When Symantec Critical System Protection 5.2.9 (CSP) is installed and the Windows Core policy is applied, installation of Symantec Endpoint Protection 12.1 RU3 (SEP) may fail.

The CSP rule set is causing the SEP installation to fail.

1. Safe Service Options [svc_safepriv_ps]
   • File Rules
     • Allow modifications to these files
       • Resource Path: \Device\Harddisk0\DR0
       • Program Path: C:\Windows\syswow64\MsiExec.exe (for 64-bit)
       Program Path: C:\Windows\system32\MsiExec.exe (for 32-bit)
2. Host Security Programs [hsecurity_ps]
   • Alternate Privilege Level (choose only one)
     • Check Run with Full privileges

You must make additional exceptions for Windows Server 2003 (32-bit) and Windows XP (32-bit):

Note: The default installation path displays below. If your clients have a custom installation path, use that instead.

3. Core OS Service Options
   • Default Windows Services [def_winsvcs_ps,netsvcs_ps]
     • Advanced Options
       • Process Controls
         • Full Access Process Access Aontrols
           • Target program path: C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\*\BIN\INSTALLTEEFER.EXE
           • Program path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
4. Core OS Service Options
   • Full service options [svc_fullpriv_ps]
     • Advanced Options
       • Process Controls
         • Full Access process access controls
           • Target program path: C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\*\BIN\CCSVCHST.EXE
           • Program path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE