Tamper Protection is blocking MSIEXEC.EXE from updating Registry keys (\SharedDefs\...)
search cancel

Tamper Protection is blocking MSIEXEC.EXE from updating Registry keys (\SharedDefs\...)

book

Article ID: 255775

calendar_today

Updated On:

Products

Endpoint Security Complete Endpoint Protection

Issue/Introduction

When upgrading Clients running 14.3 RU4 and RU5, Tamper Protection is blocking MSIEXEC.EXE from updating SharedDefs Registry keys.

  • Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\IPSDefs
  • Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\ccSubSDK_SCD_Defs\.
  • Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\EfaVTDefs\.
  • Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\IronSettingsDefs\.

 

Cause

The custom action that creates the install script is accessing registry keys before Tamper Protection authorizes MSIEXEC.EXE.

Resolution

The reported issue has been fixed in 14.3 RU7.  

For more information, please review the document below:

New fixes and component versions in Symantec Endpoint Protection 14.3 RU7
https://knowledge.broadcom.com/external/article/262071

Incident Description: Tamper Protection logs blocks against msiexec during SEP client upgrades

Powered by Wolken Software