Important Note: Symantec Encryption Products are now fully automatic starting with SEE 11.3.0MP1 and PGP 10.4.2! This means that when you upgrade Windows 10 using the "Feature Update" (aka Major upgrade such as 1909 to 21H1), this is done automatically done and no further action is needed. Install Scripts are not needed.
If you are deploying Windows updates with a deployment solution, such as Altiris/IT Management Suite, these two articles will provide you the proper command to deploy Windows 10 updates on encrypted systems:
How to automatically upgrade Windows 10 systems encrypted with Symantec Endpoint Encryption 11
https://knowledge.broadcom.com/external/article/179265
How to automatically upgrade Windows 10 systems encrypted with Symantec Encryption Desktop 10.4/10.5
https://knowledge.broadcom.com/external/article/179262
Important Note: Symantec Encryption Products no longer require using upgrade scripts and and is now fully automatic. All Windows Automatic updates can be installed automatically via Windows Updates that are pulled down.
If you are deploying Windows updates with a deployment solution, such as Altiris/IT Management Suite, these two articles will provide you the proper command to deploy Windows 10 updates on encrypted systems:
How to automatically upgrade Windows 10 systems encrypted with Symantec Endpoint Encryption 11
https://knowledge.broadcom.com/external/article/179265
How to automatically upgrade Windows 10 systems encrypted with Symantec Encryption Desktop 10.4/10.5
https://knowledge.broadcom.com/external/article/179262