Enforcer can now authenticate the clients that run Windows Vista or later versions and that use 802.1x authentication. For the DHCP Integrated Enforcer, you can selectively turn on scope-based enforcement for the scopes that you define.

The Gateway Enforcer supports both 802.1q trunking and On-Demand Clients at the same time. You can designate a single VLAN on a multiple trunk VLAN to host On-Demand Clients. Support for the guest enforcement mode, which enables the Gateway Enforcer to act as a download server for On-Demand Clients. The Gateway Enforcer downloads On-Demand Clients to guest computers, enabling the clients to communicate to the Enforcer through the guest computers' Web browsers. In the guest enforcement mode, the Gateway Enforcer does not forward inline traffic. Support for On-Demand Client persistence, which includes the capability to be connected for a designated period. The local database size has been increased to 32 MB to accommodate a larger number of MAC addresses.

See What's new in version 12.1 Release Update 1 on page 4.

Where to get more information


The product includes several sources of information. The primary documentation is available in the Documentation folder on the product disc. Updates to the documentation are available from the Symantec Technical Support Web site. The product includes the following documentation:

Symantec Endpoint Protection Getting Started Guide Symantec Endpoint Protection Small Business Edition Getting Started Guide Symantec Network Access Control Getting Started Guide This guide includes the system requirements and an overview of the installation process. Symantec Endpoint Protection and Symantec Network Access Control Implementation Guide

12

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Where to get more information

Symantec Endpoint Protection Small Business Edition Implementation Guide This guide includes procedures to install, configure, and manage the product.

Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection Small Business Edition Client Guide This guide includes procedures for users to use and configure the Symantec Endpoint Protection or Symantec Network Access Control client. Symantec LiveUpdate Administrator User's Guide This guide explains how to use the LiveUpdate Administrator. This guide is located in the Tools\LiveUpdate folder on the Tools product disc. Symantec Central Quarantine Implementation Guide This guide includes information about installing, configuring, and using the Central Quarantine. This guide is located in the CentralQ folder on the Tools product disc. Symantec Endpoint Protection Manager Database Schema Reference This guide includes the database schema for Symantec Endpoint Protection Manager. Symantec Client Firewall Policy Migration Guide This guide explains how to migrate from Symantec Client Firewall Administrator to Symantec Endpoint Protection Manager. Online Help for Symantec Endpoint Protection Manager and for the client These Online Help systems contain the information that is in the guides plus context-specific content. Tool-specific documents that are located in the subfolders of the Tools folder on the Tools product disc.

Table 1-3 displays the Web sites where you can get additional information to help you use the product. Table 1-3 Types of information Symantec Web sites Web address

Symantec Endpoint Protection software http://www.symantec.com/business/products/downloads/

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Planning the installation

13

Table 1-3 Types of information


Public knowledge base Releases and updates Manuals and documentation updates Contact options

Symantec Web sites (continued) Web address


Symantec Endpoint Protection: http://www.symantec.com/business/support/overview.jsp?pid=54619 Symantec Endpoint Protection Small Business Edition: http://www.symantec.com/business/support/overview.jsp?pid=55357 Symantec Network Access Control: http://www.symantec.com/business/support/overview.jsp?pid=52788

Virus and other threat information and http://www.symantec.com/business/security_response/index.jsp updates Product news and updates Free online technical training Symantec Educational Services Symantec Connect forums http://enterprisesecurity.symantec.com http://go.symantec.com/education_septc http://go.symantec.com/education_sep Symantec Endpoint Protection: http://www.symantec.com/connect/security/forums/ endpoint-protection-antivirus Symantec Endpoint Protection Small Business Edition: http://www.symantec.com/connect/security/forums/ endpoint-protection-small-business Symantec Network Access Control: http://www.symantec.com/connect/security/forums/ network-access-control

Planning the installation


Table 1-4 summarizes the high-level steps to install Symantec Endpoint Protection.

14

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Planning the installation

Table 1-4 Step


Step 1

Installation planning Description

Action

Plan network Understand the sizing requirements for your network. In addition to identifying architecture and review the endpoints requiring protection, scheduling updates, and other variables and purchase a license should be evaluated to ensure good network and database performance. For information to help you plan medium to large-scale installations, see the Symantec white paper, Sizing and Scalability Recommendations for Symantec Endpoint Protection. Purchase a license within 30 days (Small Business Edition) or 60 days (full version) of product installation.

Step 2

Review system requirements Prepare computers for installation Open ports and allow protocols

Make sure your computers comply with the minimum system requirements and that you understand the product licensing requirements. Uninstall other virus protection software from your computers, make sure system-level access is available, and open firewalls to allow remote deployment. Remotely deploying the client requires that certain ports and protocols are open and allowed between the Symantec Endpoint Protection Manager and the endpoint computers. Identify the user names, passwords, email addresses, and other installation settings. Have the information on hand during the installation.

Step 3

Step 4

Step 5

Identify installation settings

Step 6

Install the management Install Symantec Endpoint Protection Manager. server If the network that supports your business is small and located in one geographic location, you need to install only one Symantec Endpoint Protection Manager. If your network is geographically dispersed, you may need to install additional management servers for load balancing and bandwidth distribution purposes. If your network is very large, you can install additional sites with additional databases and configure them to share data with replication. To provide additional redundancy, you can install additional sites for failover support

Step 7

Migrate Symantec legacy If you are running legacy Symantec protection, you usually migrate policy and virus protection software group settings from your older version.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Upgrading to a new release of Symantec Endpoint Protection

15

Table 1-4 Step


Step 8

Installation planning (continued) Description


Prepare for client installation as follows:

Action
Prepare computers for client installation

Identify the computers on which to install the client software. Identify the methods to use to deploy the client software to your computers. Uninstall third-party virus protection software from your computers.

Modify or disable the firewall settings on your endpoint computers to allow communication between the endpoints and the Symantec Endpoint Protection Manager. Set up the console computer groups to match your organizational structure. Step 9 Install clients Install the Symantec Endpoint Protection client on your endpoint computers. Symantec recommends that you also install the client on the computer that hosts Symantec Endpoint Protection Manager. Step 10 Post-installation tasks Perform the following post-installation tasks after you install Symantec Endpoint Protection:

Install additional clients, if necessary.

As needed, migrate Symantec legacy virus protection software if you did not perform this task earlier. Become familiar with the features and functions of the console.

Verify that your client computers are online and protected. Check the LiveUpdate schedule and adjust if necessary. Check notifications. Set up computer groups. Create additional administrator accounts. Register your product serial number, and import your license file into the console.

For comprehensive instructions for installing and configuring the product, see the Symantec Endpoint Protection and Symantec Network Access Control Implementation Guide.

Upgrading to a new release of Symantec Endpoint Protection


You can upgrade to the newest release of the product to take advantage of new features. To install a new version of the software, you must perform certain tasks to ensure a successful upgrade or migration.

16

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Upgrading to a new release of Symantec Endpoint Protection

Before you upgrade, review the following information:


System requirements New features in this version See What's new in version 12.1 on page 5. Feature changes between the previous version and the newest version of the client Compatible server upgrade paths Compatible Windows client upgrade paths Compatible Mac client migrations

The information in this section is specific to upgrading from Symantec Sygate 5.1, or Symantec Endpoint Protection 11.x software in environments where a version of Symantec Endpoint Protection or Symantec Network Access Control 11.x is already installed. The information in this section is specific to upgrading software in environments where a version of Symantec Endpoint Protection 11.x or Symantec Endpoint Protection Small Business Edition 12.0 is already installed. Table 1-5 displays the steps you need to perform to upgrade to the latest version. Table 1-5 Step
Step 1

Process for upgrading to the full version Description


Back up the database that Symantec Endpoint Protection Manager uses to ensure the integrity of your client information. Turn off replication on all sites that are configured as replication partners to avoid any attempts to update the database during the installation. Enforcers are not able to authenticate clients during an upgrade. To avoid problems with client authentication, Symantec recommends that you enable local authentication before you upgrade. After the upgrade is finished, you can return to your previous authentication setting. You must stop the management server service before you install a newer version.

Action
Back up the database

Step 2

Turn off replication

Step 3

If you have Symantec Network Access Control installed, enable local authentication Stop the Symantec Endpoint Protection Manager service Upgrade the Symantec Endpoint Protection Manager software

Step 4

Step 5

Install the new version of the Symantec Endpoint Protection Manager on all sites in your network. The existing version is detected automatically, and all settings are saved during the upgrade.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Upgrading to a new release of Symantec Endpoint Protection

17

Table 1-5 Step


Step 6

Process for upgrading to the full version (continued) Description


Turn on replication when the installation is complete to restore your configuration. Upgrade your client software to the latest version. When Symantec provides updates to client installation packages, you add the updates to a Symantec Endpoint Protection Manager and make them available for exporting. You do not, however, have to reinstall the client with client-deployment tools. The easiest way to update clients in groups with the latest software is to use AutoUpgrade. You should first update a group with a small number of test computers before you update your entire production network. You can also update clients with LiveUpdate if you permit clients to run LiveUpdate and if the LiveUpdate Settings policy permits

Action
Turn on replication after the upgrade Upgrade Symantec client software

Step 7

Table 1-6 displays the steps you need to perform to upgrade to the latest version of Symantec Endpoint Protection Small Business Edition. Table 1-6 Step
Step 1

Process for upgrading to the Small Business Edition Description


Back up the database that Symantec Endpoint Protection Manager uses to ensure the integrity of your client information. You must stop the management server service before you install a newer version.

Action
Back up the database

Step 2

Stop the Symantec Endpoint Protection Manager service Upgrade the Symantec Endpoint Protection Manager software Upgrade Symantec client software

Step 3

Install the new version of the Symantec Endpoint Protection Manager in your network. The existing version is detected automatically, and all settings are saved during the upgrade. Upgrade your client software to the latest version. By default, the upgraded Symantec Endpoint Protection Manager automatically upgrades the managed clients. To disable this feature, right-click your Group, select Properties, and then check Disable Automatic Client Package Updates.

Step 4

Note: This feature was added in version 12.0.1001.95, and is retained for
version 12.1.x. This feature was not available in version 12.0.122.192

18

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Upgrading your Symantec Endpoint Protection installation to include Symantec Network Access Control

Upgrading your Symantec Endpoint Protection installation to include Symantec Network Access Control
If you have already installed Symantec Endpoint Protection Manager and want to upgrade your installation to include Symantec Network Access Control, use the following procedure. To upgrade your Symantec Endpoint Protection installation to include Symantec Network Access Control

Insert the disc labeled DVD-SNAC-EE in your DVD drive. If you downloaded the product, unzip the folder and extract the entire product disc image to a physical disc, such as a hard disk.

Follow the instructions as detailed in the Symantec Network Access Control Getting Started Guide. In summary, those steps are:

If the installation does not start immediately, run Setup.exe from the DVD or from the location where you downloaded and unzipped the installation files. Click Install Symantec Network Access Control. Click Install Symantec Endpoint Protection Manager. Installation packages are copied to your server. The Management Server Upgrade Wizard runs. Click Next when prompted to upgrade the management server. The Server upgrade status screen shows that the Wizard imports packages, then upgrades templates. When the status screen shows "Upgrade Succeeded," click Next. In the Upgrade Succeeded dialog box, Start the Symantec Endpoint Protection Manager is chosen. Click Finish, and you are prompted to log on to Symantec Endpoint Protection Manager. You have upgraded your Symantec Endpoint Protection Manager to provide Symantec Network Access Control capabilities, packages, and menu choices. To confirm, click Policies, and you see Host Integrity as a new choice. This is one of the Symantec Network Access Control capabilities that you added. Configure and deploy your clients.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

19

Note: At this point, you have activated the user interface for the product features. To activate enforcement and license reporting, you must activate your Symantec Network Access Control product licenses with either serial numbers or slf license files. For instructions, see "Activating your product license" in the Symantec Network Access Control Getting Started Guide. [2409621]

Known issues and workarounds


The issues in this section are new for Symantec Endpoint Protection version 12.1. Please review this document in its entirety before you install or roll out Symantec Endpoint Protection, Symantec Network Access Control, Symantec Endpoint Protection Small Business Edition, or call for technical support. It describes known issues and provides the additional information that is not included in the standard documentation or the context-sensitive help. You should assume that all material that follows applies to all versions. Known issues specific to Symantec Network Access Control appear in the Symantec Network Access Control section. Known issues specific to Symantec Endpoint Protection Small Business Edition appear in the Symantec Endpoint Protection Small Business Edition section.

Issues applying to all versions of Symantec Endpoint Protection


The known issues listed in this section apply to all versions of Symantec Endpoint Protection.

Upgrades, installation, uninstallation issues


This section contains information about upgrades, installation, uninstallation, and repair.

UPGRADES Preparing for and repairing duplicate client IDs for cloned clients
You can deploy multiple Windows computers by cloning a base image with a Symantec Endpoint Protection client. However, the cloned clients use identical client IDs. The Symantec Endpoint Protection Manager database records the cloned computers as the same client, and causes reporting and management problems.

20

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

To work around this issue, first read about how to prepare to clone a client in either a physical environment or virtual environment. If you have already cloned the client using an improperly prepared image, you can repair duplicate client IDs by using the RepairClonedImage.exe tool. How to prepare a Symantec Endpoint Protection 12.1 client for cloning How to repair duplicate IDs on cloned Symantec Endpoint Protection 12.1 clients [2434179]

Symantec Endpoint Protection client sometimes fails to install on systems with ExpanDrive for Windows installed
In some instances, ExpanDrive for Windows is incompatible with the Symantec Endpoint Protection client. This incompatibility appears more often in cases where Backup Exec is backing up to a drive managed by ExpanDrive for Windows at the time of upgrade to the latest version of Symantec Endpoint Protection. In those instances the system "blue screens" on ExpanDrive.sys before finishing the installation. The workaround is to uninstall ExpanDrive for Windows. [2273586]

Notification email not generated after upgrade


Administrators can opt to be notified by email when system events happen. On systems that upgrade and that are using a default mail server, the notification email is not generated. The workaround is to explicitly set the email server address. In Symantec Endpoint Protection Manager, click Admin > Servers > %select server% > Email server, and enter the server address. [2363295]

The permissible characters possible for the SQL Server database password are incorrect
The user documentation understates the permissible characters that can be used for the SQL Server database. The correct list includes all of the following characters: ~`#$%^&-_=+\|:"<>.'/. [2365060]

A new checkbox to block security risks from being installed is present on the client
Beginning with Symantec Endpoint Protection version 11.0 RU7, including Symantec Endpoint Protection version 12.x, there is a new checkbox on the client.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

21

It appears on the Advanced Scanning and Monitoring dialog box, under Other options. This checkbox already exists on the Symantec Endpoint Protection Manager. The new checkbox reads Delete newly created security risk files if the action is "leave alone (log only)" When you select this action, by default Symantec Endpoint Protection automatically deletes the newly created or saved files that are security risks. [2386164]

During installation of the client, Windows Security Center may incorrectly state that "Symantec Endpoint Protection is turned off"
You can safely ignore this warning. You do not need to take any action. [2120916]

Minimum hard disk requirement for the Windows client is 900 MB


The documentation states a different requirement, but under some circumstances this amount of disk space may be insufficient. Plan for 900 MB of free space on the hard disks of Windows client computers. [2384226]

When using the Web console, client package downloads may not complete the first time
When creating client packages, depending on your browser security settings, you may see a message saying that your download was blocked, or asking if you want to download the file. The download is blocked even if you accept the download in the browser. If you create the package the second time, the package should be downloaded successfully. [2357557,2099324]

Windows Event Viewer may show an Apache error related to domain names
This Apache error, number 3299, relates to the DNS suffix that is defined for your computer. It has no effect on Symantec Endpoint Protection, although it might affect other programs. To determine your configuration, type the following string at the command prompt: ipconfig /all and press Enter. You should see a display similar to the following:
Windows IP Configuration

22

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

Host Name . . . . . . . . . . . . : SEPM Primary DNS Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No

If you have no entry on the line for the Primary DNS Suffix, you may see this error. [2322768]

Changing system clock may cause false "license expired" messages


If your system clock is changed and changed back, the Web server service must be restarted. The symptom you may see is "Unexpected server error." To resolve this issue, restart the service semwebsrv. [2362071]

PGP users may experience difficulties installing the Symantec Endpoint Protection client on computers with encrypted hard disks
The symptom is that the computer rolls back the installation after the PGP pre-boot process. The workaround is to remove the PGP encryption, install the Symantec Endpoint Protection client, and re-enable the encryption. [2357592]

Best practice: Use Silent or Show me the progress bar installation packages on the computers that run 32-bit and 64-bit Windows Vista, Windows 2008 Server, and Windows 7 operating systems
On 32-bit and 64-bit Windows Vista, Windows 2008 Server, and Windows 7 operating systems, you should not select Interactive mode when you do the following:

Add installation packages to a group Export installation packages

Interactive installations on 32-bit and 64-bit Windows Vista, Windows 2008 Server, and Windows 7 operating systems prompt users to continue in Session 0, which most users will not see or understand. When you install on these operating systems, use the Silent or Show me the progress bar installation setting. This usage requires you to create a named Client Installation Setting.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

23

[2393258]

Hostnames with underscore _ characters are not supported


If your Symantec Endpoint Protection Manager is installed on a host with an underscore _ character in the server name, such as SEPM_Server, you may have issues logging in to the Web console. This is because Internet Explorer does not support cookies created on servers with illegal characters in the hostname. An underscore is an illegal character in a TCP hostname, as documented in RFC 952. To work around this issue, rename your server before migrating. If you change the hostname of your Symantec Endpoint Protection Manager server after installation, you should run the Server Configuration Wizard after you rename your server. [2398196]

Migration
This section contains information about migration from one version or release to another.

LiveUpdate no longer shares definitions among products


You can use LiveUpdate to update your definitions. However, those definitions will not update your other Symantec products. To work around this change in LiveUpdate, re-enable the scheduler in your other Symantec products and update them independently of Symantec Endpoint Protection. [2374182]

Installing the security certificate in Internet Explorer 8


When you install Symantec Endpoint Protection Manager, one of the steps you must go through is the installation of the security certificate. To install the security certificate

1 2 3 4 5

On the certificate alert screen, click Continue to this website (not recommended). In the browser address box, click Certificate Report. In the Untrusted Certificate window, click View Certificates. On the View Certificates window, click Install Certificate. In the Certificate Import Wizard, click Show Physical Stores.

24

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

6 7 8 9

Click Place all certificates in the following store and then click Browse. In the Select Certificate Store window, expand Trusted Root Certification Authorities, click Local Computer, and then click OK. In the Certificate Import confirmation message, click OK. In the Certificate dialog, click OK.

10 Restart Internet Explorer 8.


[2307849]

Symantec Endpoint Protection Manager issues


This section contains information about Symantec Endpoint Protection Manager.

Windows XP has limitations on the number of concurrent users that affect policy deployment
When deploying policies to clients, be aware that Windows XP supports a limited number of concurrent users if the clients are in "push" mode. Use "pull" mode on Windows XP servers for up to 100 clients. [2479503]

After you configure Symantec Endpoint Protection Manager to upload Symantec AntiVirus 10 logs, update the legacy log location
If you configure Symantec Endpoint Protection Manager to upload Symantec AntiVirus 10 logs, the management server saves these legacy logs in C:/Program
Files/Symantec/Symantec Endpoint Protection Manager/data/inbox/log/tex/legacy. The management server saves Symantec

Endpoint Protection 12.1 logs to C:/data/inbox/log/tex/legacy. If you either previously upgraded from Symantec AntiVirus, or manually deleted the legacy log folder, the management server does not process the legacy logs. To configure the management server to upload legacy logs, click Home > Preferences, and on the Logs and Reports tab, click Upload Symantec AntiVirus version 10.x log files. To work around this issue, update the legacy log location.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

25

To update the legacy log location

1 2

In the following folder, C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\Include\Resources, backup Reporter.php. Open Reporter.php, and change the $upload_dir path from:
C:/Program Files/Symantec/Symantec Endpoint Protection Manager/data/inbox/log/tex/legacy

to
C:/data/inbox/log/tex/legacy

Save Reporter.php.

[2562849]

After you log on to a remote Symantec Endpoint Protection Manager console, a Failed to connect to the server error appears
If you install Symantec Endpoint Protection Manager behind a NAT firewall, and log on to the console remotely, the following error might appear: Failed to connect to the server. After you click OK, the Home, Monitors, and Reports pages appear blank. To work around this issue, add the TCP port 8445 to the VM configuration. [2536390]

After you click the Test Account option to authenticate a directory server for an administrator account, an Account Authentication Failed error message appears
If your company uses Active Directory for directory authentication, you use the same user name and password for an administrator account in Symantec Endpoint Protection Manager as for the directory server. When the administrator logs on to the management server, the user name and password the administrator uses is authenticated by the directory server. You can create an administrator account with an anonymous user name and password in case the directory server password changes. If the password changes, the administrator is never locked out of the management server. However, in Windows 2003 Active Directory server, anonymous authentication is disabled by default. Therefore, when you add a directory server with an anonymous user name to an administrator account and click Test Account, an Account Authentication Failed error message appears. To access the Test Account option, click Admin > Add an administrator > Authentication. To work around this issue, the administrator can still log on to the management server using a valid user name and password.

26

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

[2483802]

Client cannot connect to groups with double-byte names


When you import a SyLink file that has groups that are named with double-byte characters, the import fails. The SylinkDrop tool can be used to register clients to different Symantec Endpoint Protection Manager servers, to change unmanaged clients to managed clients, and so on. In some instances where a group is named with DBCS characters, this results in a "hang" on the client. To work around this problem, change the language version of non-Unicode programs to the language that you need. Then import the SyLink file. The client is properly managed and reflected in Symantec Endpoint Protection Manager. [2292093, 2273612]

Help for the Advanced Settings filter of the audit log is missing
Context-sensitive help for the Audit log and quick report contains an incorrect note and is missing information about advanced options. The note should be replaced with the following text: Note: The filter option fields are not case-sensitive. Some fields accept wildcard characters. You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. The following table should be included in the Help: Table 1-7 Option
Event type

Advanced Settings filter options for views of the Audit log Description
Specifies the type of events that you want to view. You can select one of the following event types:

All Policy added Policy deleted Policy edited Add shared policy upon system install Add shared policy upon system upgrade Add shared policy upon domain creation

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

27

Table 1-7

Advanced Settings filter options for views of the Audit log (continued) Description
Specifies the name of the policy that you want to view information about. This field accepts a comma-separated list as input. You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters.

Option
Policy name

Domain

Specifies the domain that you want to view information about. This field accepts a comma-separated list as input. You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. You can also click the dots to select from a list of known domains.

Site

Specifies the local or the remote site that you want to view information about. You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. You can also click the dots to select from a list of known sites.

Server

Specifies the server that you want to view information about. You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. You can also click the dots to select from a list of known servers.

User Limit

Specifies the user that you want to view information about. Specifies how many entries to display on each page of the view. You can select from 20, 100, 200, and 1000 entries. The default limit is 20 entries.

[2374356]

Symantec Endpoint Protection Manager policy issues


This section includes information about working with policies in Symantec Endpoint Protection Manager.

28

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

VIRUS AND SPYWARE PROTECTION POLICIES


This section includes information about issues relating to Virus and Spyware Protection policies.

Insight server troubleshooting and proxy exclusions


If your client computers use a proxy with authentication, you must specify trusted Web domain exceptions for Symantec URLs. The exceptions let your client computers communicate with Symantec Insight and other important Symantec sites. For information about testing connectivity to Insight servers, see the related Technical Support knowledge base article: How to test connectivity with Insight and Symantec Licensing servers

Using URL and .PAC proxy settings with authentication within IE does not allow reputation traffic
The traffic to the Download Insight servers is blocked when using proxy servers with authentication that are defined by URL or .PAC proxy settings. As a result, the reputation data on the Download Insight servers is not considered in evaluating potential threats. Symantec recommends that you create exclusions on your proxy servers to allow network traffic. Exclusions are as follows: Table 1-8 Type of traffic
Ping submissions

Exclusions you should set to allow reputation traffic Server address


https://stnd-avpg.crsi.symantec.com https://avs-avpg.crsi.symantec.com https://stnd-ipsg.crsi.symantec.com https://bash-avpg.crsi.symantec.com

Sample submissions

https://central.ss.crsi.symantec.com https://central.nrsi.symantec.com https://central.avsi.symantec.com https://central.b6.crsi.symantec.com

CAT submissions Error submissions Insight reports

https://tus1gwynwapex01.symantec.com https://stnd-lueg.crsi.symantec.com https://ent-shasta-mr-clean.symantec.com

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

29

Table 1-8 Type of traffic


Insight Licensing Telemetry SETI LiveUpdate

Exclusions you should set to allow reputation traffic (continued) Server address
https://ent-shasta-rrs.symantec.com https://services-prod.symantec.com https://tses.symantec.com/ https://tses.symantec.com/ http://liveupdate.symantecliveupdate.com

[2272505]

Multi-threaded scans are not supported in Symantec Endpoint Protection 12.1


Support for multi-threaded scans in earlier Symantec Endpoint Protection 11.x versions used registry keys, which is not a supported approach in 12.1. You should not use those registry keys, which are located in:

64 bit system:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV

32 bit system:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV

[2315424]

Customers using PGP may experience problems with virus definitions loading correctly
You may have problems with virus definitions loading properly via LiveUpdate if you use PGP's file shredding option. To work around this issue, turn off the PGP file shredding option. [2305817]

Shared Insight Cache port clarification


The Shared Insight Cache Settings pane should include the following descriptions:

30

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

Listening Port

The port on which the server listens. The listening port is used by clients to submit scan results for files and to make requests to determine if the client should scan a file. The default port number is 9005. The port the server uses to communicate status within the system. The status listening port uses a SOAP-based interface on the port specified in the configuration section. This interface provides a mechanism by which an administrator can query information and status about the Cache Server. The default port number is 9006.

Status Listening Port

FIREWALL and INTRUSION PREVENTION POLICIES


This section includes information about issues relating to Firewall and Intrusion Prevention policies.

Browser window appears to hang when Intrusion Prevention makes a detection


For some browser Intrusion Prevention detections, Symantec Endpoint Protection might need to close the browser. If Symantec Endpoint Protection needs to close the browser, it displays a confirmation alert. In some cases, the alert message might be hidden by the browser window, and the browser appears to hang. To work around this issue, move or minimize the browser window to view the alert message and click OK to terminate the browser. [2279752]

EXCEPTIONS POLICIES
This section includes information about issues relating to Exceptions policies.

Tamper Protection may be triggered by third-party software


Some third-party software may make changes that inadvertently attempt to modify Symantec components. The result is that Tamper Protection displays notifications about these actions. To work around this issue, ensure that the application is safe, and then create an exception for it in your Exceptions policies. You should also contact Symantec directly and send in your Control log. You should also send your Tamper Protection log events (which appear in the Control log) to Symantec. Contact Technical Support for instructions on how to upload the log.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

31

[2319187]

Context-sensitive help for Monitors > Logs > Risk logs page has missing/incorrect description for Action
The following text should replace the description for the Action option: You can select an action to create an exception for the selected item in the log. Table 1-9 Option
Add risk to Exceptions policy

Action options for the Risk logs Description


Creates a known risk exception. Applies only to files that are detected as security risks (such as adware or spyware) that are known security risks. Creates an exception for the detected file so that virus and spyware scans no longer detect the file. The file is identified by its file path. Creates an exception for the folder where the detected files resides. Applies only to virus and spyware scans, not to SONAR scans. The exception does not automatically include subfolders. Creates an exception for the extension of the detected file. For example, if the file that you select has an extension of .doc, then DOC is added to the list of extensions that virus and spyware scans do not scan. Creates a trusted Web domain exception that applies to the URL from which the file was downloaded. The exception only applies to files that are detected by Download Insight. Creates an application exception with an action of Ignore. The file is identified by its hash. The exception applies to both SONAR and any virus and spyware scan. Creates a SONAR application exception with an action of Quarantine. The files is identified by its hash. Does not create an exception. Removes the selected item from the client computers Quarantine.

Add file to Exceptions policy

Add folder to Exceptions policy

Add extension to Exceptions policy

Trust Web domain

Allow application

Block application

Delete from Quarantine

32

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

[2372914]

Context-sensitive help for Monitors > Logs > SONAR logs page has missing/incorrect description for Action
The following text should replace the description for the Action option: You can select an action to create an exception for the selected item in the log. Table 1-10 Option
Add folder to Exceptions policy

Action options for the SONAR logs Description


Creates a SONAR folder exception for the folder where the file resides and does not automatically apply to subfolders. The exception applies only to SONAR. Creates an application exception with an action of Ignore. The file is identified by its hash. The exception applies to both SONAR and any virus and spyware scan. Creates a SONAR application exception with an action of Quarantine. The file is identified by its hash. Creates a trusted Web domain exception that applies to the URL from which the file was downloaded. The exception only applies to files that are detected by Download Insight.

Allow application

Block application

Trust Web domain

[2372914]

Symantec Endpoint Protection Small Business Edition issues


These issues are found only in Symantec Endpoint Protection Small Business Edition.

LiveUpdate may fail on Small Business Edition clients that are installed in a DBCS path
The symptom of the failure is an error, "Failed to process update..." even though the update has downloaded successfully. To work around this issue, do not install clients in a path that is defined with DBCS characters. [2322728]

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

33

Symantec Endpoint Protection full version issues


This section includes items that only apply to the full version of Symantec Endpoint Protection.

Upgrades, installation, uninstallation, and repair issues


This section contains information about upgrades, installation, uninstallation, and repair issues.

UPGRADES AutoUpgrade of 5.x clients to 12.1 clients requires adding 11.x packages to Symantec Endpoint Protection Manager and optionally downloading Host Integrity packages
The process for autoupgrading legacy clients is described in the documentation. In addition to the steps that are described at the beginning of chapter 7, you must manually import 11.x packages to Symantec Endpoint Protection Manager. If you plan to implement Host Integrity policies, you must also download the Windows Host Integrity package. To work around this issue, manually import legacy Symantec Endpoint Protection 11.x packages from the product disc to legacy Symantec Sygate Endpoint Protection 5.1 clients first, then autoupgrade to Symantec Endpoint Protection version 12.1 clients. [2359294]

Migration issues
This section contains information about migration.

Migration from a dedicated IIS Web site to Apache only uses the first custom port
Symantec Endpoint Protection version 12.1 now uses Apache for Web services rather than Internet Information Services (IIS). While most of the transition is automatic, some areas require you to take action. If Symantec Endpoint Protection Manager was installed using a dedicated IIS Web site, you may have configured that Web site to assign multiple ports to listen on. Apache only listens on one of those ports after migration. Not listening on the other ports may cause clients to be disconnected. To work around this issue, manually enter the missing ports into Apache's httpd.conf file. An example follows. Enter the appropriate ports in your httpd.conf file.

34

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

Editing the httpd.conf file to listen to ports 80 and 8080

1 2 3

Open the httpd.conf file with a text editor. Find the line that begins with Listen. Add two lines after it:
Listen 80 Listen 8080

Save the file.

For additional information on the httpd.conf file usage, see Apache's documentation. [2040661]

Symantec Endpoint Protection 12.1 clients may connect to Symantec Endpoint Protection Manager 11.x servers, but this is not a supported configuration
Symantec does not support the use of Symantec Endpoint Protection Manager 11.x servers with 12.x clients. However, it may work in some cases. Symantec strongly recommends that you upgrade your servers first, and then your clients. This approach helps to avoid data loss and other unintended consequences. [2244591]

Symantec Endpoint Protection 11.x clients can migrate to Symantec Endpoint Protection 12.1, but may continue reporting to the original Symantec Endpoint Protection Manager version 11.x
Clients that have already been connected successfully to an 11.x management server can migrate successfully to version 12.1. However, they stay connected to their 11.x management server. To configure clients to report to the 12.1 Symantec Endpoint Protection Manager, run the SylinkDrop tool, located in Tools\SylinkDrop on the product disc. [2376026]

Symantec Endpoint Protection Manager issues


This section contains information about Symantec Endpoint Protection Manager.

The Quarantine Server has intermittent forwarding failures in Symantec Endpoint Protection 12.1
Symantec Endpoint Protection 12.1 sometimes fails to forward quarantine items to the Quarantine Server.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

35

To resolve this issue, be certain that Microsoft .Net framework version 3.5 is installed on your computer. [2293167]

Default autoreplication timing has changed with this release


The Autoreplicate option performs the replication process every two hours. Previous versions of the product automatically replicated every five minutes. [2348121]

Potential conflicts exist with database maintenance jobs


If you install Symantec Endpoint Protection Manager with the Microsoft SQL database, the management server automatically performs database maintenance tasks. If you have already set up database maintenance tasks for the Microsoft SQL database using another tool, such as the SQL Server Management Studio, the tasks may result in an undesired outcome. To work around this issue, disable the database maintenance tasks in Symantec Endpoint Protection Manager. To disable database maintenance tasks

1 2 3 4

In the console, click Admin, and then click Servers. Under Servers, click the icon that represents the database. Under Tasks, click Edit Database Properties. On the General tab, uncheck both of the following options:

Truncate the database transaction logs Rebuild Indexes

[2365974]

Instructions for changing the SSL port are missing a step


The topic, "Changing the SSL port assignment," in the Symantec Endpoint Protection and Symantec Network Access Control Implementation Guide, is missing a step. After step 2. add the following step: 2.1 Edit the line VirtualHost _default_:443 to read VirtualHost _default_:new port. For example, if the new port number is 53300, the edited string becomes VirtualHost _default_:53300. [2365848]

36

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

Symantec Endpoint Protection Manager policy issues


This section includes information about working with policies in Symantec Endpoint Protection and Symantec Network Access Control.

VIRUS AND SPYWARE PROTECTION POLICIES


This section includes the known issues information related to Virus and Spyware Protection policies.

User authentication fails between Symantec Endpoint Protection Manager and the Cache Server when the user name or host name uses DBCS or high-ASCII characters
You can enter user names and host names using DBCS or high-ASCII characters. However, that usage causes communication to fail between Symantec Endpoint Protection Manager and the Cache Server. To work around this problem, do not use DBCS or high-ASCII characters for user names or host names. [2321474]

Global Scan Options help link contents are incorrect


In the Symantec Endpoint Protection Shared Insight Cache tool, the help screen for Global Scan Options is incorrect. The correct entry is:
Username If you configure the Shared Insight Cache for basic authentication, type the authentication user name. If you configure the Shared Insight Cache for basic authentication, click this option to specify and confirm the authentication password.

Change Password

[2374377]

APPLICATION AND DEVICE CONTROL POLICIES


This section includes the known issues information related to Proactive Threat Protection policies.

The default rule Stop software installers [AC8] in the Application and Device Control policy does not correctly block write and delete access to *.exe files
If you enable the default rule Stop software installers [AC8], the Application and Device Control policy incorrectly allows users to copy certain executables to their client computers.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

37

To work around this issue, add the process %windir%\system32\dllhost.exe to the exclusion list of the rule that allows svchost.exe. To add the process

1 2 3

In the Application and Device Control policy, check Stop software installers [AC8], and then click Edit. Under Apply this rule to the following processes, click Add. Under Process name to match, type %windir%\system32\dllhost.exe, and then click OK.

[2518607]

Registry key condition for application control rule interprets specified registry value data as string-only
If you create a registry key condition for an application control rule, and you enter the registry key value data, the data is treated like a string. The data is not treated like a number. For example, if you create a registry key condition with the name AAA and the registry key value data of 111, and the application rule is set to block, the rule only blocks AAA when it is created as a string. It does not block AAA when it is created as any other registry data type. [2222096]

When using Protection Center to access Symantec Endpoint Protection Manager, the Browse button in the "Search for Applications" dialog box does not launch
You can find specific information about the applications that your clients run. You can use this information to help you set up policy features that control or detect applications, such as firewall or application and control rules. This feature is inoperative in the Protection Center view of Symantec Endpoint Protection Manager. To search for applications, launch Symantec Endpoint Protection Manager directly, rather than using Protection Center. [2360274]

Application and Device Control cannot be reliably managed on the client


Application and Device Control enabling and disabling should only be managed on the Symantec Endpoint Protection Manager. [2361600]

38

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

Symantec Endpoint Protection Windows and Mac client issues


This section contains information about Symantec Endpoint Protection client issues on both the Windows and Mac platforms.

After you upgrade the Mac client from version 12.1 to 12.1 RU1, restart the Mac client computer
If you upgraded the Mac client from version 12.1 to version 12.1 RU1, the Mac client might display two virus scan messages. This issue occurs after the end user plugs in a hard disk drive and the mount scan starts. The issue is caused because two instances of certain Mac OS X processes are running in the background. To work around this issue, restart the Mac client computer. [2566901]

Device control notifications only appear the first time a device is blocked
Assume that you have a Device Control policy that contains a rule that blocks new devices, writes to the log, and displays a notification. The first time a new device is plugged in, everything works fine. Symantec Endpoint Protection has blocked the device by setting the device driver to "disabled." The next time the device is plugged in, no notification is displayed, and no log is generated. This behavior is because the device driver is not loaded (as it is set to disabled), so the Device Control policy is not triggered. This behavior is a known limitation. [2222901]

Clients may become disconnected from Symantec Endpoint Protection Manager when using Location Based Communication Settings
Symantec Endpoint Protection is designed so that clients can know their location (in the office, at home, on the road, etc.). Based on that location, their policies can change, including the Management Server to which they are linked. If you are using a policy that is triggered by a location, the client may become disconnected when it is using that location-based policy. To work around this problem:

Change the client's location, even temporarily. Restart the client.

[2295065]

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

39

Clients configured as Group Update Providers (GUP) may experience slight slowdowns
This slowdown has been noted and the product team is working on improving the download rate and bandwidth usage. [2346194]

The Symantec Endpoint Protection client may have difficulty doing a forced shutdown if password protection is implemented
Implementing a forced shutdown of the Symantec Endpoint Protection client may not work properly if the client has implemented password protection. Normally, issuing the command smc -stop should stop all client services. The command does not work reliably in this situation. To work around this issue, either do not implement password protection on the service shutdown command, or do not use the command. [2350794]

Network Threat Protection does not show Unicode supplementary characters properly
When application names are displayed in the Network dialog boxes on the client, the file names of those applications that are named with Unicode supplementary characters display as two question marks. This display appears in the Network Activity dialog box and in the dialog box that asks the user whether to allow an application to access the network. [2235266]

The documentation for External Communications Settings > Proxy Server incorrectly refers to HTTPS configuration
On the Symantec Endpoint Protection Manager, clicking Clients > Policies > External Communications Settings > Proxy Server (Windows) or Proxy Server (Mac) shows Proxy Configuration. Beneath, it provides a location for Port:. The documentation incorrectly refers to HTTPS for the Proxy Configuration and for the Port. You can safely ignore the documentation references to HTTPS on this dialog box. [2395521, 2407418, 2406066]

Symantec Network Access Control issues


The issues listed in the following sections relate specifically to:

Symantec Network Access Control

40

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

The Symantec Network Access Control clients, including the on-demand clients The Symantec Enforcer, including both the Enforcer appliance and the Integrated Enforcers Host Integrity, which manages security compliance at the client level Enforcer and Symantec Network Access Control client issues See Enforcer issues on page 40. Host Integrity and security compliance issues See Host Integrity issues on page 43.

Enforcer issues
This section includes information about Enforcer features, which are only available in Symantec Network Access Control.

Imported trusted MAC addresses do not appear in an exported group properties file
In the Symantec Endpoint Protection Manager console, you can import a list of MAC addresses for trusted hosts for an Integrated Enforcer. If you export the list in a group properties file and re-import the file to a second management server, the MAC addresses do not appear. To work around this issue, first export the group properties file without the MAC addresses and import the file to the second management server. To export the group properties file, click Admin > Servers > Export group properties. Then, import the MAC addresses on the second management server by using the Advanced tab for the Integrated Enforcer. [2403371]

Readme links on Enforcer DVD are broken; use the links on the Symantec Network Access Control DVD
The links to Release Notes on the Enforcer DVD are broken. For correct links, use the links on the Symantec Network Access Control DVD instead. [2414290, 2414940]

The Symantec Endpoint Encryption encrypted OS partition cannot be checked by Host Integrity in the Windows on-demand client using user-level privileges
On Windows XP SP3, if the encrypted partition was encrypted using user-level privileges, Host Integrity checks it under the same privilege level, and fails. This failure is because the HI check creates a javascript file that cannot be written into the profile space under user-level privileges.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

41

To work around this issue, create the partition and check the partition under administrator privilege level, if possible. [2227714]

Symantec Endpoint Protection Manager does not respond to a RADIUS request from the Enforcer
In some cases, Symantec Endpoint Protection Manager does not respond to a RADIUS request from the Enforcer for 802.1x authentication of a client. The most likely cause for this is a port conflict. To work around this problem, see the knowledge base article, Error: "Port 1812 is already in use. Stop your Radius server if you have the Enforcer installed." while installing Symantec Endpoint Protection Manager. [1451524]

Symantec Endpoint Protection does not support upgrades of the Enforcer appliance from Symantec Endpoint Protection 11 MR 4 to Symantec Endpoint Protection 12.1
This upgrade path is not supported. You must install a new image. [2206255]

Quarantined Symantec Network Access Control clients' user interface mistakenly shows them as connected for a few seconds
When Symantec Network Access Control clients are moved to a quarantine VLAN because they fail a Host Integrity compliance check, the client user interface is slow to update. It is safe to ignore this defect. The user interface updates in 5-10 seconds, but the quarantine properly takes effect immediately. [1945979]

The Gateway Enforcer's on-demand configuration does not automatically update when the Enforcer is configured to connect to a new Symantec Endpoint Protection Manager
If you connect the Gateway Enforcer to a different management server, you must refresh the on-demand client configuration. This problem appears with the domain-ID and the client group name. To work around this problem, the on-demand functionality has to be toggled (disabled and then enabled) to use the new Symantec Endpoint Protection Manager's domain-ID and client group. [2115639]

42

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

Enforcers that are part of different failover groups should not be placed into the same group on Symantec Endpoint Protection Manager
Enforcer groups and Symantec Endpoint Protection Manager groups use different IDs internally. While this configuration is an advantage in most cases, it can cause confusion when two Enforcers use the same hub, for example, to reach Symantec Endpoint Protection Manager. To work around this confusion, place Enforcers that are in different Enforcer failover groups into different Symantec Endpoint Protection Manager groups. [2317172]

On-demand Mac clients generated by the Symantec Network Access Control 11.0.5 Enforcer cannot be upgraded
There are differences in the encryption keys used in versions of the on-demand client after Symantec Network Access Control 11.0.5. These differences cause Mac on-demand clients after version 11.0.5, including 12.1 clients, to fail to start from Symantec Network Access Control Enforcers of version 11.0.5 and earlier. To work around this issue, upgrade your Enforcer image to Symantec Network Access Control 11.0.6343 or later, or to version 12.1. [2332534]

When the guest-enforcement feature is enabled for On-Demand clients, the eth1 of the Gateway Enforcer should be disabled
When in guest enforcement mode, the eth1 port of the Gateway Enforcer should be disabled. If it is not, you are creating a potential security hole. Note that the eth1 interface sill still show as enable if you issue the command configure show interface. You can safely ignore this message. [2103402]

MAC address overlapping of VLAN ID is not supported from file imports in Symantec Network Access Control version 12.1
MAC addresses can be imported into the LAN Enforcer. However, overlapping of addresses is not supported. When MAC address conflicts with VLAN IDs occur, the LAN Enforcer drops the second most current conflicted MAC address. The LAN Enforcer then shows that dropped MAC address with its VLAN ID in the Enforcer log message. [2106972]

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

43

Changing from Gateway Enforcer to LAN Enforcer may improperly permit the On-Demand Client to be downloaded
If the Gateway Enforcer has the On-Demand Client enabled, you may see this behavior after re-initializing to the LAN Enforcer. Downloading the On-Demand Client from a LAN Enforcer is not expected behavior, and thus may cause unexpected behavior. The LAN Enforcer cannot manage the On-Demand Client properties such as authentication configuration, PEAP/TLS credential configuration, and so on. To work around this issue, you should disable the On-Demand Client before reinitializing the Enforcer. [2103543]

How to change the RADIUS authentication port with the Integrated Enforcer
In some cases, the RADIUS authentication port may be set to a non-standard port number. The RADIUS port defaults to 1812. To set the RADIUS port to be 1812:

Change the following registry key to read as shown below


HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SNAC\Enforcer\NAC Communication Service\smsinfo CurrentSEPMRadiusAuthenticationPort:1812

Restart the Enforcer server from the user interface, or restart the services Symantec Integrated Enforcer and Symantec NAC Communication Service

Note: If you change the RADIUS port on Symantec Endpoint Protection Manager, you should mirror that change on the Integrated Enforcer, substituting the new port number for "1812" in the above procedure. [2232004]

Host Integrity issues


This section includes information about Host Integrity policies, which are available only with Symantec Network Access Control. Host Integrity policies ensure compliance with organizational security policies.

44

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

Host Integrity may show as "disabled" in the Troubleshooting dialog box for the client when Host Integrity is first enabled
Host Integrity checking is disabled while content downloads. Once content downloads, the Host Integrity check commences and an accurate report or remediation takes place. [2297661]

Compliance checking may be delayed while content downloads


The Compliance check requires that Symantec Network Access Control client download content from Symantec Endpoint Protection Manager. In some cases, this download may take a long time. To prevent inaccurate Compliance status messages, this check is disabled until the required content is downloaded. To determine the actual Security Compliance status of a particular client, consult the status in the Help > Troubleshooting dialog box. Note: The effect of this issue is that the Enforcer reports clients as having passed security compliance checks even though the actual status is unknown. [2325358]

Host Integrity quarantine policies do not work on the On-Demand Client for Mac
The On-Demand Client for the Mac does not support switching to a quarantine location when Host Integrity fails. This feature only works with the On-Demand Client for Windows. [2104391]

Host Integrity results display in English only on 5.1 clients


When upgrading from Symantec Sygate Enterprise Protection 5.1, the Symantec Enforcement Agent (SEA) is also upgraded. Host Integrity rules that are applied to the SEA client work properly. However, this client displays some untranslated key words and its security log is not formatted, because this client was not designed for localization. All functionality is present, however. [2201086]

When the local user pauses a Host Integrity Compliance check, a different user cannot do a Host Integrity check using remote login
This behavior is as designed. A remote login by the same user as the one pausing the Host Integrity check works well. It is only the case of a different user that does not work.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

45

[2169351]

Windows Symantec Network Access Control client shows Host Integrity as "passing" even though only a Mac Host Integrity rule is configured
This error appears when both Windows and Mac On-Demand clients are in the same group. The workaround is to assign the clients to different groups for Host Integrity compliance checking purposes. [2180255]

When there is no Host Integrity policy assigned to a group, the Symantec Endpoint Protection client behaves differently than the Symantec Network Access Control client or either On-Demand client
The clients all send "disabled" as their status to the Enforcer. The Enforcer treats this as "Host Integrity pass," and each type of client is approved. The exception is the Symantec Endpoint Protection client. It sends "disabled," and the Enforcer quarantines that type of client. [2330894]

Client computers that are low on system resources may have Host Integrity failures
Client computers that are running low on RAM, disk space, Windows resources, and so on, frequently run slowly. In addition, those computers may have Host Integrity failures that do not provide "verbose" security log information. To work around this problem, reduce the number of applications running, reduce the number of browser windows in use, and so on. [2394506]

Client Host Integrity logs may show "cannot be authenticated"


In some cases, client computers may fail Host Integrity checks with the following error: The most recent Host Integrity content has not completed a download or cannot be authenticated. This message appears in the Security log of the client and in the Compliance > Host Compliance log of Symantec Endpoint Protection Manager. When the client fails Host Integrity compliance checks, the usual result is that the client is quarantined until a subsequent compliance check is successful. The usual cause of this Host Integrity failure is that the computer is restarted when in the middle of a Host Integrity check. To confirm a client's Host Integrity status, run another Host Integrity compliance check. From Symantec Endpoint Protection Manager, follow the instructions

46

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Known issues and workarounds

under "Creating and testing a Host Integrity policy," in Symantec Endpoint Protection Implementation Guide. Examine the Security log for further details. [2394715]

Documentation issues
This section includes information about product documentation. The user documentation might be updated between product releases. You can locate the latest user documentation at the Symantec Technical Support Web site. The Support site provides individual articles and links that are designed to provide installation assistance, best practices, and FAQs. See Where to get more information on page 11.

Path for viewing the Access log is incorrect


The topic, "Enabling and viewing the Access log to check whether the client connects to the management server," in the Symantec Endpoint Protection and Symantec Network Access Control Implementation Guide provides the wrong path. In the task, "To view the Apache HTTP server Access log," the path to the Access log is: Drive:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\logs\access.log, and not Drive:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\access.log.

Links to "About commands you can run on client computers" are incorrect in the documentation
There are numerous links to the topic "About commands you can run on client computers" that are incorrectly linked. In the PDF of the Symantec Endpoint Protection and Symantec Network Access Control Implementation Guide, the links should go to page 197. In the online help, you should search for "commands client" and choose the second topic. The content appears when you do so. [2365306]

Symantec Endpoint Protection Integration Component documentation version 7.1 is not localized in some languages
The localized version of the User Guide is available in version 7.0 only for the following languages:

Simplified Chinese

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Resolved issues in this release

47

Traditional Chinese Korean French Italian German Spanish Brazilian Russian Czech Polish

[2250404]

Cannot open Help or knowledge base articles


The default security settings of some operating systems block access to Symantec help and knowledge base articles. This problem may appear when you click links to other knowledge base articles. In some cases, those links fail with a Javascript permission error. To work around this issue, add "symantec.com" (without the quotation marks) to your Trusted Sites security level. [2052056]

Context-sensitive help for Client Install Settings > Basic Settings does not match the user interface
Under Select an installation type, one of the choices is Unattended. In the user interface, this appears as Show progress bar only. The result is the same as shown in the context-sensitive help: users do not interact with installation screens, but they see a Windows progress dialog box. Show progress bar only is the default setting. [2384702]

Resolved issues in this release


You can view a list of the issues that have been resolved in this release at the following location:

48

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Legal Notice

Release Notes for Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, Symantec Network Access Control 12.1

Legal Notice
Copyright 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, LiveUpdate, Sygate, Symantec AntiVirus, Bloodhound, Confidence Online, Digital Immune System, and Norton are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, Rights in Commercial Computer Software or Commercial Computer Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

SYMANTEC SOFTWARE LICENSE AGREEMENT


SYMANTEC CORPORATION AND/OR ITS AFFILIATES (SYMANTEC) IS WILLING TO LICENSE THE LICENSED SOFTWARE TO YOU AS THE INDIVIDUAL, THE COMPANY, OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE LICENSED SOFTWARE (REFERENCED BELOW AS YOU OR YOUR) ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT (LICENSE AGREEMENT). READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE LICENSED SOFTWARE. THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND SYMANTEC. BY OPENING THE LICENSED SOFTWARE PACKAGE, BREAKING THE LICENSED SOFTWARE SEAL, CLICKING THE I AGREE OR YES BUTTON, OR OTHERWISE INDICATING ASSENT ELECTRONICALLY, OR LOADING THE LICENSED SOFTWARE OR OTHERWISE USING THE LICENSED SOFTWARE, YOU AGREE TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, CLICK THE I DO NOT AGREE OR NO BUTTON OR OTHERWISE INDICATE REFUSAL AND MAKE NO FURTHER USE OF THE LICENSED SOFTWARE. UNLESS OTHERWISE DEFINED HEREIN, CAPITALIZED TERMS WILL HAVE THE MEANING GIVEN IN THE DEFINITIONS SECTION OF THIS LICENSE AGREEMENT AND SUCH CAPITALIZED TERMS MAY BE USED IN THE SINGULAR OR IN THE PLURAL, AS THE CONTEXT REQUIRES.

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Legal Notice

49

1. DEFINITIONS. Content Updates means content used by certain Symantec products which is updated from time to time, including but not limited to: updated anti-spyware definitions for anti-spyware products; updated antispam rules for antispam products; updated virus definitions for antivirus and crimeware products; updated URL lists for content filtering and antiphishing products; updated firewall rules for firewall products; updated intrusion detection data for intrusion detection products; updated lists of authenticated web pages for website authentication products; updated policy compliance rules for policy compliance products; and updated vulnerability signatures for vulnerability assessment products. Documentation means the user documentation Symantec provides with the Licensed Software. License Instrument means one or more of the following applicable documents which further defines Your license rights to the Licensed Software: a Symantec license certificate or a similar license document issued by Symantec, or a written agreement between You and Symantec, that accompanies, precedes or follows this License Agreement. Licensed Software means the Symantec software product, in object code form, accompanying this License Agreement, including any Documentation included in, or provided for use with, such software or that accompanies this License Agreement. Support Certificate means the certificate sent by Symantec confirming Your purchase of the applicable Symantec maintenance/support for the Licensed Software. Upgrade means any version of the Licensed Software that has been released to the public and which replaces the prior version of the Licensed Software on Symantecs price list pursuant to Symantecs then-current upgrade policies. Use Level means the license use meter or model (which may include operating system, hardware system, application or machine tier limitations, if applicable) by which Symantec measures, prices and licenses the right to use the Licensed Software, in effect at the time an order is placed for such Licensed Software, as indicated in this License Agreement and the applicable License Instrument. 2. LICENSE GRANT. Subject to Your compliance with the terms and conditions of this License Agreement, Symantec grants to You the following rights: (I) a non-exclusive, non-transferable (except as stated otherwise in Section 16.1) license to use the Licensed Software solely in support of Your internal business operations in the quantities and at the Use Levels described in this License Agreement and the applicable License Instrument; and (ii) the right to make a single uninstalled copy of the Licensed Software for archival purposes which You may use and install for disaster-recovery purposes (i.e. where the primary installation of the Licensed Software becomes unavailable for use). 2.1 TERM. The term of the Licensed Software license granted under this License Agreement shall be perpetual (subject to Section 14) unless stated otherwise in Section 17 or unless You have obtained the Licensed Software on a non-perpetual basis, such as, under a subscription or term-based license for the period of time indicated on the applicable License Instrument. If You have obtained the Licensed Software on a non-perpetual basis, Your rights to use such Licensed Software shall end on the applicable end date as

50

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Legal Notice

indicated on the applicable License Instrument and You shall cease use of the Licensed Software as of such applicable end date. 3. LICENSE RESTRICTIONS. You may not, without Symantecs prior written consent, conduct, cause or permit the: (I) use, copying, modification, rental, lease, sublease, sublicense, or transfer of the Licensed Software except as expressly provided in this License Agreement; (ii) creation of any derivative works based on the Licensed Software; (iii) reverse engineering, disassembly, or decompiling of the Licensed Software (except that You may decompile the Licensed Software for the purposes of interoperability only to the extent permitted by and subject to strict compliance under applicable law); (iv) use of the Licensed Software in connection with service bureau, facility management, timeshare, service provider or like activity whereby You operate or use the Licensed Software for the benefit of a third party; (v) use of the Licensed Software by any party other than You; (vi) use of a later version of the Licensed Software other than the version that accompanies this License Agreement unless You have separately acquired the right to use such later version through a License Instrument or Support Certificate; nor (vii) use of the Licensed Software above the quantity and Use Level that have been licensed to You under this License Agreement or the applicable License Instrument. 4. OWNERSHIP/TITLE. The Licensed Software is the proprietary property of Symantec or its licensors and is protected by copyright law. Symantec and its licensors retain any and all rights, title and interest in and to the Licensed Software, including in all copies, improvements, enhancements, modifications and derivative works of the Licensed Software. Your rights to use the Licensed Software shall be limited to those expressly granted in this License Agreement. All rights not expressly granted to You are retained by Symantec and/or its licensors. 5. CONTENT UPDATES. If You purchase a Symantec maintenance/support offering consisting of or including Content Updates, as indicated on Your Support Certificate, You are granted the right to use, as part of the Licensed Software, such Content Updates as and when they are made generally available to Symantecs end user customers who have purchased such maintenance/support offering and for such period of time as indicated on the face of the applicable Support Certificate. This License Agreement does not otherwise permit You to obtain and use Content Updates. 6. UPGRADES/CROSS-GRADES. Symantec reserves the right to require that any upgrades (if any) of the Licensed Software may only be obtained in a quantity equal to the number indicated on the applicable License Instrument. An upgrade to an existing license shall not be deemed to increase the number of licenses which You are authorized to use. Additionally, if You upgrade a Licensed Software license, or purchase a Licensed Software license listed on the applicable License Instrument

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Legal Notice

51

to cross-grade an existing license (i.e. to increase its functionality, and/or transfer it to a new operating system, hardware tier or licensing meter), then Symantec issues the applicable Licensed Instrument based on the understanding that You agree to cease using the original license. Any such license upgrade or cross-grade is provided under Symantec's policies in effect at the time of order. This License Agreement does not separately license You for additional licenses beyond those which You have purchased, and which have been authorized by Symantec as indicated on the applicable License Instrument. 7. LIMITED WARRANTY. 7.1. MEDIA WARRANTY. If Symantec provides the Licensed Software to You on tangible media, Symantec warrants that the magnetic media upon which the Licensed Software is recorded will not be defective under normal use, for a period of ninety (90) days from delivery. Symantec will replace any defective media returned to Symantec within the warranty period at no charge to You. The above warranty is inapplicable in the event the Licensed Software media becomes defective due to unauthorized use of the Licensed Software. THE FOREGOING IS YOUR SOLE AND EXCLUSIVE REMEDY FOR SYMANTECS BREACH OF THIS WARRANTY. 7.2. PERFORMANCE WARRANTY. Symantec warrants that the Licensed Software, as delivered by Symantec and when used in accordance with the Documentation, will substantially conform to the Documentation for a period of ninety (90) days from delivery. If the Licensed Software does not comply with this warranty and such non-compliance is reported by You to Symantec within the ninety (90) day warranty period, Symantec will do one of the following, selected at Symantecs reasonable discretion: either (i) repair the Licensed Software, (ii) replace the Licensed Software with software of substantially the same functionality, or (iii) terminate this License Agreement and refund the relevant license fees paid for such non-compliant Licensed Software. The above warranty specifically excludes defects resulting from accident, abuse, unauthorized repair, modifications or enhancements, or misapplication. THE FOREGOING IS YOUR SOLE AND EXCLUSIVE REMEDY FOR SYMANTECS BREACH OF THIS WARRANTY. 8. WARRANTY DISCLAIMERS. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE WARRANTIES SET FORTH IN SECTIONS 7.1 AND 7.2 ARE YOUR EXCLUSIVE WARRANTIES AND ARE IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. SYMANTEC MAKES NO WARRANTIES OR REPRESENTATIONS THAT THE LICENSED SOFTWARE, CONTENT UPDATES OR UPGRADES WILL MEET YOUR REQUIREMENTS OR THAT OPERATION OR USE OF THE LICENSED SOFTWARE, CONTENT UPDATES, AND UPGRADES WILL BE UNINTERRUPTED OR ERROR-FREE. YOU MAY HAVE OTHER WARRANTY

52

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Legal Notice

RIGHTS, WHICH MAY VARY FROM STATE TO STATE AND COUNTRY TO COUNTRY. 9. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL SYMANTEC OR ITS LICENSORS, RESELLERS, SUPPLIERS OR AGENTS BE LIABLE TO YOU FOR (i) ANY COSTS OF PROCUREMENT OF SUBSTITUTE OR REPLACEMENT GOODS AND SERVICES, LOSS OF PROFITS, LOSS OF USE, LOSS OF OR CORRUPTION TO DATA, BUSINESS INTERRUPTION, LOSS OF PRODUCTION, LOSS OF REVENUES, LOSS OF CONTRACTS, LOSS OF GOODWILL, OR ANTICIPATED SAVINGS OR WASTED MANAGEMENT AND STAFF TIME; OR (ii) ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES WHETHER ARISING DIRECTLY OR INDIRECTLY OUT OF THIS LICENSE AGREEMENT, EVEN IF SYMANTEC OR ITS LICENSORS, RESELLERS, SUPPLIERS OR AGENTS HAS BEEN ADVISED SUCH DAMAGES MIGHT OCCUR. IN NO CASE SHALL SYMANTECS LIABILITY EXCEED THE FEES YOU PAID FOR THE LICENSED SOFTWARE GIVING RISE TO THE CLAIM. NOTHING IN THIS AGREEMENT SHALL OPERATE SO AS TO EXCLUDE OR LIMIT SYMANTECS LIABILITY TO YOU FOR DEATH OR PERSONAL INJURY ARISING OUT OF NEGLIGENCE OR FOR ANY OTHER LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED BY LAW. THE DISCLAIMERS AND LIMITATIONS SET FORTH ABOVE WILL APPLY REGARDLESS OF WHETHER OR NOT YOU ACCEPT THE LICENSED SOFTWARE, CONTENT UPDATES OR UPGRADES. 10. MAINTENANCE/SUPPORT. Symantec has no obligation under this License Agreement to provide maintenance/support for the Licensed Software. Any maintenance/support purchased for the Licensed Software is subject to Symantecs then-current maintenance/support policies. 11. SOFTWARE EVALUATION. If the Licensed Software is provided to You for evaluation purposes and You have an evaluation agreement with Symantec for the Licensed Software, Your rights to evaluate the Licensed Software will be pursuant to the terms of such evaluation agreement. If You do not have an evaluation agreement with Symantec for the Licensed Software and if You are provided the Licensed Software for evaluation purposes, the following terms and conditions shall apply. Symantec grants to You a nonexclusive, temporary, royalty-free, non-assignable license to use the Licensed Software solely for internal non-production evaluation. Such evaluation license shall terminate (i) on the end date of the pre-determined evaluation period, if an evaluation period is pre-determined in the Licensed Software or (ii) sixty (60) days from the date of Your initial installation of the Licensed Software, if no such evaluation period is pre-determined in the Licensed Software (Evaluation Period). The Licensed Software may not be transferred and is provided AS IS without warranty of any kind. You are solely responsible to take appropriate measures to back up Your

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Legal Notice

53

system and take other measures to prevent any loss of files or data. The Licensed Software may contain an automatic disabling mechanism that prevents its use after a certain period of time. Upon expiration of the Licensed Software Evaluation Period, You will cease use of the Licensed Software and destroy all copies of the Licensed Software. All other terms and conditions of this License Agreement shall otherwise apply to Your evaluation of the Licensed Software as permitted herein. 12. U.S. GOVERNMENT RESTRICTED RIGHTS. The Licensed Software is deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Licensed Software - Restricted Rights" and DFARS 227.7202, Rights in Commercial Computer Licensed Software or Commercial Computer Licensed Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software by the U.S. Government shall be solely in accordance with the terms of this License Agreement. 13. EXPORT REGULATION. You acknowledge that the Licensed Software and related technical data and services (collectively "Controlled Technology") are subject to the import and export laws of the United States, specifically the U.S. Export Administration Regulations (EAR), and the laws of any country where Controlled Technology is imported or re-exported. You agree to comply with all relevant laws and will not to export any Controlled Technology in contravention to U.S. law nor to any prohibited country, entity, or person for which an export license or other governmental approval is required. All Symantec products, including the Controlled Technology are prohibited for export or re-export to Cuba, North Korea, Iran, Syria and Sudan and to any country subject to relevant trade sanctions. You hereby agree that You will not export or sell any Controlled Technology for use in connection with chemical, biological, or nuclear weapons, or missiles, drones or space launch vehicles capable of delivering such weapons. 14. TERMINATION. This License Agreement shall terminate upon Your breach of any term contained herein. Upon termination, You shall immediately stop using and destroy all copies of the Licensed Software. 15. SURVIVAL. The following provisions of this License Agreement survive termination of this License Agreement: Definitions, License Restrictions and any other restrictions on use of intellectual property, Ownership/Title, Warranty Disclaimers, Limitation of Liability, U.S. Government Restricted Rights, Export Regulation, Survival, and General. 16. GENERAL. 16.1. ASSIGNMENT. You may not assign the rights granted hereunder or this License Agreement, in whole or in part and whether by operation of contract, law or otherwise, without Symantecs prior express written consent. 16.2. COMPLIANCE WITH APPLICABLE LAW. You are solely responsible for Your compliance with, and You agree to comply with, all applicable laws, rules, and

54

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Legal Notice

regulations in connection with Your use of the Licensed Software. 16.3. AUDIT. An auditor, selected by Symantec and reasonably acceptable to You, may, upon reasonable notice and during normal business hours, but not more often than once each year, inspect Your records and deployment in order to confirm that Your use of the Licensed Software complies with this License Agreement and the applicable License Instrument. Symantec shall bear the costs of any such audit, except where the audit demonstrates that the Manufacturers Suggested Reseller Price (MSRP) value of Your non-compliant usage exceeds five percent (5%) of the MSRP value of Your compliant deployments. In such case, in addition to purchasing appropriate licenses for any over-deployed Licensed Software, You shall reimburse Symantec for the auditors reasonable actual fees for such audit. 16.4. GOVERNING LAW; SEVERABILITY; WAIVER. If You are located in North America or Latin America, this License Agreement will be governed by the laws of the State of California, United States of America. If you are located in China, this License Agreement will be governed by the laws of the Peoples Republic of China. Otherwise, this License Agreement will be governed by the laws of England. Such governing laws are exclusive of any provisions of the United Nations Convention on Contracts for Sale of Goods, including any amendments thereto, and without regard to principles of conflicts of law. If any provision of this License Agreement is found partly or wholly illegal or unenforceable, such provision shall be enforced to the maximum extent permissible, and remaining provisions of this License Agreement shall remain in full force and effect. A waiver of any breach or default under this License Agreement shall not constitute a waiver of any other subsequent breach or default. 16.5. THIRD PARTY PROGRAMS. This Licensed Software may contain third party software programs (Third Party Programs) that are available under open source or free software licenses. This License Agreement does not alter any rights or obligations You may have under those open source or free software licenses. Notwithstanding anything to the contrary contained in such licenses, the disclaimer of warranties and the limitation of liability provisions in this License Agreement shall apply to such Third Party Programs. 16.6. CUSTOMER SERVICE. Should You have any questions concerning this License Agreement, or if You desire to contact Symantec for any reason, please write to: (i) Symantec Enterprise Customer Care, 555 International Way, Springfield, Oregon 97477, U.S.A., (ii) Symantec Enterprise Customer Care Center, PO BOX 5689, Dublin 15, Ireland, or (iii) Symantec Enterprise Customer Care, 1 Julius Ave, North Ryde, NSW 2113, Australia. 16.7. ENTIRE AGREEMENT. This License Agreement and any related License Instrument are the complete and exclusive agreement between You and Symantec relating to the Licensed Software and supersede any previous or contemporaneous oral or written communications, proposals, and representations with respect to its subject matter. This License Agreement prevails over any conflicting or additional terms of any purchase order, ordering document, acknowledgement or confirmation or other document issued by You, even if signed

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Legal Notice

55

and returned. This License Agreement may only be modified by a License Instrument that accompanies or follows this License Agreement. 17. ADDITIONAL TERMS AND CONDITIONS. Your use of the Licensed Software is subject to the terms and conditions below in addition to those stated above. 17.1. You may use the Licensed Software for the number of licensed User(s) and at the Use Levels as have been licensed to You by Symantec herein and as indicated in the applicable License Instrument. Your License Instrument shall constitute proof of Your right to make and use such copies. For purposes of this License Agreement, User(s) means an individual person and/or device authorized by You to use and/or benefits from the use of the Licensed Software, or is the person and/or device who actually uses any portion of the Licensed Software. 17.2. Notwithstanding anything to the contrary contained in this License Agreement, if the Licensed Software is Symantec Endpoint Protection, each running instance (physical and/or virtual) of such Software must be licensed. You create an instance of software by executing the softwares setup or install procedure. You also create an instance of software by duplicating an existing instance. References to software include instances of the software. You run an instance of software by loading it into memory and executing one or more of its instructions. Once running, an instance is considered to be running (whether or not its instructions continue to execute) until it is removed from memory. 17.3. Privacy; Data Protection. From time to time, the Licensed Software may collect certain information from the device on which it is installed, which may include: (i) Information regarding installation of the Licensed Software. This information indicates to Symantec whether installation of the Licensed Software was successfully completed and is collected by Symantec for the purpose of evaluating and improving Symantecs product installation success rate. This information will not be correlated with any personally identifiable information. (ii) Information on potential security risks as well as URLs of websites visited that the Licensed Software deems potentially fraudulent. This information is collected by Symantec for the purpose of evaluating and improving the ability of Symantecs products to detect malicious behavior, potentially fraudulent websites and other Internet security risks. This information will not be correlated with any personally identifiable information. (iii) Portable executable files that are identified as malware. These files are submitted to Symantec using the Licensed Softwares automatic submission function. The collected files could contain personally identifiable information that has been obtained by the malware without your permission. Files of this type are being collected by Symantec only for the purpose of improving the ability of Symantecs products to detect malicious behavior. Symantec will not correlate these files with any personally identifiable information. Such automatic submission function may be deactivated after installation by following the instructions in the Documentation for applicable products. (iv) The name given during initial setup to the device on which the Licensed Software is being installed. If collected, the name will be used by Symantec as an account

56

Release Notes: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control, version 12.1 Release Update 1: Updated: Tuesday, October 25, 2011 Legal Notice

name for such device under which you may elect to receive additional services and/or under which you may use certain features of the Licensed Software. You may change the account name at any time after installation of the Licensed Software (recommended). (v) The International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) for the mobile telecommunications device used with the Licensed Software. This information is being collected for the purpose of being able to identify the telecommunications device eligible to receive Content Updates for the Licensed Software. This information will not be correlated with any other personally identifiable information. (vi) Other information used for purposes of analyzing and improving the functionality of Symantecs products. This information will not be correlated with any personally identifiable information. The collected information as set out above is necessary for the purpose of optimizing the functionality of Symantecs products and may be transferred to the Symantec group in the United States or other countries that may have less protective data protection standards than the region in which You are situated (including the European Union), but Symantec has taken steps so that the collected information, if transferred, receives an adequate level of protection. Symantec may disclose the collected information if asked to do so by a law enforcement official as required or permitted by law or in response to a subpoena or other legal process. In order to promote awareness, detection and prevention of Internet security risks, Symantec may share certain information with research organizations and other security software vendors. Symantec may also use statistics derived from the information to track and publish reports on security risk trends. By using the Licensed Software, you acknowledge and agree that Symantec may collect, transmit, store, disclose and analyze such information for these purposes.

Вам также может понравиться