Symantec Endpoint Protection (SEP) client 14.3 RU5 installation fails. Following error is logged in installation log files listed in Required logs for troubleshooting failed Endpoint Protection 14.x client installations.

SEP_INST.log:

MSI (s) (B0:18) [20:19:07:706]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI2D60.tmp, Entrypoint: ShowServiceProgress
ScriptGen: ShowServiceProgress() MSIRUNMODE_SCHEDULED
ScriptGen: ShowServiceProgress() SISDEBUGATTACH=
ScriptGen: ShowServiceProgress() calling WaitForSingleObject(scriptStarted) ...
ScriptGen: ShowServiceProgress() WaitForSingleObject(scriptStarted) returned WAIT_OBJECT_0
ScriptGen: ShowServiceProgress() script execution failed.
ScriptGen: ShowServiceProgress() reset script failure event.
ScriptGen: ShowServiceProgress() is returning an error (so close to the end!)
CustomAction ShowServiceProgress returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) : Note: 1: 2265 2:  3: -2147287035 
MSI (s) : User policy value 'DisableRollback' is 0
MSI (s) : Machine policy value 'DisableRollback' is 0
Action ended 20:20:12 : InstallFinalize. Return Value 3.

SIS_INST.LOG:

2022-09-05T06:49:50.167Z ERROR I SIS      File C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.8268.5000.105\bin64\EFAInst64.exe is not trusted. Verification result: 20
2022-09-05T06:49:50.167Z ERROR I SIS         
2022-09-05T06:49:50.167Z ERROR I SIS        Dumping action parameters from the script:
2022-09-05T06:49:50.167Z ERROR I SIS          EnableCCTrace=[true]
2022-09-05T06:49:50.167Z ERROR I SIS          FilePath=["C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.8268.5000.105\bin64\EFAInst64.exe"]
2022-09-05T06:49:50.167Z ERROR I SIS          OnDefaultError=[FAIL]
2022-09-05T06:49:50.167Z ERROR I SIS          OnError0=[PASS]
2022-09-05T06:49:50.167Z ERROR I SIS          OnError1=[PASS]
2022-09-05T06:49:50.167Z ERROR I SIS          OnError3010=[PASS]
2022-09-05T06:49:50.167Z ERROR I SIS          OnError3017=[FAIL_REBOOT_AND_ROLLBACK]
2022-09-05T06:49:50.167Z ERROR I SIS          OnError606=[CATASTROPHIC_FAIL]
2022-09-05T06:49:50.167Z ERROR I SIS          Parameters=["Symantec Endpoint Protection 14.3.8268.5000" /install /forcesingleinstance /resultcodeformat sis]
2022-09-05T06:49:50.167Z INFO  I SIS        ExecuteScript() - Successfully set failure event.
2022-09-05T06:49:50.167Z INFO  I SIS    ExecuteScript() returning ACTION_FAILED_WITH_ROLLBACK

The issue is not resolved even after import "DigiCert Trusted Root G4 certificate" by following step.

1. Download the the certificate from https://cacerts.digicert.com/DigiCertTrustedRootG4.crt.
2. Double Click on the file and click on the Open button.
3. Click on the "Install Certificate" button.
4. Set the Store Location to Local Machine.
5. Click the Next button.
6. Select "Place all certificates in the following store".  
7. Click on the Browse button and select the entry: Trusted Root Certification Authorities.
8. Click on the Next and then the Finish button.

• Windows Server 2012 R2 in closed network (no internet connection)

Root Certificates are missing.

Broadcom has investigated this issue and provided the following solution:

Endpoint Protection installation fails with Error 1603. SIS_INST.log shows error ERROR I SIS File C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.8268.5000.105\bin64\ELAMInst.exe is not trusted. Verification result: 20