Known Windows Upgrade issue with Symantec Endpoint Encryption before 11.3.0 MP1


Article ID: 195222


Updated On:


Endpoint Encryption


Symantec Endpoint Encryption 11.3.0 GA currently has a known upgrade issue in which the “WinSetupAutomation” registry value gets updated improperly post upgrade of SEE.  This has critical side effects and will cause the Windows “Live Updates” feature to fail.


Once a system has been upgraded to SEE 11.3.0 (less than MP1), check the following registry key:

HKLM\SOFTWARE\Encryption Anywhere\Hard Disk and note the value of “WinSetupAutomation”.  There are two ways this value gets updated improperly in the registry:
1. String Value is used, when D-WORD value should have been used.
2. The Value should be set to 1 without the # symbol.

(The value may be set to 0 if you wish to disable the Live Updates feature, but this should not generally be used and is not recommended).

The below is a screenshot of an example of the incorrect value post-upgrade:




To correct this issue, delete the “WinSetupAutomation” string value, and then create a “D-Word” value with the the Value Data of 1 as seen here:


Once this value has been corrected, reboot the system.  At this point, the system can then be updated using the Windows “Live Updates” or using the setup.exe command similar to this example:

setup.exe /Auto Upgrade /DynamicUpdate disable /reflectdrivers  "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files" /Postoobe "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files\setupcomplete.cmd

Alternatively, once Symantec Endpoint Encryption 11.3.0 MP1 or beyond has been installed, the value will be corrected automatically.

Additional Information

See article for more details on upgrading Windows with Symantec Endpoint Encryption.