Endpoint Protection

 View Only

  • 1.  SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Feb 13, 2013 11:38 AM

    I'm going to try and keep this short and sweet.

    Basically, a user has a manufacturing system with two NIC's installed on a system. One is for a local infrastructure connecting to other manufacturing devices and the other is for the actual corporate infrastructure. Now, this tool requires a constant network connection (3-way handshake) at all times to remain connected and cannot be disrupted. Currently, SEP 12.1 RU2 is running on the system with Network Threat Protection (NTP-IPS). Each time virus definitions are updated on the device it appears to reset the active connection and cause it to drop offline and disconnect from the manufacturing systems.

    I've confirmed the event log states that LiveUpdate kicked off at least 30 minutes prior before each network drop. I've talked to support about this and they've brushed me off stating this issue would be fixed with 12.1 RU2 (what a load of crap). Anyway, has anyone else encountered this issue? If so, please share some details. Keep in mind this isn't the only system I've encountered this with and disabling NTP has prevented this issue from happening again. Personally, I don't like keeping a critical system unprotected, but this might be the only solution.

    Note: I think the next steps will be to take a packet capture and analyze them at the time of each liveupdate event.



  • 2.  RE: SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Feb 13, 2013 11:41 AM

    Haven't seen or heard of this issue but this needs to be pushed past first level support and kicked over to back line engineering. Do you have an SE that can escalate this?



  • 3.  RE: SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Feb 13, 2013 11:47 AM

    Yes, I had requested to push this above past the first level, but they routed me back to a first level guy. Then I requested again to have this escalated, still the same result. Have had nothing but terrible support from India.



  • 4.  RE: SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Feb 13, 2013 11:47 AM

    Sorry, as far as an SE, yes. I think this will be the next step.



  • 5.  RE: SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Feb 13, 2013 11:51 AM

    Get your SE involved and also request to support to have the case escalated immediately.



  • 6.  RE: SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Feb 13, 2013 09:13 PM

    You'll need an Advance Support.... you can request to talk with on-duty manager for further push your case.



  • 7.  RE: SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Mar 19, 2013 12:37 AM

    Did you find a resolution for this issue?

    Have a number of workstations/servers (Windows 7, 2008, 2008 R2) with this issue.



  • 8.  RE: SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Mar 19, 2013 12:41 AM

    Refer here also, though the post marked as the solution did not work for me.

    https://www-secure.symantec.com/connect/forums/upgrade-sep-1107-1212-kills-network-connection

    Will try CleanWipe.

     

     



  • 9.  RE: SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Mar 25, 2013 07:31 PM

    The E-Track for this issue is 3063813



  • 10.  RE: SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

    Posted Mar 26, 2013 02:51 AM

    Hi

    Kindly SEP client

    Regards