Windows Security Center reports problem with Endpoint Protection

book

Article ID: 175328

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Windows Security Center (WSC) on Windows 10 machines reports problems with Symantec Endpoint Protection (SEP)

WSC error is either "Symantec Endpoint Protection is snoozed and your device may be unprotected" or "Symantec Endpoint Protection is off and your device may be unprotected"

sepWscSvc (a Symantec SEP service) will be noted as stopped, and attempts to restart it produce an error, for example: 

C:\Windows\system32>sc start sepwscsvc
[SC] StartService FAILED 577:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Cause

This is related to the introduction of the sepWscSvc SEP service and it's dependence upon SymELAM; sepWscSvc will not start if SymELAM is disabled

Environment

Windows 10 and Windows Server 2016 with SEP 14.2 RU1

Resolution

Make sure SEP's SymELAM (Early Launch Anti-Malware) driver is installed and enabled in Virus and Spyware Protection policy.

Since sepWscSvc was first introduced, it is required that the SymELAM driver be enabled if customer is running SEP 14.2 RU1 or newer on Windows 8 and above.

As of Windows 10 v1903, it is sufficient that the SymELAM driver is installed (not necessarily enabled) for sepWscSvc to start.