Windows Security Center reports problem with Endpoint Protection
Article ID: 175328
Updated On:
Products
Issue/Introduction
Windows Security Center (WSC) on Windows 10 machines reports problems with Symantec Endpoint Protection (SEP)
WSC error is either "Symantec Endpoint Protection is snoozed and your device may be unprotected" or "Symantec Endpoint Protection is off and your device may be unprotected"
sepWscSvc (a Symantec SEP service) will be noted as stopped, and attempts to restart it produce an error, for example:
C:\Windows\system32>sc start sepwscsvc
[SC] StartService FAILED 577:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Environment
SES/SEP 14.3 RU6
Cause
This is related to the introduction of the sepWscSvc SEP service and it's dependence upon SymELAM; sepWscSvc will not start if SymELAM is disabled
Resolution
Make sure SEP's SymELAM (Early Launch Anti-Malware) driver is installed and enabled in Virus and Spyware Protection policy.
Since sepWscSvc was first introduced, it is required that the SymELAM driver be enabled if customer is running SEP 14.2 RU1 or newer on Windows 8 and above.
As of Windows 10 v1903, it is sufficient that the SymELAM driver is installed (not necessarily enabled) for sepWscSvc to start.
Note: Running Repair on the Symantec Endpoint Protection might fix the issue.
Feedback
