When upgrading Clients running 14.3 RU4 and RU5, Tamper Protection is blocking MSIEXEC.EXE from updating SharedDefs Registry keys.

• Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\IPSDefs
• Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\ccSubSDK_SCD_Defs\.
• Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\EfaVTDefs\.
• Blocked MSIEXEC.EXE while attempting to create HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{3EC50411-3F7E-4DC6-9813-D370B212BBFB}\SharedDefs\IronSettingsDefs\.

The problem is due to the custom action which start creating the install script is accessing registry keys prior to Tamper Protection authorization for MSIEXEC.EXE.

Broadcom is currently investigating.   The article will be update when the solution has been released.

Note: The Tamper Protection detections on MSIEXEC.EXE isn't causing the migration to fail. These can be safely ignored.