Identifying a corrupted installation of Symantec Endpoint Protection client
search cancel

Identifying a corrupted installation of Symantec Endpoint Protection client


Article ID: 161697


Updated On:


Endpoint Protection


A single Symantec Endpoint Protection (SEP) client is not behaving as expected and symptoms do not yield an obvious known technical solution. An error indicates a missing component. A SEP client services fails to run.


The installation of almost any software could potentially suffer from some unanticipated environmental influence and cause an incomplete install or removal of that software. Uninstallation, sometimes manual or with a support provided utility, and reinstallation often resolves the unusual issue experienced.

For the Symantec Endpoint Protection client, corruption of the software may become evident in the following circumstances:

  • Installation, uninstallation or upgrade
  • Service failure
  • Definition update failure

Symantec Diagnostic Tool (SymDiag) is a Symantec support utility that provides self-help reporting that attempts to alert the user to possible problems with an installation of Symantec Endpoint Protection.  SymDiag can help to answer the following questions about a particular installation of Symantec Endpoint Protection (SEP) client:

  • Are the content definitions corrupted?
  • Are there any services behaving in an unexpected manner?
  • Is there an unexpected configuration of SEP services in the registry?
  • Is there evidence of multiple installations of SEP in the Microsoft Installer?


Running SymDiag

For more information on how to run SymDiag to help answer these questions go to:

Scan for product issues, view reports, and resolve issues with SymDiag


Corrupt Content Definitions

For more information on how to identify and resolve issues pertaining to corrupted content definitions in the SEP client go to:

Identifying a corrupted installation of Symantec Endpoint Protection client


Service Failure

For more information on how to troubleshoot a service failure in the SEP client go to:

Are Endpoint Protection drivers loaded and services running?


Other Signs of a Corrupted Installation

SymDiag performs the following tests in a self-help report (available under either 'Scan for common issues' or 'Check product install requirements') that might identify a corrupted installation of the SEP client:

  • Is the SEP client installed on the system?*
  • How many SEP client installations can be identified in the Microsoft Installer (MSI)?*
  • Does the product version as found in the registry match what is indicated in MSI?
  • Are there any indications of an incorrectly installed SEP client service including:
    • Are there registry keys or running services related to the SEP client when there is no product listed in MSI?
    • Is there a registry key for a service but no running service?
    • Is there a running service but no registry key to launch that service?

*These tests assume that SEP is installed under the standard name of "Symantec Endpoint Protection"

None of these tests are conclusive that there is a corrupted installation of the SEP client, but they may indicate a need for further investigation or they may help with troubleshooting unexpected behavior from the product.  One scenario that this report can detect is a SEP client that has been uninstalled but not rebooted.  In this scenario, the SEP client is removed from the MSI but registry values and services are still present on the system.  The solution is to simply reboot the system.


Uninstalling a Corrupted Installation

For more information about how to remove Symantec Endpoint Protection go to:

Uninstall Symantec Endpoint Protection