SEP (Symantec Endpoint Protection) Host Integrity check may fail on reboot but subsequent checks will pass.
Specifically, the "Antivirus is running" check for SEP may fail during system startup, whether in the predefined antivirus requirement or custom requirement.
During system startup:
"Host Integrity check failed" in SEP security log; "Condition: Antivirus is running. Result is fail."
Subsequent HI checks will pass.
SEP 14.2 RU1 (14.2.3332 or 14.2.3335)
This seems to occur only in SEP 14.2 RU1; older versions of SEP are not affected.
See Fix ID ESCRT-1581 in New fixes and component versions in Symantec Endpoint Protection 14.2 RU1 MP1
As a workaround, a custom requirement with IF/THEN and "utility: service is running" (check if "Symantec Endpoint Protection" service is running) may fuction more reliably.