search cancel

Tamper Protection is blocking MSIEXEC.EXE from updating Registry keys (\SharedDefs\...)

book

Article ID: 255775

calendar_today

Updated On:

Products

Endpoint Security Complete Endpoint Protection

Issue/Introduction

When upgrading Clients running 14.3 RU4 and RU5, Tamper Protection is blocking MSIEXEC.EXE from updating SharedDefs Registry keys.

  • Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\IPSDefs
  • Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\ccSubSDK_SCD_Defs\.
  • Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\EfaVTDefs\.
  • Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\IronSettingsDefs\.

 

Cause

The problem is due to the custom action which start creating the install script is accessing registry keys prior to Tamper Protection authorization for MSIEXEC.EXE.

 

Resolution

Broadcom is currently investigating.   The article will be update when the solution has been released.

Note: The Tamper Protection detections on MSIEXEC.EXE isn't causing the migration to fail. These can be safely ignored.