Michigan Security User Group

 View Only
Back to discussions
Expand all | Collapse all

SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

  • 1.  SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 09:06 AM

    Hi Everyone -

    Just wanted to pass along this nugget of info:

    There is a bug in SEPM 11.0.6 where the 'php-cgi.exe' process (or multiple instances, like we saw) will consume 100% CPU even at idle.  I opened a case yesterday regarding this, and about an hour later, was informed that SEP 11.0.6A was released which addresses this issue.  I upgraded this morning and the issue was resolved.

    11.0.6A can be downloaded via fileconnect.

    The upgrade process was identical to moving from 11.0.5 -> 11.0.6.

    Hope this helps!

    -Craig


  • 2.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 09:22 AM

    This is a SEP issue, not a Helpdesk Solution problem. Thank you for providing the updated information.


  • 3.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 09:27 AM
    Hi Jim,

    I agree, but there wasn't anything even close to SEP-related in the drop-down I was presented with while posting.  Helpdesk was the closest thing there.

    -Craig


  • 4.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 12:55 PM
    There's a second fix in 6a as well:

    Deploying or migrating clients when using multi-byte character group names in the Symantec Endpoint Protection Management console
    Fix ID: 2020545
    Symptom: If you create groups with names that use a double-byte character set, you cannot add new RU6 clients to those groups through any form of installation. New clients are automatically placed into the Default group.
    Solution: With RU6, clients were incorrectly parsing DBCS characters resulting in a corrupt group name. When registering with the Symantec Endpoint Protection Manager using a corrupt group name, clients are placed into the Default group. With this fix, client-side changes were made to parse DBCS group names correctly.

    Periodic CPU spike when using Symantec Endpoint Protection Manager Java console
    Fix ID: 2022713
    Symptom: With RU6, a periodic CPU spike occurs when a user selected the Policies, Clients, or Admin page in the Symantec Endpoint Protection Manager Java-based console.
    Solution: This issue was caused by a periodic refresh of the Home page to prevent a time-out of the PHP session. The refresh task now refreshes the Reports page, which consumes fewer resources. In addition, you can now configure the refresh time by setting the scm.keepalivescheduleminute value in the conf.properties file.

    I have installed (via auto-upgrade) this throughout my network segment today and so far all is well!

    Thanks and best regards,

    Mick


  • 5.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 03:18 PM

    Hi Craig,

    For future reference, the SEP forum is listed under Security.


    Cheers,
    Thomas


  • 6.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 04:28 PM

    I am not noticing this behavior on my RU6 install. I'm wondering under what circumstances (say, server roles, software installed, etc...) where we would see the CPU usage issue. Any ideas?

    Mike


  • 7.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 05:03 PM
    @postechgeek

    Below are the two scenarios which you would see the problem. Test them out and you should see the errors.

    The first fix: If you create groups with names that use a double-byte character set, you cannot add new RU6 clients to those groups through any form of installation. New clients are automatically placed into the Default group.

    The second: With RU6, a periodic CPU spike occurs when a user selected the Policies, Clients, or Admin page in the Symantec Endpoint Protection Manager Java-based console.

    Cheers
    Grant


  • 8.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 05:23 PM

    Does anyone know now when will be released the RU6a in other languages???


  • 9.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 05:24 PM

    Like postechgeek, neither have I seen this.  Just to be sure I understand the RU6a patch, I use the United States English version, so I presume I'm not using the double-byte character set (DBCS).  As for the console, I use the SEPM console while logged onto the SEPM server.

    I never noticed this before.  So I started Task Manager, let the SEPM console sit there on the Clients section; and after a while I saw a 100% spike.  Checked the processes and sure enough there were two php-cgi.exe processes with the IUSR_<name> running the 100%.  Thanks for the clarification CraigL.



  • 10.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 05:26 PM

    There is no ETA on that , Please subscribe yourself to our email bulletin service to stay abreast with the latest product updates. The link for this is as follows:
    http://www.symantec.com/business/support/news_bulletins/index.jsp


  • 11.  RE: SEP 11.0.6A Released -- If you upgraded to SEPM 11.0.6, READ THIS!

    Posted Apr 29, 2010 05:46 PM

    I'm just asking because I'm waint for RU6 in Portugues, I had a problem with the RU5 when you block USB storage on the network also i got most of exe files blocked also I know that is been solved on the RU6, but my console is in portugues and symantec support saind to waint for the RU6 so now has been released RU6a...so that's mean that i will waint too long to get my problem solved!!!

    Thank's