Video Screencast Help

What does Restart Required mean to a SEP11 client? Does it affect performance?

Created: 21 Oct 2009 • Updated: 05 Jul 2010 | 10 comments
This issue has been solved. See solution.

My company is currently using SAV 10.x and will be moving to SEP 11 MR5 over the next few months.  We've been testing the installation of the SEP 11 client and found that when moving from an existing SAV 10.x client to the newer SEP 11 client the PC reports "Yes" in the "Restart Required" field within the console.  Once the PC is rebooted the flag appears to be removed.  I should note that we are only using the AntiVirus/AntiSpyware component at this time and do not have the NAC, Intrusion Protection or any other component enabled.

Our problem is that our shop is 24/7 and we may not be able to reboot a PC for a week or two.  During this time is the client hobbled in any way?  The test PCs appear to be working fine without a reboot - they accept definition and policy updates and receive commands issued from the console. 


Comments 10 CommentsJump to latest comment

chris_delay's picture

Network Threat Protection isn't installed until a reboot.  You are protected from threats via the AntiVirus technology, but the firewall won't be active (or even installed) until you reboot the machine.

I'd double check one of the rebooted machines to see if NTP is installed (even though, according to your post, it shouldn't be).

Additionally, try removing the old version of SAV from the machine (via Add/Remove Programs) and install SEP "fresh" could be that the migration process can't unload the old version of SAV (or parts of it) and needs to finish after the reboot.

Cdot's picture

Thanks for the reply.

You are correct about us not using NTP - when exporting the package for deployment (we use SCCM 2007) I chose "Only Antivirus and Antispyware" as the feature set so I'm certain there are no other components installed.

Removing SAV 10.x first and then installing SEP 11 yields the same result; which appears to be a perfectly functional client.  The SEP11 tray icon is displayed and indicates proper communication to the site server (green dot), the defs update and it appears to scan just fine.  It's sounding more and more like we should be ok - i.e. Virus protection is enabled - if we wait to reboot at a later time.

chris_delay's picture

Out of curiosity, what happens if you deploy via the SEPM or via copying the setup.exe file (or the whole folder if you didn't choose to create a single executable) to the client and running it?

Ultimately...and I hope this don't come off as sound snarky as that's not my intention...if the install says "Reboot required", that's the case.  It's not reboot optional...the installer needs a reboot to finish.  We try to provide as much protection as quickly as soon after the install as possible (and it sounds like you're protected and able to manage the clients, which is great), but something but be handled at reboot.

Cdot's picture

Not snarky at all - and we'll make sure to try to time the deployment around one of our montly reboot windows.

Is there a log where this information (reason for restart) is stored?  Maybe the .msi log on the local PC?

chris_delay's picture

But you can check the MSI logs (%temp%/SEP_INST.log) to see what's there.  Truthfully, though, I suspect it's not going to be verbose in that's not going to say, for example, "reboot required to install Intrusion Prevention" or "You must reboot to finish installation of email tools" (or whatever needs the reboot).

DavidAJLockwood's picture

One place to find more information may be the PendingFileRenameOperations key in the registry. It will tell you which files are locked and require a reboot in order to be freed up.

Vikram Kumar-SAV to SEP's picture

 After any software get a prompt to restart.
Where you have a choice of restart now or later.
Since you are installing SEP silently so you are not seeing that promt.

There are a few pending file rename operation and few maintainance things that complete after a reboot.

Its not necessary that you have to reboot right after after installation.
But sometimes if you havent rebooted your system and try to install another software on that system it might cause problems.Otherwise there's no issue at all.

Its not a error or warning..its just a recommended thing.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search use it.

Rafeeq's picture

I agree !
As of now we have installed SEP MR4 for about 50 servers(20 days ago, not been rebooted) they will be rebooted during the patch window, we have installed just AV and AS, till date i have not faced any issues with the AV functionality, all are reporting, scan at configured times , things good so far, my understanding, I dont think reboot is required for SEP ( AV/AS)

But even then when we install a sofware ( upgrade from sAV) there are lot of Dlls which get replaced or changed

newer dll's can have more or less functions or a different method of accessing those functions which is needed for the installed program to work.
windows would lock this file while it is in use, preventing it from being deleted or changed untill all connections to that file have been closed, if you are upgrading from SAV you can see lot of driveers marked for delition in the device manager list.

If any other program using the particular dll SEP installation wishes to change can be closed then there is no problem. The installation routine detects the open program and either asks us to close it or automatically closes it for us. The dll can then be safely replaced and work can continue. As an example try removing ms office while internet explorer is open

so when you have upgraded the SAV to SEP system reboots

One of these first stages is to check for the existence of the previously mentioned start up file. In this file is a line for each dll that needs to be replaced. This line holds the name and location of the new dll and the name of the dll it will replace

Though its running fine, its would be good we can reboot it atleast once.

if its on Linux, i dont think reboot is ever required.

Vikram Kumar-SAV to SEP's picture you can use pending file rename operations key as suggested by David to find out the clients.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search use it.

JustinAndersen's picture

Specifically how is SEP11 setup.exe querying the PENDINGFILERENAMEOPERATIONS key?


If you uninstall SAV10 using msiexec /x GUID /qn you will notice that the SAV10 places data inside the PENDINGFILERENAMEOPERATIONS key. If you uninstall SAV10 and then run setup.exe for SEP11RU5, the installer does not prompt you that your system is in a reboot pending state.  How did uninstalling SAV10 pass the test?  

It's been posted that "Reboot pending" state is the #1 issue when deploying SEP11. I would certainly agree.