Issue/Introduction:
When Symantec Critical System Protection 5.2.9 (CSP) is installed and the Windows Core policy is applied, installation of Symantec Endpoint Protection 12.1 RU3 (SEP) may fail.
CSP will log errors similar to the following when this issue occurs:
Description:
Registry Write Denied for C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe on \Registry\Machine\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion
Process: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2808.110.105\Bin\ccSvcHst.exe
Registry Key: \Registry\Machine\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion
Cause:
The CSP rule set is causing the SEP installation to fail.
Resolution:
The following changes need to be made to the CSP rules / process sets in order to allow SEP to install:
- Safe Service Options [svc_safepriv_ps]
- File Rules
- Allow modifications to these files
- Resource Path: \Device\Harddisk0\DR0
- Program Path: C:\Windows\syswow64\MsiExec.exe (for 64-bit)
Program Path: C:\Windows\system32\MsiExec.exe (for 32-bit)
- Host Security Programs [hsecurity_ps]
- Alternate Privilege Level (choose only one)
- Check Run with Full privileges
You must make additional exceptions for Windows Server 2003 (32-bit) and Windows XP (32-bit):
Note: The default installation path displays below. If your clients have a custom installation path, use that instead.
- Core OS Service Options
- Default Windows Services [def_winsvcs_ps,netsvcs_ps]
- Advanced Options
- Process Controls
- Full Access Process Access Aontrols
- Target program path: C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\*\BIN\INSTALLTEEFER.EXE
- Program path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
- Core OS Service Options
- Full service options [svc_fullpriv_ps]
- Advanced Options
- Process Controls
- Full Access process access controls
- Target program path: C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\*\BIN\CCSVCHST.EXE
- Program path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE