Houston Security User Group

 View Only

  • 1.  SEP 12.1 RU1 MP1 and Network Printers

    Posted Jun 22, 2012 02:08 PM

    Not sure it is a SEP problem yet. Still doing the analysis.

    We are running a pilot of SEP 12.1 RU1 MP1, upgrading from 12.1 RU1, using the SEPM to do the upgrade. Some of the people are reporting that they are prompted to install printer drivers after the SEP upgrade. All of the reported printers appear to be networked printers. Doesn't make sense, but I've seen stranger things happen.

    We have an App & Device Control policy, but are only using App Control. App Control only blocks some applications and also logs transfers to USB devices.

    Intrusion Prevention policies allow our servers.

    Once prompted to re-install the drivers, everything works fine.

    I know there was an MS security update this month for kernel-mode drivers, but we have a GPO that disables installing kernel-mode drivers. I'm not dismissing the possiblility that this update caused it, but I can't dismiss the SEP upgrade causing it either.

    My other problem is that they waited a couple of days to report the problem, and I haven't been able to re-create it yet.

    There is nothing about printers in the Windows event logs, and nothing in the SEP logs about blocking/deleting printer drivers.

    Has anyone ever seen anything like this?



  • 2.  RE: SEP 12.1 RU1 MP1 and Network Printers

    Posted Jun 26, 2012 02:41 AM

    Hello,

     

    As i'm running a pilot to 12.1 RU1 MP1 and also have a bunch of network printers, i'd like to keep a look for that issue ...

    For now, none of my tests clients had this but if ever ....

    I've just migrated my own client to 12.1 RU1 MP1 but no printer drivers installation was needed (running on Win 7 ent. 64bits)



  • 3.  RE: SEP 12.1 RU1 MP1 and Network Printers

    Posted Jun 26, 2012 05:23 AM

    Try to create a case with tech support. I don't believe this is a known issue.

     

    QuickStart Guide - Create and Manage Support Cases in SymWISE

    http://www.symantec.com/docs/HOWTO31132

    Create and Manage Support Cases

    http://www.symantec.com/business/support/index?page=content&id=HOWTO31091

    Contact Business Support

    http://www.symantec.com/support/contact_techsupp_static.jsp



  • 4.  RE: SEP 12.1 RU1 MP1 and Network Printers

    Posted Jun 26, 2012 08:18 AM

    Until I can point to the SEP upgrade as a cause, I can't see opening a case with support. If it were happening to all upgrades, I'd consider it, but since it has only been a few, I'd rather keep them out of it.



  • 5.  RE: SEP 12.1 RU1 MP1 and Network Printers

    Posted Jul 09, 2012 02:13 PM

    Security updates went out a week prior to our SEP pilot. There was a patch for kernel mode drivers, so for now, I'm calling this an issue with a security update and not SEP.

    We're starting the rollout to the remainder of the company this week, so if there are any more printer issues, I'll have to change my mind.