Windows Fall Creators Update unable to complete as detecting not compatible SEP even if it was cleanwiped
search cancel

Windows Fall Creators Update unable to complete as detecting not compatible SEP even if it was cleanwiped

book

Article ID: 170911

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Windows Fall Creators Update fails to complete because it is detecting Symantec Endpoint Protection (old incompatible version) even if it was cleanwiped or never installed.

Unable to finish update because first Symantec Endpoint Protection must be manually uninstalled.

Cause

Windows Update looks everywhere on every drive (including mapped shared drives) for indications of SEP or its installation setup files, even if it was never installed. 

Resolution

An easy way to check what files are being detected is checking the Windows upgrade logs located under: C:\$WINDOWS.~BT\Sources\Panther\   (hidden)
 
Look for a file called XXXXXXXX_APPRAISER_HumanReadable.xml
 
This is setup log in XML format.

Search the liine: 
 
 <Property Name="DT_ANY_FMC_BlockingApplication" Value="TRUE".

This is located under Property list "Decision Maker" XML-section.

Look some strings up, there should be XML-value of the "Asset" XML-property.

In "Property-List Type Inventory" section you can find the program path ("lower case long path" XML-attribute).
find all the lines containing:
<Property Name="DT_ANY_FMC_BlockingApplication" Value="TRUE"
 
Look some lines up, there should be XML-value of the "Asset" XML-property.

Under "Property-List Type Inventory" section you can find the program path ("lower case long path" XML-attribute).  This is the file preventing the update to finish.

Here an example:
<Asset>
      <PropertyList Type="Inventory">
        <Property Name="AssetType" Value="File" />
        <Property Name="BinFileVersion" Value="12.1.6608.6300" />
        <Property Name="BinaryType" Value="pe32_i386" />
        <Property Name="FileId" Value="0000399858fee05a4025fa4f4ad44e33ea6da3bb2b13" />
        <Property Name="LongPathHash" Value="smc.exe|8c12408703a7db94" />
        <Property Name="LowerCaseLongPath" Value="\\srvfiles\aplica\utils\sep12v1.6x64\program files\symantec\name\version\bin\smc.exe" />
        <Property Name="ProgramId" Value="00065c4f4ca2072ca700bc4742b0f4411d4d00000904" />
        <Property Name="Size" Value="0x00000000000453C8" />
      </PropertyList>
      <PropertyList Type="DataSource">
        <Property Name="ApplicableTargetVersion" Value="RS3" Ordinal="1" />
        <Property Name="SdbAppGuid" Value="{ed79c2a0-99e1-447f-af6e-817f64d770e9}" Ordinal="1" />
        <Property Name="SdbAppName" Value="Symantec Endpoint Protection" Ordinal="1" />
        <Property Name="SdbAppVendor" Value="Symantec" Ordinal="1" />
        <Property Name="SdbBlockOverrideType" Value="SDB_UX_BLOCKTYPE_OVERRIDE_UPGRADE_UNTIL_UPDATE_BLOCK" Ordinal="1" />
        <Property Name="SdbBlockType" Value="BlockUpgradeUntilUpdate" Ordinal="1" />
        <Property Name="SdbEntryGuid" Value="{a458669e-f09a-462c-87ac-7ef5b31adbde}" Ordinal="1" />
      </PropertyList>
      <PropertyList Type="DecisionMaker">
        <Property Name="ApplicableTargetVersion" Value="ALL" Ordinal="2" />
        <Property Name="ApplicableTargetVersion" Value="RS3" Ordinal="1" />
        <Property Name="DT_ALL_FIL_HardBlock" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_HardBlockUx" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_HasBlockOverride" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_InboxHardBlockUx" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_InboxSoftBlockUx" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_NeedsInstallPostUpgradeData" Value="TRUE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_NeedsNotifyPostUpgradeData" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_NeedsReinstallPostUpgradeData" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_NeedsReinstallPostUpgradeUxData" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_NeedsUninstallAction" Value="TRUE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_SoftBlock" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_SoftBlockUx" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_UnresolvedAvWarn" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ALL_FIL_UnresolvedReinstallWarn" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ANY_ALL_IncludeInTelemetryUnversioned" Value="FALSE" Ordinal="2" />
        <Property Name="DT_ANY_ALL_IncludeInTelemetryVersioned" Value="TRUE" Ordinal="1" />
        <Property Name="DT_ANY_FIL_BlockAlreadyInbox" Value="FALSE" Ordinal="1" />
        <Property Name="DT_ANY_FIL_BlockUpgradeUxTables" Value="TRUE" Ordinal="1" />
        <Property Name="DT_ANY_FIL_FixedByUninstall" Value="TRUE" Ordinal="1" />
        <Property Name="DT_ANY_FMC_BlockingApplication" Value="TRUE" Ordinal="1" />
 
In this particular case Windows Update found this and some other SEP executables in this folder (all installation files). So the workaround was to remove the entire folder containing the SEP installation files or temporarily remove the mapped drive.
Powered by Wolken Software