Defwatch scan not running upon Microsoft OS upgrade
search cancel

Defwatch scan not running upon Microsoft OS upgrade

book

Article ID: 274732

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security Complete

Issue/Introduction

Upon upgrading the OS version, you have noticed the DefWatch scan is not running upon receiving new definitions. 

The HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion key is supposed to be a hardlink to the silo (GUID) reg key. However, after OS upgrade, very little is left under CurrentVersion.

Environment

SEP 14.3 RU5/refresh build

Win-7->Win10 21H2

Win10 -> WIn10 22H2

Win8.1->Win-10 RS7 X64

Fresh on Win-11 22H2 with Repair,Modify Operations

Win2k16 > Win2k22

Other upgrade may be affected to.

Cause

While CreateRegistryLink actions generated by script builder were correct, the code that detects OS upgrade was using hardcoded Wow6432Node key as CurrentVersion symlink target

Resolution

Upgrade to 14.3 Ru6+ 

If upgrade is not possible, get in contact with support to acquire a tool to fix the broken registry key. The tool is not a final solution and it should be use when needed.