Symantec Endpoint Protection client upgrade rolls back, leaving previous version repeatedly requesting a reboot

book

Article ID: 170053

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Upgrading Symantec Endpoint Protection (SEP) client to version 14.0 (MP1 / MP2), the upgrade process fails and rolls back, leaving previous version repeatedly requesting a reboot.

Typical error message reported in log file "SIS_INST.LOG":

ERROR I NAT Failed to start driver [SymIRON] with error 0xC000003A = {Path Not Found} The path %hs does not exist.

Cause

SEP conducts a signature check of the Windows' kernel32.dll file during the upgrade. In certain cases when there has been a change to that file (e.g. due to a Windows update), the signature check might fail, leading to SEP copying it's driver files to the wrong location. Driver startup thus will fail and upgrade will roll back. The previous SEP version may then be left in a broken state which continues to request a reboot.

 

Resolution

This issue has been resolved in SEP 14 RU1.

With SEP 14, you can automate the removal of previous client version with specific install settings, see for more details: 

About the Symantec Endpoint Protection client preinstall removal feature