Symantec Endpoint Encryption 11.3.0 GA currently has a known upgrade issue in which the “WinSetupAutomation” registry value gets updated improperly post upgrade of SEE. This has critical side effects and will cause the Windows “Live Updates” feature to fail.
Once a system has been upgraded to SEE 11.3.0 (less than MP1), check the following registry key:
HKLM\SOFTWARE\Encryption Anywhere\Hard Disk and note the value of “WinSetupAutomation”. There are two ways this value gets updated improperly in the registry:
1. String Value is used, when D-WORD value should have been used.
2. The Value should be set to 1 without the # symbol.
(The value may be set to 0 if you wish to disable the Live Updates feature, but this should not generally be used and is not recommended).
The below is a screenshot of an example of the incorrect value post-upgrade:
To correct this issue, delete the “WinSetupAutomation” string value, and then create a “D-Word” value with the the Value Data of 1 as seen here:
Once this value has been corrected, reboot the system. At this point, the system can then be updated using the Windows “Live Updates” or using the setup.exe command similar to this example:
setup.exe /Auto Upgrade /DynamicUpdate disable /reflectdrivers "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files" /Postoobe "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files\setupcomplete.cmd
Alternatively, once Symantec Endpoint Encryption 11.3.0 MP1 or beyond has been installed, the value will be corrected automatically.
See article https://knowledge.broadcom.com/external/article?articleId=179265 for more details on upgrading Windows with Symantec Endpoint Encryption.