====================================================================================
Symantec Endpoint Protection README.TXT Date: April 2008
Copyright (c) 2008 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, LiveUpdate, Sygate, Symantec AntiVirus, Bloodhound, Confidence Online, Digital Immune System, Norton, and TruScan are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

====================================================================================


====================================================================================

README FILE

Please review this document in its entirety before you install or roll out Symantec Endpoint Protection, or call for technical support. It contains information that is not included in the Symantec Endpoint Protection documentation or the online Help.

====================================================================================


====================================================================================

TABLE OF CONTENTS

This document contains the following sections:

* System requirements

* Installation and uninstallation

* Migration

* Symantec Endpoint Protection Manager

* Symantec Endpoint Protection Manager policy

* Symantec Endpoint Protection client

* Documentation

* Third-party Issues

* Symantec Software License Agreement

====================================================================================

====================================================================================

====================================================================================

SYSTEM REQUIREMENTS
====================================================================================

----------------------------------------------------
Latest information about supported operating systems
----------------------------------------------------
After the product release, system requirements might change due to changes in supported operating systems, such as a service pack release. To view the latest system requirements, see the Symantec Technical Support Knowledge Base at the following URL:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112580548


====================================================================================

INSTALLATION AND UNINSTALLATION
====================================================================================

--------------------------------------------------
Auto-upgrades might not start for up to four hours
--------------------------------------------------
You can import an installation package into Symantec Endpoint Protection Manager and assign the package to a group. After you assign the package, the auto-upgrade process might take up to four hours to begin updating clients in the group.

To force the auto-upgrade process to start immediately, run LiveUpdate on the Symantec Endpoint Protection Manager. Although LiveUpdate might not download new content, LiveUpdate forces the auto-upgrade package to generate and begin updating the clients.

----------------------------------------------
Installing the client with the cache on or off
----------------------------------------------
You can install the client with the cache on or off. If you install the client with the cache on, you can also specify a custom location.

To install with the cache off, use the following MSI command:

msiexec /i "MSI FILE" CACHEINSTALL=0

To install with the cache on (default) and to specify a custom location for the install cache, use the following MSI command:

msiexec /i "MSI FILE" CACHEINSTALL=1 CACHED_INSTALLS="cache location"

------------------------------------------------------------------------------------
BEST PRACTICE: Deploy silent installation packages on computers that run Microsoft Vista or Windows 2008 Server
------------------------------------------------------------------------------------
When you add installation packages to a group or export installation packages, you can select the Interactive mode (feature) so that users can interact with the installation or upgrade. However, interactive installations fail on the following operating systems:

- 32-bit or 64-bit Windows 2008 Core
- 32-bit or 64-bit Windows 2008 Full
- 64-bit Windows Vista, Service Pack 0 or 1

For these operating systems you must use silent or unattended installation packages.

------------------------------------------------------------------------------------
Interactive and some unattended installation types trigger Windows Vista user prompts
------------------------------------------------------------------------------------
On 32-bit Windows Vista (Service Pack 0 or Service Pack 1), when you remotely deploy Symantec client software, such as with the Push Deployment Wizard, the interactive and some unattended installation types trigger Windows Vista user prompts. The first user prompt appears as "A program can't display a message on your desktop." To complete the installation, users must select "Show me the message," click through the Symantec client installation prompts, and then automatically log off of Vista before the installation completes. When the user logs on again, the user selects "Show me the message" again, and the client installation completes.

The Vista user prompts appear during the following upgrade scenarios:

- Using a Symantec Endpoint Protection Manager exported package marked as Interactive

- Using a Symantec Endpoint Protection Manager or a Migration and Deployment Wizard exported package marked as Unattended AFTER an Interactive package was attempted (and stopped or canceled).

- Using the console's auto-upgrade feature and a pre-installation check failed or a pending restart is needed.

- Using an incorrect or pre-installation checked and blocked package on the following operating systems:
  -> 64-bit package on 32-bit system
  -> 32-bit package on 64-bit system

- Using an incorrect or pre-installation checked and blocked package for the following reasons:
  -> Pending restart needed
  -> Symantec Network Access Control during migration from legacy Symantec client software

The Vista prompts do not appear during the following upgrade scenarios:

- When you choose the silent installation type for all Vista remote deployments
- When you choose an unattended installation type that does not fail a pre-installation check
- When you deploy unmanaged software from a client software CD installation directory, which is an interactive installation type. The deployment acts as a silent installation type.

BEST PRACTICE: Deploy silent client installation packages to Microsoft Vista operating systems.

------------------------------------------------------------------------------------
BEST PRACTICE: Do not install Network Threat Protection on client computers that currently run third-party firewalls.
------------------------------------------------------------------------------------
Do not install Network Threat Protection on client computers that currently run third-party firewalls. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Third-party firewalls include Microsoft ISA firewall and Windows Firewall.

-------------------------------
About the auto-upgrade process
-------------------------------
Auto-upgrade is the term used to describe the process of adding a new client installation package to a group. When you add a new installation package to a group, the Symantec Endpoint Protection Manager automatically upgrades the clients in the group to the new version of the client software. You can add new client packages to groups from both the Clients and Admin pages in the console.

Note: You must restart client computers at least once since the last installation before you use auto-upgrade. For example, if you upgraded the client computers to Maintenance Release 1, you must reboot the computers before you auto-upgrade the computers to Maintenance Release 2.

The auto-upgrade process uses mdef25builder.exe on the computer that runs the Symantec Endpoint Protection Manager. This process creates the smallest possible upgrade package. You can see mdef25builder.exe running in the Task Manager during the auto-upgrade process. 

It takes mdef25builder five or more minutes to appear in the Task Manager once you add a new package to a group. The auto-upgrade processing time on the Symantec Endpoint Protection Manager takes a minimum of 30 minutes when you add a new package for the first time. Subsequent package additions to other groups do not take this long if the clients in the group run the same legacy software. When mdef25builder.exe disappears from the Task Manager, the package downloads to clients in a minute or more if you do not specify a schedule. If you specify a schedule, the package downloads to clients according to the schedule.

To verify that a package is downloading to clients, look for the \Program Files\Symantec\Symantec Endpoint Protection\Download folder to appear and be populated with either a .dax or .zip file. When the file disappears, the upgrade process is starting on the clients. The process can take 10 or more minutes.

------------------------------------------------------------------------------------
Symantec Endpoint Protection Manager auto-upgrade feature no longer fails for localized languages
------------------------------------------------------------------------------------
Prior to Maintenance Release 1, the Symantec Endpoint Protection client would receive localized product updates but fail to process them. This behavior was fixed in Maintenance Release 1.

If you are auto-upgrading from a version prior to Maintenance Release 1, you can force an update of the localized package.

Warning: This change applies the package to all clients in the group for all languages.  When using this workaround, we recommend that you put different language clients in different groups. For example, you would have one group for French clients, another group for Spanish clients, and so on.

Note: If you use a localized Symantec Endpoint Protection Manager to upgrade a Symantec Endpoint Protection client that uses the same language, you must perform steps 1 through 5 before you install the Symantec Endpoint Protection Manager.

To apply a localized product update

1. Insert CD1 from Maintenance Release 2 for your language.
2. Browse to the SEPM\PACKAGES folder.
3. Open the SAV32.info or SAV64.info file with a text editor. 
4. Change the "ClientLanguage" setting in the update file to English.  For
example, change ClientLanguage="French" to ClientLanguage="English". 
5. Save and close the .info file. 
6. Open the Symantec Endpoint Protection Console. 
7. On the Admin page, click Install Packages, and then click Add Client Install
Package. 
8. In the Add Client Install Package dialog box, type in a name and optional
description, and then click Browse. 
9. Browse to the modified .info file, select the file, and then click Select. 
10. Click OK. 
11. Under Tasks, click Upgrade Groups with Package. 
12. Click Next. 
13. Select the new client install package from the drop down list box, then
click Next. 
14. Check the groups that you want to upgrade, then click Next. 
15. Choose whether clients should download the client package from the
management server or from a URL, then click Next. 
16. Click Finish. 

This workaround is only required to deploy to clients that run the release of
Symantec Endpoint Protection prior to Maintenance Release 1.

-------------------------------------------------------------------------
Restart prompt appears if you use the REBOOT=suppress MSI command to install client packages that are configured with the restart option disabled
-------------------------------------------------------------------------
The restart prompt appears after installation if you install client packages configured with the reboot option disabled and you use the following MSI command:

msiexec /i "Symantec AntiVirus.msi" REBOOT=suppress

To make sure the reboot option does not appear after installation, use setup.exe instead to install the client packages or use the following MSI command:

msiexec /i "Symantec AntiVirus.msi" REBOOT=ReallySuppress

--------------------------------------------------------------------------------
Starting MSP from a command window when you upgrade 32-bit client computers causes a message to appear that instructs you to close the cmd.exe application 
--------------------------------------------------------------------------------
When you upgrade client computers by running the Windows MSP executable from a command window, the installer displays a message that instructs you to close the cmd.exe application and click Retry. This message appears on the Core Server installations of Windows Server 2008.

When the message appears, close the command window, and then click Retry to continue with the upgrade.

Note: This message also appears on 32-bit client computers that run other Windows operating systems if any command window is open when you upgrade.

-----------------------------------------------------------------------
When you export a Maintenance Release 2 client install package to Symantec AntiVirus 10.x clients, the clients become unmanaged
-----------------------------------------------------------------------
When you deploy a default client install package to a Symantec Antivirus 10.x client, the default sylink.xml file is installed, which makes the client unmanaged. 

To fix this problem, instead of using the default settings for the package, create custom installation settings. On the Admin page, click Install Packages. Under View Install Packages, click Client Install Settings. Click Add Client Install Settings. In the Client Install Settings dialog box, specify a name for the settings and uncheck "Remove all previous logs and policies, and reset the client-server communications settings".

You can use these settings when you export the package to the Symantec AntiVirus 10.x clients. In the Export Package dialog box, under Installation Settings and Features, select the custom settings that you created. When you export the package, the package contains the correct sylink.xml file for the clients.

-----------------------------------------------------------------------------
Scheduled automatic upgrades fail when upgrading previous versions of Symantec Endpoint Protection to Maintenance Release 2
-----------------------------------------------------------------------------
When you upgrade clients to Maintenance Release 2 by adding a new client install package to a group, and the clients in the group run previous versions of Symantec Endpoint Protection, you should turn off scheduling. Scheduling is on by default when you add a new client install package to a group. If scheduling is turned on, the upgrade fails. To turn off scheduling, in the Add Client Install Package dialog box, uncheck Upgrade Schedule.

-----------------------------------------------------------------------------------
When you use auto-upgrade, you must upgrade the Symantec Endpoint Protection Manager to Maintenance Release 2 before you import and deploy Maintenance Release 2 client packages
-----------------------------------------------------------------------------------
If you import Maintenance Release 2 client packages by using a Symantec Endpoint Protection Manager that runs Maintenance Release 1 (prior to upgrading to MR2), the auto-upgrade fails for Maintenance Release 1 clients. To resolve this issue, upgrade the Symantec Endpoint Protection Manager to Maintenance Release 2 before you import or try to deploy Maintenance Release 2 client packages by using auto-upgrade.

--------------------------------------------
Using a Web server to auto-upgrade clients from Maintenance Release 1 to Maintenance Release 2
--------------------------------------------
To complete the URL auto-upgrade of clients from Maintenance Release 1 to Maintenance Release 2, you should follow the steps here.

Note: The client computers must be restarted at least once since the last installation prior to this upgrade.

1. To ensure the Web server auto-upgrade starts in a timely fashion, temporarily set the heartbeat interval to a low number. In the console, click Clients, then select the group. On the Policies tab, click Communications Settings > Heartbeat Interval.

You can change the heartbeat interval after the auto-upgrade finishes for all the clients.

2. Add the client package to the group.

3. In the Add Client Install Package dialog box, enter the URL. Make sure you export the latest package to a single executable, which will be named setup.exe automatically. For example, the URL might look like the following:

http://192.168.1.118/setup.exe or http://mywebsite.com/setup.exe

4. Disable the Upgrade Schedule option since it does not work for upgrades to Maintenance Release 2.

------------------------------------------------------------------------------------
Successfully installing Symantec Endpoint Protection Manager on SQL Server 2005 64-bit edition
------------------------------------------------------------------------------------
If you install Symantec Endpoint Protection Manager and select to install a database on Microsoft SQL Server 2005 64-bit edition, the installer does not correctly locate the file named bcp.exe. The Management Server Configuration Wizard looks for bcp.exe in the directory named %SystemDrive?=%\Program Files\Microsoft SQL Server\90 \Tools\Binn. This directory is correct for Microsoft SQL Server 2005 32-bit edition, but is incorrect for the 64-bit edition.

The correct directory, which you must manually type, is %SystemDrive%\Program Files\Microsoft+ SQL Server\90\Tools\Binn. For example, C:\Program Files\Microsoft+ SQL Server \90\Tools\binn.

----------------------------------------------------------------------
Symantec Endpoint Protection Manager requires TCP port 9090 by default
----------------------------------------------------------------------
By default, the Symantec Endpoint Protection Manager uses TCP port 9090 for communication with remote Symantec Endpoint Protection Manager Consoles and management communication with client systems. If other software listens on this port, you cannot remotely connect to the Symantec Endpoint Protection Manager Console. The port conflict also affects management communication with client systems. If you must run the Symantec Endpoint Protection Manager Console on a computer that also requires other software that uses TCP port 9090, you can use the Management Server Configuration Wizard to specify a different port number for the Web console port.

Note that the wizard automatically sets the port to 9090 if you select Simple mode the first time you run the wizard. To change the port number after installation, you must run the Management Server Configuration Wizard and select the Reconfigure server option.

-------------------------------------------------------------------------------
Clearing the file cache after updating the Symantec Endpoint Protection Manager
-------------------------------------------------------------------------------
Symantec Endpoint Protection Manager caches and uses some php files in the temporary Internet files directory. If you update the Symantec Endpoint Protection Manager by installing it over a previous version, these cached files are not refreshed with potentially new php files. As a result, after the installation is complete, be sure to clear the Internet Explorer Temporary Files folder before you log onto the Symantec Endpoint Protection Manager. You can delete temporary Internet files in Internet Explorer 6 by clicking Delete Files under the Temporary Internet files group box on the General tab of the Internet Explorer Tools > Internet Options menu. In Internet Explorer 7, click Delete under Browsing History.

--------------------------------------------------------------------------------
Updating Host Integrity templates with LiveUpdate
--------------------------------------------------------------------------------
After upgrading Symantec Endpoint Protection Manager to Symantec Endpoint Protection Manager with Symantec Network Access Control, LiveUpdate does not automatically update the Host Integrity templates. To update the templates, you must explicitly check the Host Integrity templates check box in the Content Types to Download dialog box in the Symantec Endpoint Protection Manager Console. In the console, click Admin, and then click Servers. Under View Servers, select a site, and then click Site Properties. Click the LiveUpdate tab, and then click Change Selection in the Content Types to Download group box.
 
-----------------------------------------------------------------------
Symantec Endpoint Protection compatibility with Norton Confidential
-----------------------------------------------------------------------
Symantec Endpoint Protection does not work properly when Norton Confidential is installed on the same computer. If Symantec Endpoint Protection is installed first, Norton Confidential does not install and is blocked. If Norton Confidential is installed first, Symantec Endpoint Protection does install. If you install both software programs on the same computer, Symantec Endpoint Protection does not properly process the application whitelist. Proactive Threat Protection uses the application whitelist, which contains signatures for applications that are permitted to run on the client computer.

------------------------------------------------------------------------------------
Lotus Notes and Microsoft Outlook email protection are not installed by default when using the CD to install
------------------------------------------------------------------------------------
If Lotus Notes or Microsoft Outlook is not installed and running on the client computer, Antivirus and Antispyware email protection for Lotus Notes or Microsoft Outlook is not installed when you install Symantec Endpoint Protection from the CD. To install Lotus Notes or Microsoft Outlook email protection, customize the installation and check the email program that you want to protect. 

If Lotus Notes or Microsoft Outlook is installed and running on the client computer, then Antivirus and Antispyware email protection for Lotus Notes or Microsoft Outlook is automatically installed. Internet Email protection is never installed on server operating systems for performance reasons.

-------------------------------------------------
Antivirus protection installation files for Linux
-------------------------------------------------
Symantec AntiVirus protection installation files for Linux are included on the supplementary installation CD. The installation files are located in the folder named SAVFL, which includes installation and user documentation. Symantec AntiVirus for Linux is supported in unmanaged mode only.

-------------------------------------------------------------------------
LiveUpdate Server installation to DBCS-named directories is not supported
-------------------------------------------------------------------------
LiveUpdate Server installation in directories that contain the double-byte character set (DBCS) is not supported. If you install LiveUpdate Server in a directory that contains double-byte characters, LiveUpdate Server does not work properly. Installing LiveUpdate Server to a DBCS directory indicates a customized installation path. If you install LiveUpdate Server to the default path on a DBCS operating system, LiveUpdate Server works properly.

-----------------------------------------------------------------
Uninstalling Symantec Endpoint Protection Managers that replicate
-----------------------------------------------------------------
If you try to uninstall the Symantec Endpoint Protection Manager that is set up for replication, first disable replication. Then, restart the computer on which you want to uninstall Symantec Endpoint Protection Manager, and perform the uninstallation.

If you try to uninstall the Symantec Endpoint Protection Manager that was replicating and you receive a log file error, cancel the uninstallation, restart the computer, and then uninstall the Symantec Endpoint Protection Manager.

------------------------------------------------------------------------------------
Uninstalling Symantec Endpoint Protection with Remote Desktop from Vista to Vista is not supported
------------------------------------------------------------------------------------
If you use Remote Desktop on a computer that runs Microsoft Vista to uninstall Symantec Endpoint Protection on a computer that runs Windows Vista, the uninistallation does not work.

If you try the uninstallation from a computer that runs Microsoft Vista, a Microsoft Vista restart prompt appears, due to a pending change. If you restart Microsoft Vista and try to uninstall Symantec Endpoint Protection again, the Microsoft Vista restart prompt appears again, due to a pending change.

To work around this problem, you can uninstall Symantec Endpoint Protection from a computer that runs Windows XP. For example, you can start a Remote Desktop session from a computer that runs Windows XP and log on to a computer that runs Microsoft Vista and Symantec Endpoint Protection. You can then uninstall Symantec Endpoint Protection successfully.

--------------------------------------------
Uninstalling Symantec Network Access Control
--------------------------------------------
Before you can successfully uninstall Symantec Network Access Control, you must restart the computer on which you installed Symantec Network Access Control at least once. If you do not restart the computer, the uninstallation fails.

If you tried to uninstall Symantec Network Access Control without restarting the computer, the uninstallation process partially completes. To uninstall Symantec Network Access Control, you must reinstall Symantec Network Access Control, restart the computer, and then uninstall Symantec Network Access Control.

----------------------------------------------------------------
Upgrading Symantec Endpoint Protection to Maintenance Release 2 
----------------------------------------------------------------
If the client packages do not install properly on some client computers, try upgrading the Symantec Endpoint Protection Manager to Maintenance Release 2.


====================================================================================

MIGRATION
====================================================================================

---------------------------------------------
Web site for the latest migration information
---------------------------------------------
You can find the latest information about migration at the following Web site:

http://www.symantec.com/endpointsecurity/migrate

--------------------------------------------------
Upgrading from Symantec Policy Manager Maintenance Release 7 requires an upgrade tool
--------------------------------------------------
Upgrading from Symantec Policy Manager Maintenance Release 7 to Symantec Endpoint Protection Manager Maintenance Release 2 is not supported. If you want to upgrade, contact Symantec Technical Support for the upgrade tool and upgrade instructions. If you complete the upgrade without the tool, you compromise the functionality of the management server.

------------------------------------------------------------------------------------
Migrating legacy Symantec AntiVirus servers to Symantec Endpoint Protection clients does not unshare the VPHOME directory
------------------------------------------------------------------------------------
Legacy Symantec AntiVirus and Symantec Client Security servers create and use a shared directory. The location of the shared directory is \\Program Files\SAV. The name of the share is VPHOME. In some instances, after migration to the Symantec Endpoint Protection client, this directory and share is retained with read-only permission. 

To delete the VPHOME share:

1. Right-click the \\Program Files\SAV directory.
2. Click Properties.
3. In the SAV Properties dialog box, on the Sharing tab, click Do Not Share This Folder, if it is enabled. 

------------------------------------------------------------------------------------
Upgrading Symantec Network Access Control unmanaged client to Symantec Endpoint Protection unmanaged client requires a restart
------------------------------------------------------------------------------------
If you install a Symantec Network Access Control unmanaged client on a computer, and then install a Symantec Endpoint Protection client as an upgrade on the same computer, you must manually restart the computer. No restart prompt appears. The Symantec Endpoint Protection client status appears red until this restart occurs.


====================================================================================

SYMANTEC ENDPOINT PROTECTION MANAGER
====================================================================================

------------------------------------------------------------------------------------
Location awareness criterion that is based on a specific version of a Check Point VPN client
------------------------------------------------------------------------------------
A location awareness criterion that is based on a Check Point VPN connection is only supported with a Check Point VPN client version R56 or later.

If a network currently supports Check Point VPN client version R55 or lower, you must upgrade the Check Point VPN client to version R56 or later.  Check Point VPN client version R56 or later supports location awareness on the Symantec Endpoint Protection Manager.

----------------------------------------------------------------------------------
The Find Unmanaged Computers dialog shows the incorrect detection message for 64-bit Windows Vista Service Pack 0 or Service Pack 1
----------------------------------------------------------------------------------
The Find Unmanaged Computers dialog detects 64-bit Windows Vista Service Pack 0 or Service Pack 1 operating systems, but shows an incorrect message "Cannot determine Windows version." The message should show the operating system name.

-------------------------------------------------------------------------
Reports are saved as .php files instead of .mht files when using Windows XP and Internet Explorer version 6.0 with no service packs installed 
-------------------------------------------------------------------------
When you run Windows XP with none of its service packs installed, and use Microsoft Internet Explorer version 6.0 with none of its service packs installed, and you save a Symantec Endpoint Protection report, you are prompted to save the report as a .php file. 
 
To solve this issue, install a service pack for Windows XP and one for Internet Explorer version 6.0. If you do not want to install the service packs, you can save the report as prompted. Then, change the filename extension to .mht before you view it.

-----------------------------------------------------------------------------
Reporting pages may fail to appear if loopback addresses are disabled on the computer  
-----------------------------------------------------------------------------
If you have disabled loopback addresses on your computer, and you try to log on to the management console or to access the reporting functions, you see the following error message: 

Unable to communicate with Reporting component

The Home, Monitors, and Reports pages are blank; the Policies, Clients, and Admin pages look and function normally.

If you have disabled loopback addresses on your computer, you must associate the word localhost with your computer IP address.  You can use the Windows hosts file to do this.  For example, on computers running Windows XP, do the following:

1. Change the directory to the location of your hosts file. By default, the hosts file is located in%SystemRoot%\system32\drivers\etc.

2. Open the hosts file with an editor.

3. Add the following line to the file: 

   xxx.xxx.xxx.xx           localhost           # to log on to reporting functions

   where xxx.xxx.xxx.xx is replaced with the IP address of your computer. 

4. Save and close the hosts file.

--------------------------------------------------------------------------------
You can change the number of LiveUpdate content revisions in the Symantec Endpoint Protection Manager Console
--------------------------------------------------------------------------------
In Maintenance Release 2, you can use the management console to change the number of content revisions to keep on the management server. In the console, on the Admin page, click Servers. Under View Servers, select the site, and then under Tasks, click Edit Site Properties. In the Site Properties dialog box, click the LiveUpdate tab. Under Disk Space Management for Downloads, modify the number of content revisions to keep.

In previous versions of the Symantec Endpoint Protection Manager, you could change the number of content revisions by setting the scm.lucontentcleanup.threshold parameter in the conf.properties file. In Maintenance Release 2, the parameter is removed from the file.

The default for the number of content revisions to keep is 3. If you are upgrading from a previous release, the management console uses the scm.lucontentcleanup.threshold (if you set it in a previous release) rather than the default.

------------------------------------------------------------
Uni-lingual Support for Symantec Endpoint Protection Manager
------------------------------------------------------------
The Symantec Endpoint Protection Manager server supports a uni-lingual user interface. This means that a specific language operating system can only install and run that same language on the Symantec Endpoint Protection Manager Console. The end user must configure the user locale to be the same as the operating system language when running the Symantec Endpoint Protection Manager Console.

- A specific language Symantec Endpoint Protection Manager server only supports the Symantec Endpoint Protection Manager Console that is in English language or in the same specific language as the server.

- The Symantec Endpoint Protection Manager server and the Symantec Endpoint Protection Manager Console must both be configured to use a user locale that is the same as the operating system language.

------------------------------------------------------------------------------------
Logging into the Symantec Endpoint Protection Manager Console via Internet Browser fails if the name of an administrator is added by using a double-byte character set
------------------------------------------------------------------------------------
If you add the name of an administrator by using double-byte characters in the Symantec Endpoint Protection Manager, then the administrator can no longer log into the Symantec Endpoint Protection Manager Console with an Internet browser. The attempt to log into the Symantec Endpoint Protection Manager Console fails.

However, the administrator can still log into the Symantec Endpoint Protection Manager Java console directly rather than using an Internet browser.

--------------------------------------------------------------------
Symantec Endpoint Protection Manager fails to log in after repairing
--------------------------------------------------------------------
If you repaired the Symantec Endpoint Protection Manager through the Support Information window in Add or Remove Programs, you cannot log in to the Symantec Endpoint Protection Manager again.

To correct this:

1. Launch Add or Remove Programs, select the Symantec Endpoint Protection Manager, and click Change. 

2. In the Symantec Endpoint Protection Manager wizard, click Next, click Repair, and follow the instructions. 

3. When asked, enter the password you specified earlier for the MS SQL database.

4. When you complete the repair process, launch and log in to the Symantec Endpoint Protection Manager Console.

------------------------------------------------------------------------------------
Internet configuration settings needed to view the reporting functions in the Symantec Endpoint Protection Manager Console
------------------------------------------------------------------------------------
To view the information on the Home page, Monitors page, and Reports page in the Symantec Endpoint Protection Manager Console when using Internet Explorer, you must have some minimum Internet Options settings enabled. Click "Custom Level" on the Security tab of the Tools > Internet Options menu to find these settings.

The following settings must be enabled when using Internet Explorer 6:

- Under ActiveX controls and plug-ins: Initialize and script ActiveX controls not marked as safe

- Under Miscellaneous: Submit nonencrypted form data

- Under Miscellaneous: User data persistence

- Under Scripting: Active scripting

The following settings must be enabled when using Internet Explorer 7:

- Under Miscellaneous: Submit non-encrypted form data

- Under Scripting: Active Scripting

- Under Scripting: Allow status bar updates via script

----------------------------------------------------------------
Email reports sent to Microsoft Outlook may not format correctly
----------------------------------------------------------------
A scheduled email report that is generated and then sent to Microsoft Outlook may not be formatted correctly. The report might contain missing line feeds behind the different sections.

This issue occurs only when the recipient's Microsoft Outlook software has a particular setting enabled. In the E-mail Options pane, uncheck the "Remove extra line breaks in plain text messages" checkbox. When this option is turned off, the email message that is sent with the report is formatted correctly.

The following text shows the content of an email that contains the formatting issue:
=============================================
Report scheduled by: admin
Report generated on: 2007-04-04 21:31:19 Report type: System Report Report
description: Test description

=============================================


The following text shows the correct formatting of the email content:
=============================================
Report scheduled by: admin
Report generated on: 2007-04- 04 21:31:19 
Report type: System Report 
Report description: Test description

=============================================

------------------------------------------------------------------------------------
The reporting-related Web pages do not load when you have a database server with a long DBCS host name
------------------------------------------------------------------------------------
The Home page, Monitors page, and Reports page do not load on computers where the database server has a DBCS name that is too long. In this case, ODBC does not register the database correctly, so it does not load the reporting-related pages. If possible, keep names to 15 characters or less. If a shorter name is not possible, to work around this, you can use the Start menu > Symantec Endpoint Protection Manager > Management Server Configuration Wizard and use an IP address for the database server instead of the DBCS host name.

------------------------------------------------------------------------------------
When you log on through a Web browser, reporting tabs might not appear if the Internet Explorer cache is full
------------------------------------------------------------------------------------
If the tabs across the top of the page do not appear when you log onto the Symantec Endpoint Protection Manager reporting functions through a Web browser, try clearing the Internet Explorer temporary files cache. Delete temporary Internet files in Internet Explorer 6 by clicking "Delete Files" under the Temporary Internet files group box on the General tab of the Internet Explorer Tools> Internet Options menu. In Internet Explorer 7, click Delete under Browsing History.

-----------------------------------------
Printing the background colors in reports
-----------------------------------------
You can print the background colors when you print a report. To print background colors, open the Internet Explorer Tools > Internet Options menu. Check the "Print background colors and images" check box on the Advanced tab.

---------------------------------------------------------------------
Site Status report display of memory use on Windows 2000 Server SP3
---------------------------------------------------------------------
On computers that run Windows 2000 Server, Service Pack 3, the Site Status report always shows 0% memory usage.  This error also occurs if you access the Site Status information by clicking Health Status under Site Status on the Symantec Endpoint Protection Manager Console. When you use Symantec Endpoint Protection, this information is located on the Summary tab; if you use only Symantec Network Access Control, this information is located on the Home page. The information appears correctly if the computer runs Service Pack 4.

------------------------------------------------------------------------------------
In a few instances, log entries from an existing 5.x Symantec Sygate Enterprise Protection database might display the wrong details
------------------------------------------------------------------------------------
If an existing Symantec Sygate Enterprise Protection 5.x database is upgraded to this release, in rare cases the wrong details information may display.  This problem only occurs if many client log entries were generated in the database in a very short span of time.

----------------------------------------------------------
Changes in database maintenance options do not take effect
----------------------------------------------------------
After you configure database maintenance options from the Admin > Servers page, on the Database tab of the Site Properties dialog box in the Symantec Endpoint Protection Manager Console, the new options are not picked up by the database maintenance task.  To have the options take effect, you can stop and start the database maintenance task by typing the following URLs in this order from a web browser located on the Symantec Endpoint Protection Manager server:

https://localhost:8443/servlet/ConsoleServlet?ActionType=ConfigServer&action=StopTask&task=AgentSweepingTask

https://localhost:8443/servlet/ConsoleServlet?ActionType=ConfigServer&action=StartTask&task=AgentSweepingTask

Alternatively, you can log out of the console and restart the Symantec Endpoint Protection Manager service from the Task Manager.


====================================================================================

SYMANTEC ENDPOINT PROTECTION MANAGER POLICY
====================================================================================

------------------------------------------------------------------------------------
The last digits of the client install package update version number display as zero in the Symantec Endpoint Protection Manager Console when downloaded from a LiveUpdate server 
------------------------------------------------------------------------------------ 
If you configured LiveUpdate settings in the Symantec Endpoint Protection Manager to download client software update packages, you see that the last digits of the package version number appear as zero in the Symantec Endpoint Protection Manager Console. For example, if the package version number is 11.0.2000.1423, the version number that appears on the Client Install Packages page is 11.0.2000.0. Once the package is deployed to the clients, you can see the package's complete version number in the About box on the clients.

------------------------------------------------------------------------------------
Importing policies with names longer than 255 characters results in empty policy names on the console
------------------------------------------------------------------------------------
If you import a policy, provide a name that is no longer than 255 characters. Using a longer name results in an empty policy name.

------------------------------------------------------------------------------
More than one LiveUpdate session is required to obtain all the content updates
------------------------------------------------------------------------------
Some content may not be downloaded to the Symantec Endpoint Protection Manager computer during the first LiveUpdate session.

To download the missing content, re-run the following command: LUALL

-------------------------------------------------------------------------
Disk full message erroneously appears when downloading LiveUpdate updates
-------------------------------------------------------------------------
If your network environment already supports the proxy servers that are compliant with the HTTP 1.1 protocol or later, you can disregard this entry.

After you have tried to download LiveUpdate for the first time, the following message might appear:

"LU1863: Insufficient free disk space
There is not enough free disk space for LiveUpdate to operate properly. Please free up disk space on your computer and run LiveUpdate again."

You may have insufficient disk space. However, it is much more probable that this message appears in error because the proxy server is unable to send the correct Contents-Length header field.

This error message might appear on Symantec Endpoint Protection Manager, a Symantec Endpoint Protection client, or a Symantec Network Access Control client.

You may want to verify that the disk drive to which you downloaded LiveUpdate has sufficient disk space. If you verified that the disk drive has sufficient space, then most likely a proxy server caused the problem.

If a proxy server receives an HTTP reply that does not include a Content-Length header field, then the above-listed message erroneously appears. The erroneous message appears on the computer on which the LiveUpdate has been downloaded.

The proxy servers that are compliant with HTTP 1.1 protocols automatically include Content-Length header-entity fields. The proxy servers that are compliant with HTTP 1.0 protocols do not automatically include Content-Length header-entity fields.

You may want to ensure that the proxy servers in your network are compliant with the HTTP 1.1. protocol.

See the documentation that accompanies the proxy server for information about how to make a proxy server compliant with HTTP 1.1 protocols.

-------------------------------------------
Replicating LiveUpdate settings
-------------------------------------------
LiveUpdate site settings are not replicated. These settings affect what the Symantec Endpoint Protection Manager downloads and then distributes to clients. These settings include the following:

- Download Schedule for LiveUpdate

- Download Type Setting for LiveUpdate

- Download languages

- LiveUpdate Server Configuration

As a result, if you use replication, manually set LiveUpdate site settings so that they match on each replicating server.

-----------------------------------------------
Setting the retry interval in the LiveUpdate Policy
-----------------------------------------------
LiveUpdate Settings policies contain a LiveUpdate Retry Interval feature that does not work. With a LiveUpdate Settings policy, you can schedule how often clients run LiveUpdate to check for updates from LiveUpdate servers. As part of this scheduling, you can specify a Retry Interval. If a client does not successfully run LiveUpdate at the scheduled time, the Retry Interval tells the client to keep trying to run LiveUpdate for a specified amount of time. If this feature is important to you, the workaround is to update the scheduled frequency with which clients run LiveUpdate with the LiveUpdate Settings policy.

------------------------------------------------------------------------------------
Disabling all managed client content update methods results in no warning to the user of out-of-date content
------------------------------------------------------------------------------------
If a managed client's antivirus and antisypware definitions or Intrusion Prevention signatures are out-of-date and you have disabled all update methods for managed clients in the Symantec Endpoint Protection Manager, then the managed client does not report out-of-date content to the user. Managed client users are not warned in any way that their content is out of date.

---------------------------------------------------------
There is no syntax check on custom Intrusion Prevention signatures
---------------------------------------------------------
There is no syntax check when you create custom IPS signatures in the management console. If the syntax is incorrect, the following message generated by the client appears in the message console on the client:

"FATAL: failed to apply a new IPS Library"

The following error also appears in the client system logs:

"Failed to apply IPS policy."

When you create custom IPS signatures, make sure that you follow the syntax rules in the context-sensitive help. A best practice is to create the rules and then run them in a test environment before you apply them to a production environment.

------------------------------------------------------------------------------
Assignment dialog box for Intrusion Prevention includes incorrect text strings
------------------------------------------------------------------------------
In the management console, when you create a custom Intrusion Prevention signature and elect to assign the signature, the Assign Intrusion Prevention Policy dialog box appears. In that dialog box, references to "Policy" should be "signature."

------------------------------------------------------------------------------------
Custom IPS variables can be deleted even if an IPS signature still uses the variable
------------------------------------------------------------------------------------ 
The Symantec Endpoint Protection Manager lets you delete a custom IPS variable without a warning, even if a signature still uses the variable. 

Before you delete a variable, make sure you have removed it from the content of all signatures in a signature group.

------------------------------------------------------------------------------------
TruScan(tm) Proactive Threat Scan Technology detects a process that runs from a network or mapped drive but the process does not appear in the list of detected processes for centralized exceptions
------------------------------------------------------------------------------------
When a proactive threat scan detects a process that runs from a network or a mapped drive, the event appears in the log on the client computer. However, the management server does not register this event, so the event does not appear in the logs in the management console. You also cannot create an exception for the process because it does not appear in the list of detected processes for centralized exceptions.

-----------------------------------------------------------------------
Setting exclusions for volumes that have mount points and drive letters
----------------------------------------------------------------------- 

On-demand scans
---------------
If you create a security risk exception for folders and files on a Windows mount point or drive, the on-demand scans do not exclude these folders and files when the client scans the volume content on that mount point or drive.

For example, suppose that drive E:\ is mounted to C:\Mount and you create an exception for C:\Mount\Foo\. If the client scans E:\Foo\ or C:\Mount\Foo\, the on-demand scan does not exclude the folder content. And if you create an exception for E:\Foo\ and the client scans C:\Mount\Foo\, the folder content does not get excluded. However, if the client scans E:\Foo\, the on-demand scan does exclude the folder content.

Auto-Protect scans
------------------  
If you create a security risk exception for folders and files on a Windows mount point or drive, the Auto-Protect scans do not exclude the folders and files when the client browses the volume content on that mount point or drive.

For example, if drive E:\ is mounted to C:\Mount and you create an exception for C:\Mount\Foo\, the Auto-Protect scans do not exclude the E:\Foo\ or the C:\Mount\Foo\ folder content.

If an excluded folder or file is a mount point, such as C:\Mount\Foo\, you must manually add the alternate path with the drive letter (such as E:\Foo\) to the Centralized Exceptions policy.

Exchange Server exceptions
-------------------------------------------------------
To find the paths for Exchange Server folder and file exceptions, refer to the following registry locations:

On a 32-bit operating system: HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions

On a 64-bit operating system: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

For more information, refer to the Knowledge Base article at the Technical Support Web site, located at the following URL: www.symantec.com/techsupp/

------------------------------------------------------------------------------------
Using Regedit.exe with Application Control
------------------------------------------------------------------------------------
Application and Device Control Policies let you create Application Control rules. Application Control rules let you block registry keys from being created on client computers. If you create an Application Control rule that blocks all access to HKEY_LOCAL_MACHINE (HKLM) registry entries, and if a user uses Regedit.exe to create a registry entry under HKLM, Redit.exe crashes. This crash happens only on Windows Vista.

------------------------------------------------------------------------------------
Blocking storage volumes with Application and Device Control on 32-bit operating systems
------------------------------------------------------------------------------------
The Application and Device Control Policy blocks storage volumes on Windows XP only and not on the Windows 2000 or Windows Vista operating systems.

----------------------------------------------------------
Blocking PS2 devices by using the setting Human interface Device 
----------------------------------------------------------
The Application and Device Control Policy does not block human interface devices (HIDs) such as PS2 devices. This functionality is by design.

The human interface device blocking functionality works as follows:

- USB block = The USB block blocks a USB mouse. However, a USB keyboard is not blocked.

- HID block = The HID block blocks a mouse. However, a HID keyboard is not blocked.

- If the device has a PS2 connection, nothing is blocked.

------------------------------------------------------------------------------------
Blocking Virtual CD/DVD drives with Application and Device Control Policies
------------------------------------------------------------------------------------
If you configure a rule in an Application and Device Control Policy to block CD/DVD drives, the rule only blocks hardware CD/DVD drives. It does not block virtual CD/DVD drives. The policy blocks the hardware CD/DVD drives by using a GUID. Virtual drives do not have GUIDs.

---------------------------------------------------------------------------------
Using Application and Device Control Policies with Microsoft Vista symlinks
---------------------------------------------------------------------------------
Symbolic links, junctions, or hardware links (available in Windows Vista) cannot be blocked or triggered using Application Control and Device Control Protection. This issue affects Symantec Endpoint Protection users who try to create Application and Device Control Policies that are applied to symbolic links to files, folders, or applications on Windows Vista 32-bit platforms. You know that this problem has occurred if your rules do not trigger.

Do not use symbolic links for clients that run on Vista. Apply Application and Device Control Policy rules directly to a partition or a path.


====================================================================================

SYMANTEC ENDPOINT PROTECTION CLIENT
====================================================================================

-------------------------------------------------------
Auto-Protect repair can cause a crash on Windows Vista
-------------------------------------------------------
On client computers that run Windows Vista, if you select Repair when Auto-Protect notifies you of a risk, the computer might crash. The crash only occurs when Auto-Protect is disabled, risks add unrepairable files to the computer, Auto-Protect is re-enabled, and then you try to repair the files. To prevent the computer from crashing, turn off Quarantine and back up the files first. Then repair the files.

Check Microsoft for the latest information about Vista. A fix will be released to address this issue. See the Microsoft Knowledge Base article 951250.

----------------------------------------------------------------------
Peer-to-Peer authentication clients always display the status "Allowed"
----------------------------------------------------------------------
The Symantec Network Access Control client status field is only used when that client is connected to either an Enforcer appliance or an Integrated Enforcer. The Symantec Network Access Control client displays the status value "Allowed" even when it is not connected to an Enforcer appliance or an Integrated Enforcer. The Symantec Network Access Control client displays "Approved" or "Quarantine" when it is connected to the Enforcer appliance or the Integrated Enforcer and the Host Integrity check has passed or failed, respectively.

The Symantec Network Access Control client has no Traffic log. You can only see the Traffic log on the Symantec Endpoint Protection client. This log appears on both the peer client and on the authenticator client. For the Symantec Network Access Control client, the administrator can check the Enforcer Client log on the Symantec Endpoint Protection Manager to view peer-to-peer authentication behavior.

------------------------------------------------------------------------------
Clients may no longer be able to connect to the Symantec Endpoint Protection Manager after the management server has been disconnected from and reconnected to the network
------------------------------------------------------------------------------
If you create a client installation package while the management server is disconnected from the network, the sylink.xml file that is part of the client installation package no longer includes the IP address of the management server. When you deploy and install this client installation package with a missing IP address in the sylink.xml file, the clients are unable to connect to the management server.

You can set up a domain name service (DNS) server to resolve the management server's IP address based on its host name. If you do not have a DNS server, you can also resolve the management server's IP address based on its host name by mapping the management server's IP address to its host name in the C:\WINDOWS\system32\drivers\etc\hosts file that is located on the client computer.  

----------------------------------------------------------------
Peer-to-peer authentication does not work if client computers use port address translation to connect to the network
---------------------------------------------------------------- 
Some networks use port address translation for TCP or UDP communications made between computers on a private network and computers on a public network. Each computer on the private network uses a different port number of the same IP address to connect to the public network. The public network only receives communications from the single IP address. Peer-to-peer authentication does not work with these modified IP addresses that originate from a single host.

----------------------------------------------------------------
Do not enable peer-to-peer authentication for Symantec Endpoint Protection clients that are on the same computer as Symantec Endpoint Protection Manager
----------------------------------------------------------------
If you install the Symantec Endpoint Protection client with Network Access Control protection on the same computer that runs the Symantec Endpoint Protection Manager, do not enable peer-to-peer authentication in the Firewall Policy for that peer client. If you enable peer-to-peer authentication for the peer client, when the remote clients fail the Host Integrity check, these remote clients can no longer download policies from the management server. 

------------------------------------------------------------------
If you use third-party tools to distribute content updates, or manually apply updates to legacy clients, the update files must be renamed from full.zip to full.dax 
------------------------------------------------------------------
Content update files received from a LiveUpdate server are published by the Symantec Endpoint Protection Manager in a location similar to the following: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{1CD85198-26C6-4bac-8C72-5D34B025DE35}\80219003.

The content updates are copied into a subfolder named full. A compressed archive named full.zip is also created in the same location. In previous releases, a compressed archive named full.dax was also created. Previous versions of Symantec Endpoint Protection client software recognize only content update files named full.dax.

If you use a third-party management tool to distribute content updates to legacy clients, or if you want to manually copy content updates from the management server to legacy clients, you should copy the associated full.zip file to an alternate location. Rename the copied full.zip file to full.dax, and then use the full.dax file to update legacy clients. Clients that run Maintenance Release 2 recognize files named full.zip for content updates.

See the Administration Guide for Symantec Endpoint Protection and Symantec Network Access Control for more information about using third-party management tools.

-------------------------------------------------------------------------------
Patching of the trialware version of the Symantec Endpoint Protection client software is blocked 
--------------------------------------------------------------------------------
If you attempt to patch a trialware version of Symantec Endpoint Protection Maintenance Release 2 client software, the patch is blocked and you see the following misleading error message:

Warning: You are attempting to install trialware version over a licensed copy of Symantec Endpoint Protection.  You must first uninstall the licensed version before installing trialware.

Patching a trialware version of Symantec Endpoint Protection is not supported and will fail.  

----------------------------------------------------------------------------
Symantec Endpoint Protection client fails to notify a user that the ZoneAlarm Security firewall is turned off when running on Windows 2000 Service Pack 4
----------------------------------------------------------------------------
You can use the Symantec Endpoint Protection Manager to enable the ZoneAlarm Security Suite 6.5 firewall as a Host Integrity policy for a Symantec Endpoint Protection client. However, if you turn off this firewall for a client on a computer that runs Windows 2000 Service Pack 4, the Host Integrity check fails to notify user that the firewall protection is off. To provide firewall protection on the client computer, install the Symantec Endpoint Protection client firewall instead of the ZoneAlarm Security Suite 6.5. 

-------------------------------------------------
Control Log on 64-bit clients
-------------------------------------------------
Because Application and Device Control Protection is not available on 64-bit computers, the client Control Log on 64-bit clients contains no data. If you select the Control Log from the View menu on the client, the last log you viewed appears instead of the Control Log.

--------------------------------------------------------------
Default port number may not appear correctly on the System Log
--------------------------------------------------------------
A LiveUpdate Policy that is created and then assigned to a group may display the incorrect default port number. The default port number is 2967. This default port number might appear as 0 in the System Log on the client computer.

-----------------------------------------------------
LiveUpdate Missed Event Options feature on the client does not work
-----------------------------------------------------
The Advanced options for Scheduled Updates contain a feature called Missed Update Options that does not work. The Scheduled Updates feature lets Symantec Endpoint Protection users specify how often to run LiveUpdate to check for updates from LiveUpdate servers. As part of the Scheduling, you can set a retry interval with the Missed Event Options. If a client does not successfully run LiveUpdate at the scheduled time, the client uses the retry interval to keep trying to run LiveUpdate for a specified amount of time. If this feature is important to you, the workaround is to update the scheduled frequency with which clients run LiveUpdate. This setting is located at Change Settings > Client Management Configure Settings > Scheduled Updates (tab) > Advanced.

------------------------------------------------------------------------------------
Using the firewall with a bridged connection
------------------------------------------------------------------------------------
A client computer that uses two network cards and that connects to the same network switch might not be able to communicate if the network uses a bridged connection. When traffic passes through the firewall, the firewall can cause a packet storm so that the network cannot broadcast traffic. If a client computer uses two NIC cards, uses a bridged connection, and cannot communicate, you might need to unbridge the connection.

------------------------------------------------------------------------------------
Notification does not appear on a managed client computer when a proactive threat scan makes a detection and uses an action of "log only"
------------------------------------------------------------------------------------
If you configure proactive threat scan detection notifications to appear on client computers, and if the action for a proactive threat detection is log only, when the scan makes the detection, a popup notification does not appear on a managed client computer. If any other action is configured for the detection, a popup notification always appears on the client computer. In either case, the user can always view the detection information in the Proactive Threat Protection log.

-----------------------------------------------------------------------------------
TruScan proactive threat scan status appears red on the client before LiveUpdate runs
-----------------------------------------------------------------------------------
When you install the client, the TruScan proactive threat scans use LiveUpdate to get its latest content. The Proactive Threat Protection status appears green while the client waits to get its content updates from LiveUpdate. If you run a proactive threat scan before LiveUpdate downloads the latest proactive threat scan content, the TruScan status appears red.

--------------------------------------------
Pop-up blocker not appearing as expected
--------------------------------------------
The pop-up blocker that notifies you of a blocked application might not always appear after each occurrence of a blocked application. This absence of a pop-up might occur in the following situations:

- If you run one application multiple times within a short period.
- If you run the same application multiple times.

------------------------------------------------------------------------------------
Debug log settings apply to Antivirus and Antispyware Protection and Proactive Threat Protection scans
------------------------------------------------------------------------------------
In the Troubleshooting dialog, the debug log settings under the heading "Symantec Endpoint Protection" apply only to Antivirus and Antispyware Protection and Proactive Threat Protection scans.

------------------------------------------------------------------------------------
Tamper Protection user interface setting does not reflect the default on unmanaged clients
------------------------------------------------------------------------------------
By default, on unmanaged clients, Tamper Protection is set to block tampering attempts. When installed on unmanaged clients, the Tamper Protection user interface erroneously shows that Tamper Protection is set to Log only for tampering attempts. If you want Tamper Protection to Log only, click Change settings and then beside Client Management, click Configure Settings. On the Tamper Protection tab, click OK.

------------------------------------------------------------------------------------
If the user attempts to block a protocol driver from the View Network Activity or Application List dialog boxes, the firewall still allows the driver
------------------------------------------------------------------------------------
If the client runs a protocol driver, the driver appears in the Network Activity dialog box and the Application List dialog box. If the user then tries to block the driver from these dialog boxes, the firewall ignores the block action and continues to allow the driver. To work around the problem, the user can create a firewall rule that blocks traffic from the protocol driver.

------------------------------------------------------------------------------------
The Network Access Control-enabled Symantec Endpoint Protection client on Microsoft Vista does not allow access to a remote server
------------------------------------------------------------------------------------
If the Symantec Endpoint Protection client with Network Access Control is installed, the client does not allow the client access to a remote network server. Therefore, if you have Symantec Endpoint Protection clients with Network Access Control that run on Microsoft Vista, you must create a firewall rule on the Symantec Endpoint Protection Manager that allows access to remote servers.

To create the rule:

1. In the Symantec Endpoint Protection Manager Console, click Policies.
2. Under View Policies, click Firewall.
3. Choose the Firewall policy you want to edit.
4. In the Tasks pane, click Edit the Policy.
5. On the Firewall Policy page, click Rules.
6. Click Add Rule.
7. On the Add Firewall Rule Wizard page, click Next.
8. In the Select Rule Type pane, click Network Service, and then click Next.
9. In the Specify Trusted Network Services pane, beside Network Neighborhood Browsing, click the Enabled check box and then click Finish.
10. On the Firewall Policy page, click OK.

------------------------------------------------------------------------------------
If the user or a script runs the password-protected smc command and the supplied password is incorrect, the client incorrectly returns a value of 0
------------------------------------------------------------------------------------
The administrator may require a password for the -stop, -importconfig, and -exportconfig parameters for the smc command. When a user or a script runs the password-protected smc command and the supplied password is wrong, the smc command incorrectly returns an error code of 0, which states that the password was successful. Use a method other than the smc return value to check if the command was successful.

-----------------------------------------------------------------
Red "X" on Status page may indicate limited access to the product
-----------------------------------------------------------------
Restricted users cannot access all aspects of the product. Usually, those items are grayed out, but sometimes they appear with a red X. This does not indicate a problem, but rather limited privileges.

---------------------------------------------------
System standby does not occur after designated time
---------------------------------------------------
You can set up system standby on your computer to occur after a designated time. However, system standby never occurs on the computer on which you installed the client, despite the setting being enabled.

See the documentation that was shipped with your operating system for more information on how to enable system standby.

This problem may occur on all supported platforms on which you can install the client.

If you want to correct this problem on the computer on which you installed the client, you need to manually enable system standby. You can manually enable Standby in the Shutdown Windows dialog box.

See the documentation that was shipped with your operating system for more information on how to manually enable Standby.

------------------------------------------------------------------------------------
Client can no longer communicate with the DHCP server after a client's MAC address has been deleted from the Trusted MAC list on the Symantec Endpoint Protection Manager 
------------------------------------------------------------------------------------ 
If you delete a client's MAC address from the "Trusted MAC" list in the Symantec Endpoint Protection Manager, a DHCP Enforcer's lease prevents a client from connecting to the network. The client cannot communicate with the network until the DHCP server's lease expires or the user executes the following command:

ipconfig /renew

If you want the user to wait for a DHCP server's lease to expire, the user may have to wait for a long time. Administrators may have reset the default setting for lease expiration on a DHCP server from minutes to hours due to bandwidth issues.


====================================================================================

DOCUMENTATION
====================================================================================

---------------------
LATEST DOCUMENTATION
---------------------
The user documentation might be updated between product releases. You can locate the latest user documentation at the following Symantec Technical Support Web sites:

Symantec Endpoint Protection documentation
http://www.symantec.com/enterprise/support/documentation.jsp?pid=54619

Symantec Network Access Control documentation
http://www.symantec.com/enterprise/support/documentation.jsp?pid=52788
--------------------------------------------------------------------------------

-------------------------
INSTALLATION GUIDE
------------------------

--------------------------------------------------
Chapter 2, Planning the installation, has incorrect information about number of clients that are supported with the embedded database
--------------------------------------------------
The topic "About planning the installation and network architecture" mentions that the embedded database included with the Symantec Endpoint Protection Manager supports up to 1,000 clients. The number of clients supported should be 5,000 rather than 1,000.


---------------------
ADMINISTRATION GUIDE
---------------------

----------------------------------------------------------------------------
Chapter 3, Reviewing your group structure, duplicates most of the information in Chapter 4, Setting up groups, users, and computers
----------------------------------------------------------------------------
Chapter 3 is removed from the Administration Guide since it includes most of the same information that is in Chapter 4. Chapter 4 is renamed to Setting up domains, groups, and clients, and includes additional topics on domains. See the latest Administration Guide on the Symantec Technical Support Web site.

----------------------------------------------------------------------------
Chapter 8, Setting up communication notification mechanisms, does not include the correct information
----------------------------------------------------------------------------
Chapter 8 includes the incorrect steps for creating notifications. Chapter 8 is removed from the latest Administration Guide. See the latest guide on the Symantec Technical Support Web site.

--------------------------------------------------------------------------
Chapter 31, Basic Antivirus and Antispyware Policies, is missing some information about Active Scans
--------------------------------------------------------------------------
The following item should be included in Table 31-3, Types of scheduled scans:

Active Scan: Scans the system memory and all the common virus and security risk locations on the computer quickly. The scan includes all processes that run in memory, important registry files, and files such as config.sys and windows.ini. It also includes some critical operating system folders.

----------------------------------------------------------------------------
Chapter 34, Basics of Network Threat Protection, Enabling peer-to-peer authentication settings, does not include complete information about the feature
----------------------------------------------------------------------------
Chapter 34 includes a section called Enabling peer-to-peer-authentication settings, which is missing background information about the feature. Furthermore, you must install Symantec Endpoint Protection Manager with the Symantec Network Access Control component for peer-to-peer authentication to work properly. The following statement, "Note: You can use peer-to-peer network architecture in environments where a wireless infrastructure does not exist or where wireless services are not required" is not relevant and has been removed. See the latest guide on the Symantec Technical Support Web site.

----------------------------------------------------------------------------
Chapter 38, Configuring Application and Device Control, does not include some configuration information
----------------------------------------------------------------------------
Chapter 38 does not cover the configuration of some application control condition options and the actions to be taken when the conditions are met.

See the latest Administration Guide on the Symantec Technical Support Web site for more complete coverage of the Application and Device Control Policy configuration.


-------------
CLIENT GUIDE
-------------

--------------------------------------------------------------------------
Chapter 7, Managing Proactive Threat Protection, does not include description of Proactive Threat Protection
--------------------------------------------------------------------------
The Client Guide includes a chapter called Managing Proactive Threat Protection. The chapter should include a note that explains that the only type of Proactive Threat Protection that you can configure in the client software is TruScan Proactive Threat Scans.

------------------------------
CONSOLE CONTEXT-SENSITIVE HELP
------------------------------

-----------------------------------------------------
The help page for adding or editing a client install package is missing information about zip files
-----------------------------------------------------
In the console, Click Clients, then select a client group. Do one of the following:

- Under Tasks, click Add Client Install Package.
- Select a package, and then under Tasks, click Edit Client Install Package.

In the dialog, on the General tab, click Help. In the description for Download Source, 
the sentence that states "This update must be a single executable file" should be changed to "This update must be a single executable file or zip file."

-------------------------------------------------------------------
The term "Quick" should be "Active" in the help for Scheduled Scans
-------------------------------------------------------------------
In an Antivirus and Antispyware Policy, click Administrator-defined Scans. When you add a scheduled scan, on the Scan Details tab, click Help. The help page describes a Quick scan; the term should be changed to "Active." The description for Active Scan should also include the following text: The scan includes all processes that run in memory, important registry files, and files like config.sys and windows.ini. It also includes some critical operating system folders.

----------------------------------------------------------
The Unapproved Applications dialog box is missing a context-sensitive Help topic
----------------------------------------------------------
In the console, click Clients and then the Policies tab. Click System Lockdown and then click View Unapproved Applications. In the Unapproved Applications dialog box, click Help. The Unapproved Applications dialog box does display a Help topic. 


------------------------------
CLIENT CONTEXT-SENSITIVE HELP
------------------------------

-----------------------------------------------------------------------------
The formula for calculating the time to deploy a client install package to a group is incorrect
-----------------------------------------------------------------------------
In the console, on the Clients page, click the Install Packages tab. Under Tasks, click Add Client Install Package or Edit Client Install Package Properties. In the General upgrade configuration settings dialog, click Help. On the help page, in the Update Schedule description, the formula for the Distribute updates over option is incorrect. The formula should appear as follows:

(Package Size/Server Transfer Rate) * Number of computers

-------------------------------------------------------------------
The Status and Scan for Threats Help pages display an error
-------------------------------------------------------------------
If you press F1 on either the Status or Scan for Threats pages, an error appears instead of a Help topic.


==============================================================================

THIRD-PARTY ISSUES
==============================================================================

------------------------------------------------------------------------------
Symantec Endpoint Protection or Symantec Network Access Control client and a Nortel VPN client both fail to start when installed at the same time with Nortel VPN AutoConnect enabled
------------------------------------------------------------------------------
If a Nortel VPN client and a Symantec Endpoint Protection or Symantec Network Access Control client are installed at the same time and the Nortel AutoConnect feature is enabled, then when the computer is restarted, neither client starts and neither system tray icon appears.

Restarting the computer may resolve the issue. If it does not, then as a workaround, disabling Nortel AutoConnect allows the Symantec Endpoint Protection or Symantec Network Access Control client to start. Because the AutoConnect feature can be enabled by the VPN server, the user may need to disable the AutoConnect feature after every VPN connection.

----------------------------------------------------------
Trend Micro OfficeScan 7.3 conflicts and installation order
----------------------------------------------------------
If you want to run Trend Micro OfficeScan 7.3 with Symantec client software, you must install Trend Micro OfficeScan first, and then install Symantec client software. Otherwise, when the Trend Micro OfficeScan installer detects LiveUpdate, it attempts to uninstall it, fails, and exits.

------------------------------------------------------------------------
The firewall does not work with Google Web Accelerator and Internet Explorer
------------------------------------------------------------------------
The firewall does not work with Google Web Accelerator in combination with Internet Explorer. This issue affects any Symantec Enterprise Protection client that has both Internet Explorer and Google Web Accelerator installed.

The issue occurs when the client computer tries to use a firewall rule to block access to a remote Web site. All platforms are affected.

Symantec Corporation recommends that you avoid using Internet Explorer, Google Web Accelerator, and firewall combinations. No workaround exists for this issue.


==============================================================================

SYMANTEC SOFTWARE LICENSE AGREEMENT
==============================================================================

SYMANTEC SOFTWARE LICENSE AGREEMENT

SYMANTEC CORPORATION AND/OR ITS AFFILIATES ("SYMANTEC") IS WILLING TO LICENSE THE LICENSED SOFTWARE TO YOU AS THE INDIVIDUAL, THE COMPANY, OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE LICENSED SOFTWARE (REFERENCED BELOW AS "YOU" OR "YOUR") ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT ("LICENSE AGREEMENT"). READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE LICENSED SOFTWARE. THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND SYMANTEC. BY OPENING THE LICENSED SOFTWARE PACKAGE, BREAKING THE LICENSED SOFTWARE SEAL, CLICKING THE "I AGREE" OR "YES" BUTTON, OR OTHERWISE INDICATING ASSENT ELECTRONICALLY, OR LOADING THE LICENSED SOFTWARE OR OTHERWISE USING THE LICENSED SOFTWARE, YOU AGREE TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, CLICK THE "I DO NOT AGREE" OR "NO" BUTTON OR OTHERWISE INDICATE REFUSAL AND MAKE NO FURTHER USE OF THE LICENSED SOFTWARE. UNLESS OTHERWISE DEFINED HEREIN, CAPITALIZED TERMS WILL HAVE THE MEANING GIVEN IN THE "DEFINITIONS" SECTION OF THIS LICENSE AGREEMENT AND SUCH CAPITALIZED TERMS MAY BE USED IN THE SINGULAR OR IN THE PLURAL, AS THE CONTEXT REQUIRES.

1.	DEFINITIONS. 

"Content Updates" means content used by certain Symantec products which is updated from time to time, including but not limited to: updated anti-spyware definitions for anti-spyware products; updated antispam rules for antispam products; updated virus definitions for antivirus and crimeware products; updated URL lists for content filtering and antiphishing products; updated firewall rules for firewall products; updated intrusion detection data for intrusion detection products; updated lists of authenticated web pages for website authentication products; updated policy compliance rules for policy compliance products; and updated vulnerability signatures for vulnerability assessment products.

"Documentation" means the user documentation Symantec provides with the Licensed Software.

"License Instrument" means one or more of the following applicable documents which further defines Your license rights to the Licensed Software: a Symantec license certificate or a similar license document issued by Symantec, or a written agreement between You and Symantec, that accompanies, precedes or follows this License Agreement.

"Licensed Software" means the Symantec software product, in object code form, accompanying this License Agreement, including any Documentation included in, or provided for use with, such software or that accompanies this License Agreement.
 
"Support Certificate" means the certificate sent by Symantec confirming Your purchase of the applicable Symantec maintenance/support for the Licensed Software.

"Upgrade" means any version of the Licensed Software that has been released to the public and which replaces the prior version of the Licensed Software on Symantec's price list pursuant to Symantec's then-current upgrade policies.
 
"Use Level" means the license use meter or model (which may include operating system, hardware system, application or machine tier limitations, if applicable) by which Symantec measures, prices and licenses the right to use the Licensed Software, in effect at the time an order is placed for such Licensed Software, as indicated in this License Agreement and the applicable License Instrument.

2.	LICENSE GRANT. Subject to Your compliance with the terms and conditions of this License Agreement, Symantec grants to You the following rights: (i) a non-exclusive, non-transferable (except as stated otherwise in Section 16.1) license to use the Licensed Software solely in support of Your internal business operations in the quantities and at the Use Levels described in this License Agreement and the applicable License Instrument; and (ii) the right to make a single uninstalled copy of the Licensed Software for archival purposes which You may use and install for disaster-recovery purposes (i.e. where the primary installation of the Licensed Software becomes unavailable for use). 

2.1	TERM. The term of the Licensed Software license granted under this License Agreement shall be perpetual (subject to Section 14) unless stated otherwise in Section 17 or unless You have obtained the Licensed Software on a non-perpetual basis, such as, under a subscription or term-based license for the period of time indicated on the applicable License Instrument. If You have obtained the Licensed Software on a non-perpetual basis, Your rights to use such Licensed Software shall end on the applicable end date as indicated on the applicable License Instrument and You shall cease use of the Licensed Software as of such applicable end date. 

3.	LICENSE RESTRICTIONS. You may not, without Symantec's prior written consent, conduct, cause or permit the: (i) use, copying, modification, rental, lease, sublease, sublicense, or transfer of the Licensed Software except as expressly provided in this License Agreement; (ii) creation of any derivative works based on the Licensed Software; (iii) reverse engineering, disassembly, or decompiling of the Licensed Software (except that You may decompile the Licensed Software for the purposes of interoperability only to the extent permitted by and subject to strict compliance under applicable law); (iv) use of the Licensed Software in connection with service bureau, facility management, timeshare, service provider or like activity whereby You operate or use the Licensed Software for the benefit of a third party; (v) use of the Licensed Software by any party other than You; (vi) use of a later version of the Licensed Software other than the version that accompanies this License Agreement unless You have separately acquired the right to use such later version through a License Instrument or Support Certificate; nor (vii) use of the Licensed Software above the quantity and Use Level that have been licensed to You under this License Agreement or the applicable License Instrument.

4.	OWNERSHIP/TITLE. The Licensed Software is the proprietary property of Symantec or its licensors and is protected by copyright law. Symantec and its licensors retain any and all rights, title and interest in and to the Licensed Software, including in all copies, improvements, enhancements, modifications and derivative works of the Licensed Software. Your rights to use the Licensed Software shall be limited to those expressly granted in this License Agreement. All rights not expressly granted to You are retained by Symantec and/or its licensors.

5.	CONTENT UPDATES. If You purchase a Symantec maintenance/support offering consisting of or including Content Updates, as indicated on Your Support Certificate, You are granted the right to use, as part of the Licensed Software, such Content Updates as and when they are made generally available to Symantec's end user customers who have purchased such maintenance/support offering and for such period of time as indicated on the face of the applicable Support Certificate. This License Agreement does not otherwise permit You to obtain and use Content Updates. 

6.	UPGRADES/CROSS-GRADES. Symantec reserves the right to require that any upgrades (if any) of the Licensed Software may only be obtained in a quantity equal to the number indicated on the applicable License Instrument. An upgrade to an existing license shall not be deemed to increase the number of licenses which You are authorized to use. Additionally, if You upgrade a Licensed Software license, or purchase a Licensed Software license listed on the applicable License Instrument to cross-grade an existing license (i.e. to increase its functionality, and/or transfer it to a new operating system, hardware tier or licensing meter), then Symantec issues the applicable Licensed Instrument based on the understanding that You agree to cease using the original license. Any such license upgrade or cross-grade is provided under Symantec's policies in effect at the time of order. This License Agreement does not separately license You for additional licenses beyond those which You have purchased, and which have been authorized by Symantec as indicated on the applicable License Instrument.

7.	LIMITED WARRANTY.

7.1. 	MEDIA WARRANTY. If Symantec provides the Licensed Software to You on tangible media, Symantec warrants that the magnetic media upon which the Licensed Software is recorded will not be defective under normal use, for a period of ninety (90) days from delivery. Symantec will replace any defective media returned to Symantec within the warranty period at no charge to You. The above warranty is inapplicable in the event the Licensed Software media becomes defective due to unauthorized use of the Licensed Software. THE FOREGOING IS YOUR SOLE AND EXCLUSIVE REMEDY FOR SYMANTEC'S BREACH OF THIS WARRANTY.

7.2.	PERFORMANCE WARRANTY. Symantec warrants that the Licensed Software, as delivered by Symantec and when used in accordance with the Documentation, will substantially conform to the Documentation for a period of ninety (90) days from delivery. If the Licensed Software does not comply with this warranty and such non-compliance is reported by You to Symantec within the ninety (90) day warranty period, Symantec will do one of the following, selected at Symantec's reasonable discretion: either (i) repair the Licensed Software, (ii) replace the Licensed Software with software of substantially the same functionality, or (iii) terminate this License Agreement and refund the relevant license fees paid for such non-compliant Licensed Software. The above warranty specifically excludes defects resulting from accident, abuse, unauthorized repair, modifications or enhancements, or misapplication. THE FOREGOING IS YOUR SOLE AND EXCLUSIVE REMEDY FOR SYMANTEC'S BREACH OF THIS WARRANTY.  

8.	WARRANTY DISCLAIMERS. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE WARRANTIES SET FORTH IN SECTIONS 7.1 AND 7.2 ARE YOUR EXCLUSIVE WARRANTIES AND ARE IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. SYMANTEC MAKES NO WARRANTIES OR REPRESENTATIONS THAT THE LICENSED SOFTWARE, CONTENT UPDATES OR UPGRADES WILL MEET YOUR REQUIREMENTS OR THAT OPERATION OR USE OF THE LICENSED SOFTWARE, CONTENT UPDATES, AND UPGRADES WILL BE UNINTERRUPTED OR ERROR-FREE. YOU MAY HAVE OTHER WARRANTY RIGHTS, WHICH MAY VARY FROM STATE TO STATE AND COUNTRY TO COUNTRY.

9.	LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL SYMANTEC OR ITS LICENSORS, RESELLERS, SUPPLIERS OR AGENTS BE LIABLE TO YOU FOR (i) ANY COSTS OF PROCUREMENT OF SUBSTITUTE OR REPLACEMENT GOODS AND SERVICES, LOSS OF PROFITS, LOSS OF USE, LOSS OF OR CORRUPTION TO DATA, BUSINESS INTERRUPTION, LOSS OF PRODUCTION, LOSS OF REVENUES, LOSS OF CONTRACTS, LOSS OF GOODWILL, OR ANTICIPATED SAVINGS OR WASTED MANAGEMENT AND STAFF TIME; OR (ii) ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES WHETHER ARISING DIRECTLY OR INDIRECTLY OUT OF THIS LICENSE AGREEMENT, EVEN IF SYMANTEC OR ITS LICENSORS, RESELLERS, SUPPLIERS OR AGENTS HAS BEEN ADVISED SUCH DAMAGES MIGHT OCCUR. IN NO CASE SHALL SYMANTEC'S LIABILITY EXCEED THE FEES YOU PAID FOR THE LICENSED SOFTWARE GIVING RISE TO THE CLAIM. NOTHING IN THIS AGREEMENT SHALL OPERATE SO AS TO EXCLUDE OR LIMIT SYMANTEC'S LIABILITY TO YOU FOR DEATH OR PERSONAL INJURY ARISING OUT OF NEGLIGENCE OR FOR ANY OTHER LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED BY LAW. THE DISCLAIMERS AND LIMITATIONS SET FORTH ABOVE WILL APPLY REGARDLESS OF WHETHER OR NOT YOU ACCEPT THE LICENSED SOFTWARE, CONTENT UPDATES OR UPGRADES.

10.		MAINTENANCE/SUPPORT. Symantec has no obligation under this License Agreement to provide maintenance/support for the Licensed Software. Any maintenance/support purchased for the Licensed Software is subject to Symantec's then-current maintenance/support policies. 

11.	SOFTWARE EVALUATION. If the Licensed Software is provided to You for evaluation purposes and You have an evaluation agreement with Symantec for the Licensed Software, Your rights to evaluate the Licensed Software will be pursuant to the terms of such evaluation agreement. If You do not have an evaluation agreement with Symantec for the Licensed Software and if You are provided the Licensed Software for evaluation purposes, the following terms and conditions shall apply. Symantec grants to You a nonexclusive, temporary, royalty-free, non-assignable license to use the Licensed Software solely for internal non-production evaluation. Such evaluation license shall terminate (i) on the end date of the pre-determined evaluation period, if an evaluation period is pre-determined in the Licensed Software or (ii) sixty (60) days from the date of Your initial installation of the Licensed Software, if no such evaluation period is pre-determined in the Licensed Software ("Evaluation Period"). The Licensed Software may not be transferred and is provided "AS IS" without warranty of any kind. You are solely responsible to take appropriate measures to back up Your system and take other measures to prevent any loss of files or data. The Licensed Software may contain an automatic disabling mechanism that prevents its use after a certain period of time. Upon expiration of the Licensed Software Evaluation Period, You will cease use of the Licensed Software and destroy all copies of the Licensed Software. All other terms and conditions of this License Agreement shall otherwise apply to Your evaluation of the Licensed Software as permitted herein. 

12.	U.S. GOVERNMENT RESTRICTED RIGHTS. The Licensed Software is deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Licensed Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Licensed Software or Commercial Computer Licensed Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software by the U.S. Government shall be solely in accordance with the terms of this License Agreement.

13.	EXPORT REGULATION. You acknowledge that the Licensed Software and related technical data and services (collectively "Controlled Technology") are subject to the import and export laws of the United States, specifically the U.S. Export Administration Regulations (EAR), and the laws of any country where Controlled Technology is imported or re-exported. You agree to comply with all relevant laws and will not to export any Controlled Technology in contravention to U.S. law nor to any prohibited country, entity, or person for which an export license or other governmental approval is required. All Symantec products, including the Controlled Technology are prohibited for export or re-export to Cuba, North Korea, Iran, Syria and Sudan and to any country subject to relevant trade sanctions. You hereby agree that You will not export or sell any Controlled Technology for use in connection with chemical, biological, or nuclear weapons, or missiles, drones or space launch vehicles capable of delivering such weapons.

14.	TERMINATION. This License Agreement shall terminate upon Your breach of any term contained herein. Upon termination, You shall immediately stop using and destroy all copies of the Licensed Software. 

15.	SURVIVAL. The following provisions of this License Agreement survive termination of this License Agreement: Definitions, License Restrictions and any other restrictions on use of intellectual property, Ownership/Title, Warranty Disclaimers, Limitation of Liability, U.S. Government Restricted Rights, Export Regulation, Survival, and General.

16.	GENERAL.

16.1.	ASSIGNMENT. You may not assign the rights granted hereunder or this License Agreement, in whole or in part and whether by operation of contract, law or otherwise, without Symantec's prior express written consent.

16.2.	COMPLIANCE WITH APPLICABLE LAW. You are solely responsible for Your compliance with, and You agree to comply with, all applicable laws, rules, and regulations in connection with Your use of the Licensed Software.  

16.3.	AUDIT. An auditor, selected by Symantec and reasonably acceptable to You, may, upon reasonable notice and during normal business hours, but not more often than once each year, inspect Your records and deployment in order to confirm that Your use of the Licensed Software complies with this License Agreement and the applicable License Instrument. Symantec shall bear the costs of any such audit, except where the audit demonstrates that the Manufacturer's Suggested Reseller Price (MSRP) value of Your non-compliant usage exceeds five percent (5%) of the MSRP value of Your compliant deployments. In such case, in addition to purchasing appropriate licenses for any over-deployed Licensed Software, You shall reimburse Symantec for the auditor's reasonable actual fees for such audit.

16.4.	GOVERNING LAW; SEVERABILITY; WAIVER. If You are located in North America or Latin America, this License Agreement will be governed by the laws of the State of California, United States of America. If you are located in China, this License Agreement will be governed by the laws of the Peoples Republic of China. Otherwise, this License Agreement will be governed by the laws of England. Such governing laws are exclusive of any provisions of the United Nations Convention on Contracts for Sale of Goods, including any amendments thereto, and without regard to principles of conflicts of law. If any provision of this License Agreement is found partly or wholly illegal or unenforceable, such provision shall be enforced to the maximum extent permissible, and remaining provisions of this License Agreement shall remain in full force and effect. A waiver of any breach or default under this License Agreement shall not constitute a waiver of any other subsequent breach or default.

16.5.	THIRD PARTY PROGRAMS. This Licensed Software may contain third party software programs ("Third Party Programs") that are available under open source or free software licenses. This License Agreement does not alter any rights or obligations You may have under those open source or free software licenses. Notwithstanding anything to the contrary contained in such licenses, the disclaimer of warranties and the limitation of liability provisions in this License Agreement shall apply to such Third Party Programs.  

16.6.	CUSTOMER SERVICE. Should You have any questions concerning this License Agreement, or if You desire to contact Symantec for any reason, please write to: (i) Symantec Enterprise Customer Care, 555 International Way, Springfield, Oregon 97477, U.S.A., (ii) Symantec Enterprise Customer Care Center, PO BOX 5689, Dublin 15, Ireland, or (iii) Symantec Enterprise Customer Care, 1 Julius Ave, North Ryde, NSW 2113, Australia. 

16.7.	ENTIRE AGREEMENT. This License Agreement and any related License Instrument are the complete and exclusive agreement between You and Symantec relating to the Licensed Software and supersede any previous or contemporaneous oral or written communications, proposals, and representations with respect to its subject matter. This License Agreement prevails over any conflicting or additional terms of any purchase order, ordering document, acknowledgement or confirmation or other document issued by You, even if signed and returned. This License Agreement may only be modified by a License Instrument that accompanies or follows this License Agreement.

17.	ADDITIONAL TERMS AND CONDITIONS. Your use of the Licensed Software is subject to the terms and conditions below in addition to those stated above.

17.1.	You may use the Licensed Software for the number of licensed User(s) and at the Use Levels as have been licensed to You by Symantec herein and as indicated in the applicable License Instrument. Your License Instrument shall constitute proof of Your right to make and use such copies. For purposes of this License Agreement, "User(s)" means an individual person and/or device authorized by You to use and/or benefits from the use of the Licensed Software, or is the person and/or device who actually uses any portion of the Licensed Software.

17.2.	Notwithstanding anything to the contrary contained in this License Agreement, if the Licensed Software is Symantec Endpoint Protection, each running instance (physical and/or virtual) of such Software must be licensed. You create an "instance" of software by executing the software's setup or install procedure. You also create an "instance" of software by duplicating an existing instance. References to software include "instances" of the software. You "run an instance" of software by loading it into memory and executing one or more of its instructions. Once running, an instance is considered to be running (whether or not its instructions continue to execute) until it is removed from memory.

17.3.	Privacy; Data Protection. From time to time, the Licensed Software may collect certain information from the device on which it is installed, which may include:

(i)	Information regarding installation of the Licensed Software.  This information indicates to Symantec whether installation of the Licensed Software was successfully completed and is collected by Symantec for the purpose of evaluating and improving Symantec's product installation success rate.  This information will not be correlated with any personally identifiable information.

(ii)	Information on potential security risks as well as URLs of websites visited that the Licensed Software deems potentially fraudulent.  This information is collected by Symantec for the purpose of evaluating and improving the ability of Symantec's products to detect malicious behavior, potentially fraudulent websites and other Internet security risks.  This information will not be correlated with any personally identifiable information.
 
(iii)	Portable executable files that are identified as malware.  These files are submitted to Symantec using the Licensed Software's automatic submission function.  The collected files could contain personally identifiable information that has been obtained by the malware without your permission.  Files of this type are being collected by Symantec only for the purpose of improving the ability of Symantec's products to detect malicious behavior.  Symantec will not correlate these files with any personally identifiable information.  Such automatic submission function may be deactivated after installation by following the instructions in the Documentation for applicable products.

(iv)	The name given during initial setup to the device on which the Licensed Software is being installed.  If collected, the name will be used by Symantec as an account name for such device under which you may elect to receive additional services and/or under which you may use certain features of the Licensed Software.  You may change the account name at any time after installation of the Licensed Software (recommended).

(v)	The International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) for the mobile telecommunications device used with the Licensed Software.  This information is being collected for the purpose of being able to identify the telecommunications device eligible to receive Content Updates for the Licensed Software.  This information will not be correlated with any other personally identifiable information.

(vi)	Other information used for purposes of analyzing and improving the functionality of Symantec's products.  This information will not be correlated with any personally identifiable information.

The collected information as set out above is necessary for the purpose of optimizing the functionality of Symantec's products and may be transferred to the Symantec group in the United States or other countries that may have less protective data protection standards than the region in which You are situated (including the European Union), but Symantec has taken steps so that the collected information, if transferred, receives an adequate level of protection. Symantec may disclose the collected information if asked to do so by a law enforcement official as required or permitted by law or in response to a subpoena or other legal process.  In order to promote awareness, detection and prevention of Internet security risks, Symantec may share certain information with research organizations and other security software vendors.  Symantec may also use statistics derived from the information to track and publish reports on security risk trends. By using the Licensed Software, you acknowledge and agree that Symantec may collect, transmit, store, disclose and analyze such information for these purposes.

Certain features such as the Symantec Endpoint Protection Manager and the Gateway Enforcer may collect and store, on the customer side only, certain personally identifiable information such as user name, as well as non-personally identifiable information, which could be combined with personally identifiably information by You, subject to the terms of Your privacy policy. This information is not transmitted to or stored by Symantec, unless You voluntarily provide such information.

====================================================================================
END OF FILE
====================================================================================