Getting notification email for Endpoint Protection not installed even though it is installed
search cancel

Getting notification email for Endpoint Protection not installed even though it is installed

book

Article ID: 244694

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection Manager (SEPM) has Symantec Endpoint Protection (SEP) agent installed, still getting a notification email with 'health status: poor' for SEP not installed on it.

Example notification found in 'SecurityAlertNotifyTask-0.log':

2022-06-22 03:06:06.130 THREAD 42 FINE: Add an action: type - EMAIL parameter - com.sygate.scm.server.task.notification.ActionParameter==> serialVersionUID=-637565179334270678; hasEmailAlerts=true; dbMessages=[Server Server_Name health status: poor.
Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. 
Status reported on Jun 22, 2022 3:06:04 AM.]; noTagIdx=XXXX; triggerTime=Wed Jun 22 03:06:05 CST 2022; lastTriggerTime=1970-01-01 08:00:00.0; batchFileName=; cmdMessage=<ServerHealth><Server Name='Server_Name' Health='POOR' Reason='314' StatusTime=1655838364802/></ServerHealth>; response=null; visibilityFlags=WEBUI_ENABLED <==

Cause

Missing permission on registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps'

Resolution

We can get this issue if 'semsvc.exe' cannot read the registry to detect if SEP is installed. Verify and add the permissions for this registry key as follows:

  • Right click on registry 'HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps' and click Permissions...
  • Click on 'Advanced' tab.
  • Add Read permission for 'SEPM_Server_Name\Users' and 'nt service\semsrv'

Reference screenshot:

Attachments

Powered by Wolken Software