Symantec Endpoint Protection 12.1 RU6 MP8's installation is blocked on Windows 10 by the Microsoft Program Compatibility Assistant with Secure Boot enabled.
Program Compatibility Assistant Message:
A digitally signed driver is required
Symantec CMC Firewall Sysplant
SyDvCtrl Device Control Driver
Windows blocked the installation of a digitally unsigned driver. Uninstall the program or device that uses the driver and check the publisher's website for a digitally signed version of the driver.
Windows 10 has additional Driver Signing and Certificate checks when the Secure Boot feature is enabled. Sysplant and SyDvCtrl both have a valid signature, but they do not meet the new requirements defined by Microsoft when Secure Boot is enabled.
Upgrade to Symantec Endpoint Protection 14 MP2 or later, which contains Full Support for Windows 10, including the Device Guard feature and its sub-components.
Device Guard is not supported by the Symantec Endpoint Protection 12.1 product line. Secure Boot is a sub-component of the Device Guard feature. See: Endpoint Protection support for Windows 10 Anniversary Update, Creators Update, and Windows Server 2016 for additional detail and requirements for using 12.1 with Windows 10 Anniversary Update and Creators Update.