You attempt to install Symantec Endpoint Protection (SEP) 14 but the installation fails and rolls back.

Examples you may see in SIS_INST.log:

ERROR I SIS      File C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3897.1101.105\SAEP\IDS\bin\IDSLWInit.exe is not trusted. Verification result: 20

ERROR I SIS      File C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3897.1101.105\SAEP\Setup\NetInstaller.exe is not trusted. Verification result: 20

Root Certificates needed by SEP Hardening installer are missing from the system.

Update root certificates on the system. To identify which certificates are missing you can enable CAPI2 logging and reproduce the installation failure.

To enable CAPI2 logging:

1. Open Event Viewer. To open Event Viewer, click Start, click Control Panel, double-click Administrative Tools, and then double-click Event Viewer.
2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
3. In the console tree, expand Event Viewer, expand Applications and Services Logs, expand Microsoft, expand Windows, and then expand CAPI2.
4. You can now perform following actions:
   1. To enable CAPI2 logging, right-click Operational, and click Enable Log.
   2. To save the log to a file, right-click Operational, and click Save Events as. You can save the log file in the .evtx format (which can be opened through the Event Viewer) or in .xml format.
   3. To disable CAPI2 logging, right-click Operational, and click Disable Log.
   4. If there is data present in the log before you reproduce the problem, it is recommended that you clear the log. This allows only the data relevant to the problem scenario to be collected from the saved log. To clear the log, right-click Operational, and click Clear Log.
   5. The default size for the event log is 1 MB. For CAPI2 Diagnostics, the log tends to grow in size quickly and it is recommended to increase the log size to at least 4 MB to capture relevant events. To increase the log size, right-click Operational, and click Properties. In the log properties, increase the maximum log size.