Endpoint Protection

 View Only

  • 1.  Restart Required will not go away

    Posted Jun 21, 2017 12:20 PM

    Migrating systems from an old SEP server to a new one.  I'm having issues with some of the Windows 10 systems.

    Background is migrating from an older 12.1 server  on 2008R2 to a new 12.1.6 RU8 on Server 2012R2.  I have a new install package assigned to the group to update the clinets to 12.1.6 RU8, and most of the clients upgrade smoothly after updating their sylink.

    Where I'm having issues is with some of the Windows 10 systems, under the restart required column, they are showing "Yes, The Application and device control component has a driver configuration change to apply".  Restarting the computer never clears this mesaage.  I have removed and re-installed with no success on these systems.

    I'm gathering more information this evening regarding exact Windows 10 version that are working and that are not working, I can't interupt users during the day at this client.

     

    Any information would be appreciated!

    Thanks,

    Brad

     



  • 2.  RE: Restart Required will not go away

    Posted Jun 21, 2017 01:03 PM

    So not all win10 clients are affected? Try running the SymDiag tool on one that is affected and one that is not to comapre results. May need to get a case open with support since this is on the latest version.



  • 3.  RE: Restart Required will not go away

    Broadcom Employee
    Posted Jun 21, 2017 01:14 PM

    Hello BStory,

    This is most likley due to the fact that the Windows 10 machines have secure boot/device guard or HVCI enabled.  If you disable those or remove applicaiton/device control that message will go away.

    SEP 12.1.x does not support secure boot/device guard or HVCI.  Support for those was added in SEP 14.

    Please see the following articles for more information.

    Release notes, new fixes, and system requirements for all versions of Endpoint Protection
    TECH163829 June 2nd, 2017 http://www.symantec.com/docs/TECH163829

    Endpoint Protection support for Windows 10 Anniversary Update, Creators Update, and Windows Server 2016
    TECH235458 June 20th, 2017 http://www.symantec.com/docs/TECH235458

     

    Thanks,

    Jon



  • 4.  RE: Restart Required will not go away

    Posted Jun 21, 2017 04:23 PM

    @BStory I believe Jon is correct, I am in the same boat exactly. With Secure Boot enabled, the necessary "Unsigned" Symantec drivers will not load during the boot process. Because those drivers are not loaded, all I can assume is that the client interprets that to mean that a reboot is required to get those drivers to load...which will never happen while Secure Boot is enabled. I see three options:

    Stay on the previous SEP 12.1 version (which does work with Secure Boot)
    Upgrade to SEP 14 MP2 (which does work with Secure Boot)
    Disable Secure Boot on all your customer machines BEFORE upgrading to MP8

    Just my .02

    -Mike