Symantec Endpoint Security (SES) agent deployment in hybrid environment leads to an issue with policy not being updated and  the policy updates leads to an error: Manager cannot arbitrate policies in the system log and at the same time, we can see events that indicate, the Symantec Management Client is stopped.

Symantec Endpoint Security Hybrid Environment

In SES hybrid deployment there can be a scenario where a device is switched to cloud management without a firewall policy assigned which resulted unexpected behavior from defender, leading Symantec Management Client (SMC) crashing. 

Ensure the Firewall policy is assigned the group(either enabled or disabled) with integration setting to enable defender if stopped, when migrating a client from a Hybrid environment.

The System logs indicates, events involving the following:  Manager cannot arbitrate policies & Symantec Management Client service crashes or stops on multiple intervals. 

Errors seen in the WPP Log:

ERROR : SepManagementClient : ProfileMan.cpp(653) : CProfileMan::Init : ProfileMan.Init: [=======EXCEPTION: SndException ====
Reason Code: 0, Reason:failed to add Action Group in TridentArbitrator due to the same group name]
ERROR : SepManagementClient : ProfileMan.cpp(655) : CProfileMan::Init : cannot arbitrate profiles [C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.9689.7000.105\Data\Config\Serdef.dat]

THROW_SND_EXCEPTION("failed to add Action Group in TridentArbitrator due to the same group name");