"Error 1920 (SepMasterService) failed to start" and Endpoint Protection fails to open


Article ID: 156312


Updated On:


Endpoint Protection


After installing the Symantec Endpoint Protection (SEP) client, the client will not start and there is a 1920 error listed in the Windows Event Log.


Windows Application Event Log:
Event ID :  Error 1920 (SepMasterService) failed to start



This problem may occur if one or more of the following conditions are true:

  • Log file or database corruption exists in the %Systemroot%\System32\Catroot2 folder.
  • Cryptographic Services is set to disabled.
  • Other Windows files are corrupted or missing.
  • The timestamp signature or certificate could not be verified or is malformed.
  • The hidden attribute is set for the %Windir% folder or one of its subfolders.
  • The Unsigned non-driver installation behavior Group Policy setting (Windows 2000 only) is set to Do not allow installation or Warn but allow installation, or the Policy binary value is not set to 0 in the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Non-Driver Signing
  • The Enable trusted publisher lockdown Group Policy setting is turned on, and you do not have the appropriate certificate in your Trusted Publishers certificate store.
    This Group Policy setting is located under User Configuration, under Windows Settings, under Internet Explorer Maintenance, under Security, under Authenticode Settings in the Group Policy MMC snap-in.
  • You are installing Internet Explorer 6 SP1, and the 823559 (MS03-023) security update is installed.
    For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
    828031  "The software you are installing has not passed Windows Logo testing..." error message when you try to install Internet Explorer 6 Service Pack 1
  • The software distribution folder is corrupted.
  • There is an "Image File Execution Options" Debugger value in the registry for the ccSvcHst.exe process. Such a value may have been put in place by malware to attempt to block the installation. Navigate in the registry to this key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    Delete the "ccSvcHst.exe" key if it exist. For a 64-bit machine repeat the check under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options


Review and apply the appropriate steps listed per the following Microsoft document: