Endpoint Protection

Never had a problem till this past patch Tuesday. Windows 8 machines with endpoint already installed seem fine. But new Windows 8 machines that are fully patched cause the install to rollback. On a unpatched system it installs fine.  Also cleanwipe does not work on a fully patched machine throwing a CSIDL error. This looks bad. Can anyone try this on a fully patched Windows 8 machine. Happens on both x86 and x64 boxes. I opened a ticket with Symantec at 8 am and they have yet to call me back.

I attached the install log.

hello, how many system having problem? Can u paste sep_inst log ? Good to hear yu have raised the ticket but symantec support monday to friday. You can wait for till call back.

I did attach the log. Every machine that is fully patched. So clean install then fully patch it. Then try to install endpoint. It will rollback. It even happens on a VM.

I waited 8 hours for a four hour callback window.

you may call up the tech support number.

Which all patches were installed this week, can you uninstall one by one ( if multiple patches) and let know if the install is successful.

Ok I got it to install fine after removing two updates from this weeks's patches. Updates KB2781197 and KB2811660 are the two that cause the rollback. I think it's more of the 1197 update since it has to do with defender. Once I got endpoint to install I could install both updates and endpoint would continue working fine.

This problem is a bad one since it involves MS and with Symantec days away from releasing an update this could means months before a resolution is found. That means tons of forum posts about this issue from unknowing admins who did the right thing by fully patching windows before imaging.

Im going to start a thread over at MS but last time it took around a month or before it was aknowledge.

Best bet to open a case with Symantec support as well - especially the SEP install is working fine before applying the MS patch - is something Symantec team should have a look at.

I attempted to update my case with the information I found.  However, I could not speak to an engineer.  They will supposedly call me back in two hours.  I hope they do.  If anyone here works for Symantec and would like to update my case it's 03907494.  Ignore the case name about CleanWipe I don't know why the tech decided to name it that.

Hi

Can you please post the SEP_Install logs of the system ?

Regards

 

I did in my first post.  But here it is again.

I like how Symantec has yet to call me back.  I'm paying for great service here.

Hi,

Symantec is aware of this issue.

Please refer to below technote for more details

http://www.symantec.com/docs/TECH203996

Great to see a formal ticket opened.

I see the technote has disappeared. Has there been a resolution to this problem?

It should be updated with the solution. Perhaps it is down for editing at the moment.

I saw Microsoft expire the update tonight so I hope there is a fix or something tomorrow.

I've got to believe something will be done one way or another.

I just noticed that Microsoft released another update with the same KB that again seems to break this.  This time it's labeled Update for Windows 8.  Last time it was called Security Update for Windows 8. 

I thought 12.1.2 RU2 MP1 fixed this?

Hi

Can you please try installing the liveupdate and then run setup.exe

Regards

 

This issue not resolved in 12.1.2 RU2 MP1, you must uninstall the updates KM2781197 and KB2811660.

Hi Anthonymel,

Would it be possible that you upload a log called SIS_inst.log please ?

It should be located on %\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015\Data\Install\Logs\

It will provide further information why your install doesn't work/rolls back.

Kind Regards,

A. Wesker

Hello,

This problem is fixed in the Latest version of Symantec Endpoint Protection 12.1 Release Update 3 (12.1 RU3) which has been released on June 6 2013.

New fixes and features in Symantec Endpoint Protection 12.1.3

http://www.symantec.com/docs/TECH206828

After applying Microsoft update KB2781197 to a Windows 8 computer, the Symantec Endpoint Protection client installer fails

Fix ID: 3123310

Solution: For installations on Windows 8, removed the option to enable/disable Windows Defender after install, as this is no longer supported. Windows Security Center (WSC) will automatically disable Windows Defender when Symantec Endpoint Protection registers with WSC.

For information on how to obtain the latest build of Symantec Endpoint Protection, read ‘Obtaining the latest version of Symantec Endpoint Protection or Symantec Network Access Control’

For more - Check these BLOG's:

1) Latest Symantec Endpoint Protection Released - SEP 12.1.RU3

https://www-secure.symantec.com/connect/blogs/latest-symantec-endpoint-protection-released-sep-121ru3

2) What's new with Latest Symantec Endpoint Protection SEP 12.1.RU3

https://www-secure.symantec.com/connect/blogs/whats-new-latest-symantec-endpoint-protection-sep-121ru3

3) Knowledgebase Articles for Symantec Endpoint Protection 12.1. RU3

https://www-secure.symantec.com/connect/blogs/knowledgebase-articles-symantec-endpoint-protection-121-ru3

4) Knowledgebase Articles for Symantec Endpoint Protection SBE 12.1. RU3

https://www-secure.symantec.com/connect/blogs/knowledgebase-articles-symantec-endpoint-protection-sbe-121-ru3

Hope that helps!!

Thanks for sharing the article Mithun.

Really great article mithun,

Mithun could you please help me.

Q- what is difference between device ID and class ID.

Hi

Symantec has released new version of SEP 12.1.3 which has resolved the reported issue.

Regards