Is a restart required for an Endpoint Protection/Endpoint Security Agent Install or Upgrade
search cancel

Is a restart required for an Endpoint Protection/Endpoint Security Agent Install or Upgrade

book

Article ID: 226233

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You would like to know, when installing or upgrading the Symantec Endpoint Protection (SEP) / Symantec Endpoint Security (SES) Agent, if a reboot is required?

Environment

  • Windows Operating Systems
  • SEP/SES 14.3 RU3 and later

Resolution

The SEP/SES engineering team has been working towards rebootless upgrades of the protection client.  Starting with14.3 RU3, a restart of the operating system is only required under the following conditions:

New Installation

A restart may be required if any of the following features are included in the installation package:

  • Application Control (SES)
  • Application Hardening (SEP)
  • Application and Device Control (SEP)

Upgrade

A restart may be required if any of the below conditions are met

  • The agent is upgraded from 14.3 RU2 and earlier.
  • Application Hardening is added or removed during upgrade.
  • If any of the following software is installed:
    • Standalone Symantec Data Center Security 
    • Standalone Symantec Critical System Protection
    • Symantec Data Loss Prevention (15.5 - 15.8) (See Additional Information below)
  • Hypervisor Enforced Code Integrity (HVCI) is in use.
  • The registry key "RebootlessUpgradeBlockReason_Registry = 2" is present
  • A previous upgrade attempt failed. 

In the event you need to disable a Rebootless upgrade prior to rollout, set RebootlessUpgrade to 0 in registry path: 

HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\RebootlessUpgrade

Additional Information

In situations with DLP Endpoint Agent 15.7.00333.01033 installed, both SEP/SES and DLP utilize SymEFA so a reboot is required.  

DLP Endpoint Agent 15.8 MP2 and newer will allow SEP/SES 14.3 RU5 and newer to upgrade the client without a reboot.