Video Screencast Help

SEP 12.1.2/Windows 8: Not installing

Created: 10 Apr 2013 • Updated: 11 Apr 2013 | 9 comments
MIXIT's picture
This issue has been solved. See solution.

Win8 is not installing the client via any means whatsoever.  This should be a very simple install since this system is a fresh build with hardly anything on it. 

I'm using a saved setup.exe package from SEPM, that I havce manually copied to the Win8 machine and am running it locally.  The account I'm logged in with is an admin, although even for the sake of doing it, I right clicked and choose that Run As Administraor option. 

Side note:  after all these years, I still never have no idea why people say you have to Run As Administrator, if you're already logged in as an admin.  Never took the time to find out.  Anybody know? :)

Application event log shows Event ID 10005, which states that the Symantec install detected pending system changes that require a reboot and to reboot and then re-run the install.  I reboot, re-run setup, same routine over and over.  About 6 reboots now with no change.  Next I will try the full DVD install method instead of this setup.exe SEPM package stuff. 

There are other Application log events but they are all extremeley generic, such as  "installation failed" for SEP (ID 11708 I think).  no cause, no reason, not even a hint but I suspect they all trace back to that 10005 above as the root cause.  However, what those "pending system changes" are, I have no idea. 

I have Office 2013, and SSR 2013 installed, and all have finished and hav ebeen running for over a week without errors of their own.  The SSR instlal has finished it's post-reboot routine of configuring a backup job etc. 

So this leaves me questioning the compatibiliuty of Win8 and SEP 12.1.2.  And yes, I know, ofiically it is supported but since 12.1.2 is the first version to officially support Windows 8 means it's like having version 1.0 of the Win8/SEP12.1.2 duo, so there are likely bugs and other issues. 

So are there perhaps any caveats for Win8 and SEP 12.1.2?  For example for SEP 11, even though the installer itself never told you, you always had to disable Simple File Sharing.  Maybe 12.1.2 has something like that that I don't know of?  I will go find the release notes and read them again but I find it very helpful to ask those with real experiences to share. 

Thank you. 

Operating Systems:

Comments 9 CommentsJump to latest comment

ᗺrian's picture

Try this:

Symantec Endpoint Protection client fails to install to recently updated Windows 8 computers

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH203996 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2013-03-18 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2013-04-09 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL

Disable Windows Defender and remove KB2781197

Or atleast we can rule this issue out if not it.

Can you post SEP_INST.log file?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

iamadmin's picture

Thanks Brian, this one helped me out buddy!!


Rafeeq's picture

post the SEP_inst.log file.

seems to be known issue as Brian mentioned.

Mithun Sanghavi's picture


When was the Last time you restarted the machine? I would suggest you to restart the machine and check again.

Could you post us the SEP_Inst.log?

Secondly, try running the SymHelp Utility which may assist you to understand the basic issues.

Again, there is a known issue, Symantec Endpoint Protection client fails to install to recently updated Windows 8 computers. Please refer to below technote for more details. Check whether you are having the same issue.

You can work around this problem using one of the following:

  • Disable Windows Defender before installing the SEP client
  • Remove KB2781197 before installing the SEP client

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Nosvarato's picture

There seems to be something about Windows 8 not removing the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations" key properly after a reboot (seems to be related to older programs that isn't completely UAC/Windows 8 aware)

SEP does read this key to check if a system restart is required

Here's the link for the work around wink

MIXIT's picture

Hi all.  I will check into that workaround tomorrow, my schedule is full for the rest of today.  But thank you and when I do review the info I'll post back here and include the install log.  I had (as a habit) already disabled Windows Defender (turning it Off, within Defnder > Settings - as opposed to disabling the service or uninstalling the program which I used to do on older versions of Windows). I didn't know about the KB. 

But the fact thta it's a known issue is comfort enough for me as I know it'll eventually be fixed permanently.  I'll post back tomorrow with results.

Thanks guys. 

MIXIT's picture

Ok I am uninstalling KB2781197 now. 

Just disabling Windows Defender alone doesn't appear to change anything, at least by way of disabling it via the actual Windows Defender UI itself.  I had also tried killing the Msmpeng.exe (I think it was) process itself but it won't let me, no option to Start/Stop the service nor to End Process.  Not sure if this is one of those Run As Administrator type situations, or maybe Win8 just has better tamper protection on certain services. 

Anyway, I will still look through Nosvarato's suggestion as well, but wanted to update the thread to start the day off. 

Also FYI, the quickest way for me to generate that "install can't run because you need to reboot first" thing is to just try to install an Unmanged client via the SEP DVD source files rather than a SEPM package.  After a reboot, I don't get that message, but then the install still fails, and upon next running thtat same install, I do again get the reboot alert. 

Will post back shortly. 

MIXIT's picture

Ok so removing kb2781197 (an optional Windows Update covering the MS Antimalware Platform Engine - FYI to anybody else reading this that didn't know) allowed me to install the SEP client.  Interestingly and this may only b ea Windows 8 thing, I needed two reboots to finish the install.   Usually NTP is disabled at first, you reboot once, and it is enabled.  This time, the client came up, ran LiveUpdate on it's own (SEPM package was the installer) and then alerted me that it thought the Firewall was corrupt, so it asked for another reboot, which afterwards showed things as being ok. 

Now, I can't communicate to my SEPM server from either this Win8 machine, no my WinXP machine, and yet my Win7 laptop can? 

I'll make another post. 

Because I was able to get around the issue, for now I won't look into Nosvarato's suggestion unless of course something else ges wrong with this Win8 thing.  Thank you all for your help! 

PS:  Should I still post the SEP install log for escalation review or something, or is that worth anybody's time at this point? 

ᗺrian's picture

SEP_INST.log only shows the install and won't be of any help in troubleshooting the communication issue.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.