Defwatch scan not running upon Microsoft OS upgrade
search cancel

Defwatch scan not running upon Microsoft OS upgrade


Article ID: 274732


Updated On:


Endpoint Protection Endpoint Security Complete


Upon upgrading the OS version, you have noticed the DefWatch scan is not running upon receiving new definitions. 

The HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion key is supposed to be a hardlink to the silo (GUID) reg key. However, after OS upgrade, very little is left under CurrentVersion.


SEP 14.3 RU5/refresh build

Win-7->Win10 21H2

Win10 -> WIn10 22H2

Win8.1->Win-10 RS7 X64

Fresh on Win-11 22H2 with Repair,Modify Operations

Win2k16 > Win2k22

Other upgrade may be affected to.


While CreateRegistryLink actions generated by script builder were correct, the code that detects OS upgrade was using hardcoded Wow6432Node key as CurrentVersion symlink target


Upgrade to 14.3 Ru6+ 

If upgrade is not possible, get in contact with support to acquire a tool to fix the broken registry key. The tool is not a final solution and it should be use when needed.