Program Compatibility Assistant prompts "A digitally signed driver is required" when attempting to install SEP 12.1 RU6 MP8 on Windows 10 with Secure Boot enabled

book

Article ID: 169703

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection 12.1 RU6 MP8's installation is blocked on Windows 10 by the Microsoft Program Compatibility Assistant with Secure Boot enabled.

Program Compatibility Assistant Message:

A digitally signed driver is required

Symantec CMC Firewall Sysplant
SyDvCtrl Device Control Driver

Windows blocked the installation of a digitally unsigned driver. Uninstall the program or device that uses the driver and check the publisher's website for a digitally signed version of the driver.

Cause

Windows 10 has additional Driver Signing and Certificate checks when the Secure Boot feature is enabled. Sysplant and SyDvCtrl both have a valid signature, but they do not meet the new requirements defined by Microsoft when Secure Boot is enabled.

Resolution

Upgrade to Symantec Endpoint Protection 14 MP2 or later, which contains Full Support for Windows 10, including the Device Guard feature and its sub-components.

Device Guard is not supported by the Symantec Endpoint Protection 12.1 product line. Secure Boot is a sub-component of the Device Guard feature. See: Endpoint Protection support for Windows 10 Anniversary Update, Creators Update, and Windows Server 2016 for additional detail and requirements for using 12.1 with Windows 10 Anniversary Update and Creators Update.