Symantec Data Loss Prevention (DLP)
Endpoint Agent

You are receiving below mentioned errors while installing DLP Endpoint Agent on endpoint machines:  




 

2016-12-02 13:59:52 | PreInstallCleanup | SEVERE | FindAndRemoveDriver(): OpenSCManager failed: Access is denied

action: DecryptFile():
'C:\Users\ADMINI~1\AppData\Local\Temp\cg.ead': failed, Error: 87
--result: The parameter is incorrect

Windows 10

This issue is caused because of OS hardening or permissions due to which Symantec DLP Endpoint Agent is unable to invoke its DLLs and access certain registry keys.

1. Download Process Monitor from https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx and then run it
2. Click on the below shown icons to disable them. You will find these icons just below the Menu Bar



3. Click on the filter icon



4. Look for any item under the Action column that says “Include”. Uncheck them if there are any



5. Select “Process Name” as the first condition, “is” as a second condition, type “msiexec.exe” as a third condition and “Include” as a last condition



6. Click “Add” and then click to save changes



7. Run Symantec DLP Endpoint Agent installer and follow it till the error is received
8. Click on File menu and click Save



9. Select below highlighted options, select Format as CSV, select the path where you would like to save your report and click Ok



10. Open the saved CSV file in a excel spreadsheet and add a filter to Result column



11. It will look something like this



12. Click on the filter, uncheck Select All, select Access Denied, and then click OK. This will filter out Access Denied results on file and registry paths due to which the issue is happening