When attempting to perform a quick scan and/or full scan with the Symantec Endpoint Protection (SEP) client, the scan stops and the following error message is generated:
"Symantec AntiVirus has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."
When attempting to accomplish a manual scan, the following pop-up is displayed:
In the Windows Application Event Log, you may see one or both of the following events recorded:
This issue is caused by insufficient permissions in registry. The registry keys involved can be seen in a ProcMon log:
An example seen in ProcMon:
ACCESS DENIED on RegCreateKey for SymCorpUI.exe on registry path- HKEY_CURRENT_USER\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Custom Tasks\Temporary Quick Scan Options {FFEE7373-7E6F-4E06-9883-44C4FBF4BB47}
Note: "Temporary Quick Scan Options" will appear only when running a scan.
WARNING: The following steps require editing of the system registry. Prior to editing the registry, make a back up the registry.
Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry keys that are specified.
For assistance with backing up the registry prior to editing it, see the document "Back up the registry" (http://windows.microsoft.com/en-us/windows7/Back-up-the-registry).
Check permissions on the following registry keys:
'HKEY_CURRENT_USER\SOFTWARE\Symantec\Symantec Endpoint Protection'
'HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Custom Tasks'.
Change the permission the listed keys to the following:
Note: Make sure All the permissions above apply to "This key and subkeys" and the permissions are inherited to child registry keys by checking the option - "Replace all child objects permissions with inheritable permissions from this object"