Known issues and workarounds for Symantec Endpoint Protection
The items in this section apply to this release of
Symantec Endpoint Protection.
Description and solution
Symantec Endpoint Protection Managerin a dark network downloads old Client Intrusion Detection System (CIDS) content to new clients because LiveUpdate does not run during an upgrade [14.3 RU1]
When a 14.3 RU1 Symantec Endpoint Protection Manager cannot access either the Internet or a LiveUpdate Administrator (LUA) server, it keeps old, incompatible content in its cache. This old content is normally delivered to the new clients. To update the content in the management server's cache, you manually download certified virus definitions and CIDS .jdb files. [SEP-69125]
To make sure that the new clients do not get old content, manually install a CIDS .jdb file on SEPM before you install new clients or upgrade old clients.
Cannot log on to Symantec Endpoint Protection Manager (SEPM) when the network interface card is disabled [14.3 RU1]
If after you install Symantec Endpoint Protection Manager, you cannot log on to the console and the following error message appears:
Unexpected server error
This issue may occur if the computer's network interface card is disabled when you installed the SEPM, which keeps the server certificate from being generated. [SEP-67040]
To find out if SEPM was installed with a disabled network interface card, look at the server certificate.
When you uninstall SEPM and use the option to remove the default database and leave the SQL Server Express instance, the following error appears: "
An error occurred while trying to connect to the database server" [14.3 RU1]
If you uninstall the Symantec Endpoint Protection Manager and select the
Remove only the DB and leave the SQL Server Express instance installed with SEPMoption, you may see the following error: "
An error occurred while trying to connect to the database server." This issue occurs after you add the credentials for the default user DBA and may be related to user privileges. [SEP-68670]
To work around this issue, perform the uninstallation by running the SEPM setup.exe file and clicking the
Remove only the DB and leave the SQL Server Express instance installed with SEPMoption during uninstallation.
A SQL Server upgrade from version 2017 to version 2019 fails with FIPS mode enabled [14.3]
You may see the error: "The following error has occurred. An error occurred while installing extensibility feature with error message: AppContainer Creation Failed with error message NONE, state. This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." This occurs if you have a FIPS-enabled Symantec Endpoint Protection Manager 14.3 and you upgrade from the Microsoft SQL Server 2017 to 2019. [SEP-61473]
To work around this issue, disable FIPS at the operating system level:
Custom names may prevent the firewall policy from updating during an upgrade to 14.2 or later
If possible, revert any changed names back to the default. Otherwise, ensure that any custom rules that you added to a default policy do not block IPv6 communication in any way. Ensure the same for any new policies or rules that you add.
For an upgrade to Symantec Endpoint Protection 14.2 or later, firewall policies cannot incorporate the changes for IPv6 if you changed some default names. The default names include the names of default policies and default rule names. If the rules cannot be updated during the upgrade, the IPv6 options do not appear. Any new policies or rules that you create after the upgrade are not affected.
Description and solution
Some EDR events do not appear on the client [14.3 RU1]
The Symantec Endpoint Protection client must run Windows 10 build 14393 or later to collect Symantec EDR Event Tracing for Windows (ETW) events. [SEP-67175]
The Network Traffic Redirection feature has some limitations [14.3 RU1]
The tunnel method is currently considered a beta feature.
Duplicate agent enrollment entries after the upgrade from 14.2.x to 14.3 MP1 and later [14.3 RU1]
Upgrading the Symantec Endpoint Protection clients from 14.2.x to 14.3 MP1 and later creates duplicate agent enrollment entries for these clients on the
Clientspage in Symantec Endpoint Protection Manager.
There is no functional impact and you can continue working with the new entries for 14.3 RU1 clients. Symantec Endpoint Protection Manager will remove older agent entries.
Allow URLs in Symantec Endpoint Security if you use the hybrid management option, proxy servers or a perimeter firewall [14.3]
With Broadcom’s acquisition of Symantec Enterprise Security, the URLs for client-to-cloud communication changed in 18.104.22.168. [CDM-42467]
You must upgrade your clients to version build 14.2.5569.2100 or later in the following situation
You allow the URLs in either fully cloud-managed or hybrid-managed agents, allow thein your proxy server and/or perimeter firewall.
The Symantec Endpoint Protection Manager remote console no longer supports the 32-bit Windows platform [14.3]
In 14.3 and later, you cannot log on to the Symantec Endpoint Protection Manager remote console if you run a 32-bit version of Windows. The Oracle Java SE Runtime Environment no longer supports 32-bit versions of Microsoft Windows. [SEP-61106]
If you see the following message, log on to Symantec Endpoint Protection Manager locally:
"This version of C:\Users\Administrator\Downloads\Symantec Endpoint Protection Manager Console\bin\javaw.exe is not compatible with the version of Windows you're running. Check your computer's system information and then contact the software publisher."
"Failed to install Microsoft Visual C++ Runtime" error appears while you install Symantec Endpoint Protection Manager [14.3]
You may see the following error while installing the Symantec Endpoint Protection Manager on Windows 2012 R2: “Failed to install Microsoft Visual C++ Runtime” [SEP-60396]
To work around this issue, activate Windows and install the Windows updates. The Windows update installs the Visual C++ 2017 redistributable, which is a prerequisite for the Symantec Endpoint Protection Manager 14.3 installation on Windows 2012 R2.
Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows [14.3]
After you upgrade to or install a Symantec Endpoint Protection Manager version 14.3 that is enrolled in the cloud console, the management server no longer uploads logs successfully to the cloud. In the uploader.log you may see the following error:
This issue is caused by a missing Microsoft update that provides support for TLS 1.1 and 1.2.
To solve the issue, install Microsoft update: KB3140245. For more information, see:
"Deployment in progress" still appears in Symantec Endpoint Protection Manager after the client receives an updated policy for Endpoint Threat Defense for AD [14.2 RU1 MP1 and later]
You apply a policy for Symantec Endpoint Threat Defense for Active Directory 3.3 to a group. This group contains some clients that run Symantec Endpoint Protection 14.2 RU1 or earlier. These clients receive and apply the policy as expected, but the status in Symantec Endpoint Protection Manager continues to show the message Deployment in progress.
This behavior is expected. Endpoint Threat Defense for AD 3.3 policies are only supported on the client as of version 14.2 RU1 MP1.
Description and solution
Upgrade installation package that is used for clean installation installs default feature set. [14.3 RU1 MP1 and earlier]
If you create an upgrade installation package with
Maintain existing client features when updatingoption checked, and use this package to do a clean installation, the default feature set will be installed on your client device.
If you want to install a custom feature set, you must create a separate installation package for the clean installation.
Unsupported upgrade path creates duplicate devices in cloud console. [14.3 RU1]
Upgrading your macOS from 10.15 to 11.0 before upgrading the Symantec Agent for Mac from 14.2/14.3 to 14.3 RU1 creates duplicate devices in cloud console.
To avoid duplicates, you must upgrade the client before upgrading the operating system (i.e. upgrade the Symantec Agent for Mac from 14.2/14.3 to 14.3 RU1 and then upgrade macOS from 10.15 to 11.0.).
Incorrect messages in the Symantec Agent for Linux installer log. [14.3 RU1]
In some cases, the agent installer logs incorrect messages related to a non-matching driver version or a required reboot.
These messages do not affect the functionality of the agent.
On a SuSe Linux device, zypper removes the SEP Linux client packages while removing the 'at' package. [14.3 RU1]
On a SuSe Linux device, the command 'zypper remove at' removes the SEP Linux client packages because the 'at' package is added as a required dependent package and the zypper commands automatically attempt to remove the SEP client packages 'sdcss-kmod' and 'sdcss-sepagent' as the packages with unused dependencies.
Workaround:To remove the 'at' package, run the following command: rpm -e --nodeps at
Upgrade issue on macOS 10.15 and later [14.3 MP1]
On macOS 10.15 and later, the
Install Symantec Endpoint Protection to Remote Computersfeature in the Client Deployment Wizard fails to upgrade the Symantec Endpoint Protection client from older versions to version 14.3 MP1.
Symantec Endpoint Protection Manager Auto Upgradeto perform the Symantec Endpoint Protection client upgrade on macOS 10.15 and later.
The Symantec Endpoint Protection 14.3 Windows client installation may fail unless you first install SHA-2 support [14.3]
If you run legacy operating system versions (Windows 7 RTM or SP1, Windows Server 2008 R2 or R2 SP1 or R2 SP2), you are required to have SHA-2 code signing support installed on your devices to install Windows updates released on or after July 2019. Without SHA-2 support, the Windows client installation sometimes fails. The installation may fail whether you install clients for the first time or automatically upgrade from a previous release. [SEP-61175/61403]
2019 SHA-2 Code Signing Support requirement for Windows and WSUS
To get Microsoft enforced SHA-2 code signing support, see:
The Symantec Endpoint Protection Windows client does not run when installed on Windows 10 1803 with UWF enabled [14.3]
If the Symantec Endpoint Protection client runs on the Windows 10 RS4 1803 32-bit operating system when the Unified Write Filter (UWF) is enabled and protecting the drive on which the Windows client is installed, the client does not run properly. This Windows operating system contains a UWF defect that prevents the Windows client from running.
To work around this issue:
Mac clients that enable WSS Traffic Redirection do not honor custom proxy settings for LiveUpdate [14.2 RU1 MP1 and later]
To work around this issue, only use custom proxy settings for LiveUpdate when WSS Traffic Redirection is disabled.
You have configured your managed Mac clients for Symantec Endpoint Protection 14.2 RU1 MP1 or later to use custom proxy settings for LiveUpdate through External Communications Settings. After you enable WSS Traffic Redirection (WTR) for your Mac clients through the Symantec Endpoint Protection Manager policy, however, you find that LiveUpdate traffic no longer honors your custom proxy settings. Instead, LiveUpdate attempts a direct connection.
Microsoft Edge unexpectedly allows PDF downloads with Hardening enabled [14.2 RU1 MP1 and later]
A fix for this issue is planned for a future release.
With Application Hardening enabled in the Symantec Endpoint Protection client, you are unexpectedly able to download PDF files if you use the Microsoft Edge browser. The prevention of the download of PDF files works as expected with other browsers.
With Broadcom’s recent announcement that Symantec Enterprise Protection has officially joined Broadcom, Symantec migrated the documentation to the Broadcom Symantec Security Tech Docs Portal.
To find Endpoint Protection documentation, click the
Symantec Security Softwaretab, then click
Endpoint Security and Management>
Description and solution
HOWTO articles have been expired.
The HOWTO articles, which were duplicates of the topics in the Symantec Endpoint Protection Manager Help, have been republished on the Endpoint Protection site and now have a different URL.
To find an article, use the
To find the release most recent version of the PDF file, go to the Related Documents page. In the future, Broadcom will be adding legacy PDF files and translated PDF files.
Symantec posted all PDF files on DOC articles. These pages have been expired.
For resolved issues, see: