Upgrade failure of Critical System Protection Agent using an install script or 3rd party tool.  

If the install is ran in silent mode, no errors are thrown in the Graphical User Interface (GUI).

 A side effect may be a blank IPS agent.ini file.

 From the SISAgentSetup.log:

Info 1603.The file C:\Program Files (x86)\Symantec\Critical System Protection\Agent\IDS\bin\SISIDSService.exe is being held in use. Close that application and retry.
MSI (s) (A8:FC) [00:04:00:795]: Product: Symantec Critical System Protection Agent. The file C:\Program Files (x86)\Symantec\Critical System Protection\Agent\IDS\bin\SISIDSService.exe is being used by the following process: Name: SISIDSService , Id 2380.

_______________________

Info 1603.The file C:\Program Files (x86)\Symantec\Critical System Protection\Agent\IDS\bin\ExcpHandler.dll is being held in use. Close that application and retry.

_______________________

Info 1603.The file C:\Program Files (x86)\Symantec\Critical System Protection\Agent\IPS\bin\sisipsutil.exe is being held in use. Close that application and retry.
MSI (s) (A8:FC) [00:04:01:981]: Product: Symantec Critical System Protection Agent. The file C:\Program Files (x86)\Symantec\Critical System Protection\Agent\IPS\bin\sisipsutil.exe is being used by the following process: Name: sisipsutil , Id 2296.

______________________

Info 1603.The file C:\Program Files (x86)\Symantec\Critical System Protection\Agent\IPS\extensions\sisipsext.dll is being held in use. Close that application and retry.

This can occur if the environment has 3rd party tools that prevent services from being stopped, or automatically restarted.  

The SCSP upgrade process stops the agent services during the install.

If a 3rd party tool restarts the SCSP services during the install, the install will fail because the files will be in use.

Often, because many these 3rd party tools run a check for stopped services every X minutes, the installation can succeed on some machines, and fail on others.

Ensure that there are no service monitoring tools running during the upgrade process.

Applies To

This behavior has been observed on various Windows platforms.  May also occur on Unix if the CSP Daemons are automatically started by a 3rd party tool.