Symantec Critical System Protection 5.2.9 prevents Symantec Endpoint Protection 12.1 RU3 from installing

book

Article ID: 158419

calendar_today

Updated On:

Products

Endpoint Protection Critical System Protection

Issue/Introduction

When Symantec Critical System Protection 5.2.9 (CSP) is installed and the Windows Core policy is applied, installation of Symantec Endpoint Protection 12.1 RU3 (SEP) may fail.

CSP will log errors similar to the following when this issue occurs:
 
Description:
Registry Write Denied for C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe on \Registry\Machine\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion
 
Process: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2808.110.105\Bin\ccSvcHst.exe
 
Registry Key: \Registry\Machine\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion

Cause

The CSP rule set is causing the SEP installation to fail.

Resolution

The following changes need to be made to the CSP rules / process sets in order to allow SEP to install:
  1. Safe Service Options [svc_safepriv_ps]
    • File Rules
      • Allow modifications to these files
        • Resource Path: \Device\Harddisk0\DR0
        • Program Path: C:\Windows\syswow64\MsiExec.exe (for 64-bit)
        • Program Path: C:\Windows\system32\MsiExec.exe (for 32-bit)
  2. Host Security Programs [hsecurity_ps]
    • Alternate Privilege Level (choose only one)
      • Check Run with Full privileges

You must make additional exceptions for Windows Server 2003 (32-bit) and Windows XP (32-bit):

Note: The default installation path displays below. If your clients have a custom installation path, use that instead.

  1. Core OS Service Options
    • Default Windows Services [def_winsvcs_ps,netsvcs_ps]
      • Advanced Options
        • Process Controls
          • Full Access Process Access Aontrols
            • Target program path: C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\*\BIN\INSTALLTEEFER.EXE
            • Program path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
  2. Core OS Service Options
    • Full service options [svc_fullpriv_ps]
      • Advanced Options
        • Process Controls
          • Full Access process access controls
            • Target program path: C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\*\BIN\CCSVCHST.EXE
            • Program path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE