The screen goes black during the Endpoint Agent Upgrade using SCCM
search cancel

The screen goes black during the Endpoint Agent Upgrade using SCCM

book

Article ID: 245944

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Endpoint Suite

Issue/Introduction

The Endpoint Agent is installed successfully. But the uninstallation of the old agent seems to cause the screen to go black.

Explorer.exe is stopped but is unable to restart during the endpoint agent upgrade.

Windows Event viewer message: "Application 'C:\Windows\explorer.exe' (pid 9404) cannot be restarted - Application SID does not match Conductor SID.."

 

 

Environment

Release : 15.8.x

Component : Endpoint Agent

Cause

Endpoint Agent upgrade is being run as SYSTEM instead of Local Administrator

SYSTEM can do most things, but SYSTEM cannot start Explorer because Explorer starts in the user space and SYSTEM cannot impersonate the user.

Resolution

The installation of the Endpoint Agent needs to be run as a Local Administrator.

A workaround is to force a reboot afterwards so that Explorer will start properly on reboot.

Additional Information

Refer to page 69 of the Symantec_DLP_15.8_Install_Guide_Win.pdf

"If you install agents on the endpoints that run Windows 8.1/10, you must run the command prompt in Elevated Command Prompt mode." 

"If you plan to install DLP Agents running Windows 8.1 or 10, verify that Admin Security mode is set to Disabled on the administrator account. This setting allows administrators to complete tasks such as running endpoint tools and installing agents."