Error: "...pending system changes that require a reboot" when installing or upgrading Endpoint Protection


Article ID: 178159


Updated On:


Endpoint Protection


When you install or upgrade the Symantec Endpoint Protection (SEP) client or manager you see the following error:

"Symantec Endpoint Protection has detected that there are pending system changes that require a reboot. Please reboot the system and rerun the installation."

In the SEP_Inst.log (located in %TEMP% or in %Windir%\temp) log you may see the following:



TIP: For information relating to Pending Reboot Scenarios for Symantec Endpoint Encryption, see article 200298.


The "PendingFileRenameOperations" registry entry contains information about files that Windows has marked to replace after restarting the computer.

This entry is located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\.


To resolve this error, restart the computer, which clears the information in the "PendingFileRenameOperations" registry key.

To prevent this error from occurring in the future, immediately restart the computer after you install an application or driver.

If the error persists after you restart the computer, follow these steps:


  1. Open the Windows Registry using regedit.exe.
  2. Search for the entry "PendingFileRenameOperations" in:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\KeysNotToRestore
    If you find the entry, first back up each key, and then delete the entry in each key.
  3. Search for the RebootRequired key:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
    If you find the key, first back up the key, and then remove the key.
  4. Restart the SEP installation; the install should finish without error.

For new installations, you may also need to remove the following registry key:

  • 32-bit operating systems: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec_Installer
  • 64-bit operating systems: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec_Installer


Technical information

Executable images and DLLs are memory-mapped when they are used, which makes it impossible to update core system files after Windows finishes booting. The MoveFileEx Windows API has an option to delay a file move until the next boot.

Any Service Pack or hot fix that update in-use, memory-mapped files install replacement files into a temporary location on the computer, and use MoveFileEx to replace files that are otherwise in use. MoveFileEx simply records commands in the PendingFileRenameOperations and PendingFileRenameOperations2 values under the registry key HKLM\SYSTEM\CurrentControlSet\Control\Session Manager.

These registry entries are a REG_MULTI_SZ data type, which specifies each operation in pairs of file names: the first file name is the source location, and the second is the target location. Delete operations use an empty string as their target path.

The PendingFileRenameOperations key stores the names of files that the operating system will rename when it restarts. The key consists of pairs of file names. The operating system renames the file in the first item of the pair to match the second item of the pair.

Windows adds this entry to the registry when a user or program tries to rename a file that is in use. The file names are stored in the value of this entry until you restart the computer and the operating system renames the files.