Video Screencast Help

failed to start

Created: 05 Oct 2012 • Updated: 06 Dec 2012 | 8 comments
This issue has been solved. See solution.

Error : 1920, "SepMasterService" failed to start the Symantec endpoint Service.

Comments 8 CommentsJump to latest comment

hj1979's picture

Also try following article

Symantec AntiVirus: "Error 1920". "The Service failed to start. Verify that you have sufficient privileges to start system services."

Hope it can helpful to you
Syed saied's picture

This issue is occured while installing the SEP Client. error attached here

Thanks In Advance...

Syed Saied

If the suggestion has helped to solve your problem, please mark the post as a solution

Mithun Sanghavi's picture


What version of SEP 11.x are you running? OR Are you running SEP 12.1 ?

What OS are is this issue occurying on?

Could you upload us the SEP_Inst.log from %temp%?

Also, try the steps below:

  • Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
  • Select and right click SMC and choose Permission from the drop down menu
  • In permissions add the User, Administrator and SYSTEM with full permission
  • Reboot the machine

Try again installing SEP.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ashish-Sharma's picture

 Resolution 1

  1. Click Start
  2. Click Run.
  3. Type regedit
  4. Click OK.
  5. Navigate to the following subkeys:
    • HKEY_LOCAL_MACHINE\Software\Intel
    • HKEY_LOCAL_MACHINE\Software\Symantec
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
  6. For each of these keys, ensure that "Administrator", "Administrators" and "System" have Full Control.

Warning: If all of the groups: "Administrator", "Administrators" and "System" have Full Control, DO NOT CHANGE ANYTHING, instead proceed to Resolution 2.

Resolution 2
The Trusted Publishers Properties must have "Allow the following users to Select Trusted publishers" configured to "End Users." To change this setting follow the below steps:

  1. Go to Default Domain Controller Security Settings> Software Restriction Policies> Trusted publishers
  2. Change the settings from "Enterprise Administrators" to "End Users."
    • This sets AuthenticodeFlags = 0 under the following registry locations.
      • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer\AuthenticodeFlags
      • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Safer\AuthenticodeFlags
      • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer\AuthenticodeFlags
  3. Perform the following: gpupdate /force, to force a refresh of the Group Policy on the AD Server.
  • Resolution 3
    If the CustomSD entry for the Application Eventlog has been modified, then the "Symantec Settings Manager" will not be able to read/write to that Application Eventlog.

    Please read and follow the directions in the following Microsoft document to ensure that the CustomSD entry for the Application Eventlog is set to default:
    "How to set event log security locally or by using Group Policy in Windows Server 2003" at URL:

Thanks In Advance

Ashish Sharma

22Aug's picture


Did you check the permission on the service? Are you logged in as with less previlege?

hj1979's picture

Syed- our issue close or still pending?