Video Screencast Help

12.1 RU2 will not install on fully patched Windows 8 machine

Created: 15 Mar 2013 • Updated: 15 Mar 2013 | 23 comments

Never had a problem till this past patch Tuesday. Windows 8 machines with endpoint already installed seem fine. But new Windows 8 machines that are fully patched cause the install to rollback. On a unpatched system it installs fine.  Also cleanwipe does not work on a fully patched machine throwing a CSIDL error. This looks bad. Can anyone try this on a fully patched Windows 8 machine. Happens on both x86 and x64 boxes. I opened a ticket with Symantec at 8 am and they have yet to call me back.

I attached the install log.

Operating Systems:

Comments 23 CommentsJump to latest comment

W007's picture

how many system having problem?
Can u paste sep_inst log ?
Good to hear yu have raised the ticket but symantec support monday to friday.
You can wait for till call back.

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

anthonymel's picture

I did attach the log. Every machine that is fully patched. So clean install then fully patch it. Then try to install endpoint. It will rollback. It even happens on a VM.

I waited 8 hours for a four hour callback window.

pete_4u2002's picture

you may call up the tech support number.

Which all patches were installed this week, can you uninstall one by one ( if multiple patches) and let know if the install is successful.

anthonymel's picture

Ok I got it to install fine after removing two updates from this weeks's patches. Updates KB2781197 and KB2811660 are the two that cause the rollback. I think it's more of the 1197 update since it has to do with defender. Once I got endpoint to install I could install both updates and endpoint would continue working fine.

This problem is a bad one since it involves MS and with Symantec days away from releasing an update this could means months before a resolution is found. That means tons of forum posts about this issue from unknowing admins who did the right thing by fully patching windows before imaging.

Im going to start a thread over at MS but last time it took around a month or before it was aknowledge.

SebastianZ's picture

Best bet to open a case with Symantec support as well - especially the SEP install is working fine before applying the MS patch - is something Symantec team should have a look at.

anthonymel's picture

I attempted to update my case with the information I found.  However, I could not speak to an engineer.  They will supposedly call me back in two hours.  I hope they do.  If anyone here works for Symantec and would like to update my case it's 03907494.  Ignore the case name about CleanWipe I don't know why the tech decided to name it that.

SameerU's picture


Can you please post the SEP_Install logs of the system ?


anthonymel's picture

I like how Symantec has yet to call me back.  I'm paying for great service here.

pereiraashley's picture


Symantec is aware of this issue.

Please refer to below technote for more details

anthonymel's picture

I see the technote has disappeared. Has there been a resolution to this problem?

ᗺrian's picture

It should be updated with the solution. Perhaps it is down for editing at the moment.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

anthonymel's picture

I saw Microsoft expire the update tonight so I hope there is a fix or something tomorrow.

ᗺrian's picture

I've got to believe something will be done one way or another.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

anthonymel's picture

I just noticed that Microsoft released another update with the same KB that again seems to break this.  This time it's labeled Update for Windows 8.  Last time it was called Security Update for Windows 8. 

I thought 12.1.2 RU2 MP1 fixed this?

DanyTM's picture

This issue not resolved in 12.1.2 RU2 MP1, you must uninstall the updates KM2781197 and KB2811660.

SameerU's picture


Can you please try installing the liveupdate and then run setup.exe


A. Wesker's picture

Hi Anthonymel,

Would it be possible that you upload a log called SIS_inst.log please ?

It should be located on %\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015\Data\Install\Logs\

It will provide further information why your install doesn't work/rolls back.

Kind Regards,

A. Wesker

Mithun Sanghavi's picture


This problem is fixed in the Latest version of Symantec Endpoint Protection 12.1 Release Update 3 (12.1 RU3) which has been released on June 6 2013.

New fixes and features in Symantec Endpoint Protection 12.1.3

After applying Microsoft update KB2781197 to a Windows 8 computer, the Symantec Endpoint Protection client installer fails

Fix ID: 3123310

Solution: For installations on Windows 8, removed the option to enable/disable Windows Defender after install, as this is no longer supported. Windows Security Center (WSC) will automatically disable Windows Defender when Symantec Endpoint Protection registers with WSC.

For information on how to obtain the latest build of Symantec Endpoint Protection, read ‘Obtaining the latest version of Symantec Endpoint Protection or Symantec Network Access Control

For more - Check these BLOG's:

1) Latest Symantec Endpoint Protection Released - SEP 12.1.RU3

2) What's new with Latest Symantec Endpoint Protection SEP 12.1.RU3

3) Knowledgebase Articles for Symantec Endpoint Protection 12.1. RU3

4) Knowledgebase Articles for Symantec Endpoint Protection SBE 12.1. RU3

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

John Santana's picture

Thanks for sharing the article Mithun.

Kind regards,

John Santana
IT Professional


Please be nice to me as I'm newbie in this forum.

Ambesh_444's picture

Really great article mithun,

Mithun could you please help me.

Q- what is difference between device ID and class ID.

Thank& Regards,


"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

SameerU's picture


Symantec has released new version of SEP 12.1.3 which has resolved the reported issue.