When doing a fresh installation of SEP/SES client version 14.3 RU3 or later on Windows OS, you do not need to restart the client if the Application Control or Application Hardening are not removed or added.

If you are upgrading the SEP/SES client version 14.3 RU3 or later on Windows, you do not need to restart the client with the following exceptions:

• You upgrade from 14.3 RU2 and earlier clients.
• You install or uninstall Application Hardening. Or you upgrade from 14.3 RU3 and earlier clients that have Application Hardening. You manage Application Hardening and the clients from the Integrated Cyber Defense Manager (ICDm) cloud console.
• The Endpoint Protection client is installed on the same computer as the following agents:
  • Standalone Symantec Data Center Security
  • Standalone Symantec Critical System Protection
  • Symantec Data Loss Prevention (15.5 - 15.8)
• A previous upgrade attempts failed. 

Windows

SEP/SES 14.3 RU3 and later

SEP/SES Development team has been working towards rebootless upgrades of the client.  We have achieved this within the product starting with SES 14.3 RU3 clients and their upgrades forward.  

In situations with DLP Endpoint Agent 15.7.00333.01033 installed, as it is sharing the SymEFA with SEP/SES, the file has a blocker in place to restrict the update without reboot first.  

DLP Endpoint Agent 15.8 MP2 and newer will allow SEP/SES 14.3 RU5 upgrade the SEP/SES client without needing a reboot.  The SEP/SES 14.3 RU5 build should remove the blocker when it detects the appropriate DLP version installed.