Rebootless Symantec Endpoint Protection client install/upgrade
search cancel

Rebootless Symantec Endpoint Protection client install/upgrade


Article ID: 226233


Updated On:


Endpoint Protection


When doing a fresh installation of SEP/SES client version 14.3 RU3 or later on Windows OS, you do not need to restart the client if the Application Control or Application Hardening are not being installed.

If you are upgrading the SEP/SES client version 14.3 RU3 or later on Windows, you do not need to restart the client with the following exceptions:

  • You upgrade from 14.3 RU2 and earlier clients.
  • You install or uninstall Application Hardening. Or you upgrade from 14.3 RU3 and earlier clients that have Application Hardening. You manage Application Hardening and the clients from the Integrated Cyber Defense Manager (ICDm) cloud console.
  • The Endpoint Protection client is installed on the same computer as the following agents:
    • Standalone Symantec Data Center Security 
    • Standalone Symantec Critical System Protection
    • Symantec Data Loss Prevention (15.5 - 15.8)
  • You use Hypervisor Enforced Code Integrity (HVCI) 
  • You manually added registry key: RebootlessUpgradeBlockReason_Registry = 2
  • A previous upgrade attempt failed. 

In the event you need to disable a Rebootless upgrade prior to rollout, set RebootlessUpgrade to 0 in registry path: 
HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\RebootlessUpgrade



SEP/SES 14.3 RU3 and later


SEP/SES Development team has been working towards rebootless upgrades of the client.  We have achieved this within the product starting with SES 14.3 RU3 clients and their upgrades forward.  

Additional Information

In situations with DLP Endpoint Agent 15.7.00333.01033 installed, as it is sharing the SymEFA with SEP/SES, the file has a blocker in place to restrict the update without reboot first.  

DLP Endpoint Agent 15.8 MP2 and newer will allow SEP/SES 14.3 RU5 upgrade the SEP/SES client without needing a reboot.  The SEP/SES 14.3 RU5 build should remove the blocker when it detects the appropriate DLP version installed.