When upgrading Clients running 14.3 RU4 and RU5, Tamper Protection is blocking MSIEXEC.EXE from updating SharedDefs Registry keys.
The custom action that creates the install script is accessing registry keys before Tamper Protection authorizes MSIEXEC.EXE.
The reported issue has been fixed in 14.3 RU7.
For more information, please review the document below:
New fixes and component versions in Symantec Endpoint Protection 14.3 RU7
Incident Description: Tamper Protection logs blocks against msiexec during SEP client upgrades